Virus Names

A virus’ name is generally assigned by the first researcher to encounter the beast. The problem is that multiple researchers may encounter a new virus in parallel which often results in multiple names.

What’s in a name? When it comes to viruses it’s a matter of identification to the general public. An anti-virus program does not really need the name of a virus as it identifies it by its characteristics. But, while giving a virus a name helps the public at large it also serves to confuse them since the names given to a particular beast can differ from anti-virus maker to anti-virus maker.

How? Why? Much as they would like to, the virus writers do not get to name their beasts. Some have tried by putting obvious text into the virus but most of the anti-virus companies tend to ignore such text (mostly to spite the virus writers :-) ). And, any virus writer that insists on a particular name has to identify themselves in the process–something they usually don’t want to do. So, the anti-virus companies control the virus naming process. But, that leads to the naming problem.

Viruses come into various anti-virus companies around the world at various times and by various means. Each company analyzes the virus and assigns a name to it for tracking purposes. While there is cooperation between companies when new viruses are identified, that cooperation often takes a back seat to getting a product update out the door so the anti-virus company’s customers are protected. This delay allows alternate names to enter the market. Over time these are often standardized or, at least, cross-referenced in listings; but that does not help when the beast makes its first appearance.

This problem/confusion will continue. One practical and well documented example of how it affects a real-world virus listing can be seen at the WildList site on the page…

http://www.wildlist.org/naming.htmWeb Link

One attempt at bringing some order to the naming problem is Ian Whalley’s VGrepWeb Link [registration required to view page]. VGrep attempts to collect all of the various virus names and then correlates them into a single searchable list. While useful, there is, again, the lag time necessary to collect and correlate the data.

So, get used to viruses having different names. As Shakespeare said…

What’s in a name? That which we call a rose
By any other name would smell as sweet…

Another attempt is the database at VirusPoolWeb Link which “…tries to put information from all known infections and antivirus creators into one place so you can compare names and results.” I wish them the best of luck.

A new site to try to correlate malware names: CME – Common Malware EnumerationWeb Link. CME provides single, common identifiers to new virus threats to reduce public confusion during malware outbreaks. CME is not an attempt to solve the challenges involved with naming schemes for viruses and other forms of malware, but instead aims to facilitate the adoption of a shared, neutral indexing capability for malware.

Finally, some vendors have largely given up with naming specific malware and resorting to generic names for the type of malware (e.g., Troj/Agent). The malware is being generated faster than the naming system can reasonably keep up. Look for this to probably continue. Of course, this will then mean changes to the specific methods of disinfection as you would no longer be able to download a specific disinfector for a named beast. Time will tell how this develops.

Summary

  • Virus naming is a function of the anti-virus companies. This results in different names for new viruses.
  • Different names can cause confusion for the public but not anti-virus software which looks at the virus, not its “name.”
  • There are different sites that attempt to correlate the various virus names for you.
Up Arrow Introduction to Viruses Up Arrow
Prior Page Next Page
Number of Viruses How Serious are Viruses?

Comments from Original Post:

Simon
Said this on 2009-06-22 At 10:15 am
I am trying to acertain if a yann chit tal is a virus? It has attached itself as the file name to all music & picture files.
#2
DaBoss
Said this on 2009-06-22 At 11:40 am
In reply to #1
The best way to find out would be to scan the system with anti-virus software. A Google search on the term brings up the name of a Myanmar love song and one entry that would indicate that behavior is related to a virus.

Do the search and scan the system.
#3
simon
Said this on 2009-06-22 At 03:46 pm
In reply to #2
Thanks

I havn’t picked it up with any anti virus software – I suppose I will just have to keep working at it.

Thanks again
#4
Simon
Said this on 2009-06-23 At 06:05 am
In reply to #2
What was the name of the anti-virus software you mentioned
#6
DaBoss
Said this on 2009-06-23 At 04:12 pm
In reply to #4
I did not mention one. The thread Google brings up is here…

http://myanmaritpros.com/forum/topic/show?id=1445004%3ATopic%3A106986

#35
Md.Shahadat Hossain Arnob
Said this on 2010-06-03 At 09:01 am
In reply to #6
Thanks Thanks Thanks
#29
Adri Nortier
Said this on 2010-03-18 At 02:00 pm
In reply to #1
I have the same problem as Simon. It has attached itself as the file name to all my picture files. Also trying to find out if this is a virus
#37
mika09
Said this on 2010-07-28 At 01:33 pm
In reply to #1
hi all.I have seen that your big problem is that you do not poses a strong antivirus and you are under threats all the time.My advice is to pick up from top ten best antiviruses http://www.best-antivirus.co/ one at your choice
have a good day
#5
Simon
Said this on 2009-06-23 At 02:51 pm
what antivirus do you recomend? Please I am getting desperate !!!!!!
#7
DaBoss
Said this on 2009-06-23 At 04:15 pm
In reply to #5
I don’t recommend any specific AV programs. See the AV page in the tutorial for a listing of many you can choose from (take the Miscellaneous Pages link in the left side menu).

And, comments in this thread have drifted way beyond the page purpose so further along these lines will not be allowed. Please keep topics in comments to the topic of the page itself. Thank you.
#8
Simon
Said this on 2009-06-24 At 10:35 pm
In reply to #7
Thank you. Sorry if I went out the the scope I am relitavely new to this virus stuff.

#12
Riley nksd
Said this on 2009-10-21 At 01:08 pm
My school network has gotten a virus on it that makes nobody able to log on to the system. I have found a file, and it is our suspect. The file is in the hard disk, and is called, “c6d1daf905ed4e401b3f15500″. If you have any imformation please comment fast, because it started in one room yesterday, and has already spread throughout the district.
#13
DaBoss
Said this on 2009-10-21 At 05:17 pm
In reply to #12
Viruses should be removed using anti-virus software. Google brings up nothing on that file name and many programs, including Windows itself, will make up temporary file names of that sort for one-time use. The name will vary from use to use as it’s designed to be of a form unlikely to conflict with a “useful” file on the system(s). You can submit the file to one of several services that will scan it for you and determine if it is a known beast. The Anti-Virus Software page in the Miscellaneous pages section of this tutorial will give you links to those sites. CKnow does not keep up with the very latest beasts as they multiply far too fast for one person to keep track of them. Anti-virus vendors are your best source of such information.
#26
error123
Said this on 2010-03-07 At 08:42 pm
In reply to #12
i have a file in my hard disk that is like this idk if its a virus
“464461353494b9a527e345fd74e0f0″
#27
DaBoss
Said this on 2010-03-07 At 09:59 pm
In reply to #26
Impossible to say. Viruses generally don’t have specific “magic numbers” (the starting characters). Use a virus scanner to find out. Online scanners where you can submit the file for scanning are on the tutorial anti-virus software page…

http://www.cknow.com/cms/vtutor/anti-virus-software.html

#14
angella
Said this on 2009-12-25 At 06:31 pm
I think this virus came through the SKYPE because my skype goes jumpy & all sorts will come up & the screens of others will appear & then it has some stuoid stuff all in mumbo-jumbo web sites to look at or download which is all ove the “send” column at the bottom of chat area & i just delete & shut each screen off & now the SKYPE ECHO sound testing will pop up ,, with others too.

i have see this on the screen its says “WORM” ,,, WORM/conficker.AW ,,, also the entire thing that appears is this ,, C:\DocumentandSettings\networkservice\localsettings\…\2smh[1].png

Please tell me how do I get rid of this?? Thank You
#15
DaBoss
Said this on 2009-12-25 At 09:32 pm
In reply to #14
CKnow is not about giving personal support. But, if you actually have the Conficker worm congratulations; you are among millions of others that have gotten it since it’s been out over a year now (since Nov 2008). You don’t get it via SKYPE; you get it because you have not yet applied the Microsoft MS08-67 patch which closes the hole that Conficker worms its way in through. Anyhow, you need to use one of the many removal tools. See one of these (listed in no particular order)…

http://www.sophos.com/products/free-tools/conficker-removal-tool.html

http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm

http://support.microsoft.com/kb/962007

…or visit your anti-virus company’s website as they also likely have a removal tool. Then, by all means, after you remove the beast apply all the Microsoft security patches to your computer. They are important.

Good luck.

#16
trece
Said this on 2009-12-27 At 02:57 pm
I am told I have a virus that is attahced to Internet Security 2010. I am unable to download any information including virus removal programs. how can I get rid of the virus, I get the message Trojan SPM/LX.

Please help
#17
DaBoss
Said this on 2009-12-27 At 03:09 pm
In reply to #16
As mentioned CKnow does NOT do personal support. A Google search brings up in no particular order…

http://www.geekstogo.com/forum/Trojanspm-lx-t252863.html

http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=76385

http://community.mcafee.com/thread/7180

#40
gail
Said this on 2010-09-14 At 04:21 pm
In reply to #16
im getting the same messages only mine said secure something and wont go to anything i cant log on to nothing say secure connection i dont know what that means
Elliot
Said this on 2011-02-01 At 03:35 pm
In reply to #40
Hey umm gail if you cant connect to a secure connection then i advise use a proxy.

It isn’t the best way but i suggest you go to rubyfat . com and go to google.
once your on google download Malware Bytes free version.
do a quick scan it will pic it up and delete it :)

[I have lightly edited the post to remove any possible links to rubyfat as the site seems to have nothing to do with this topic. As to Malwarebytes, just go directly to their site (use malwarebytes.org); there is no need to search for it. –DaBoss]

#19
israel okereke
Said this on 2010-02-02 At 04:54 am
i want to know more about computer viruses and antiviruses. how there can be detected and remove. the evolution of virus and thier names.
#20
DaBoss
Said this on 2010-02-02 At 12:22 pm
In reply to #19
See here…The Art of Computer Virus Research and Defense

#21
Mark Fisher
Said this on 2010-02-05 At 11:09 pm
I have a couple internet viruses that won’t let me use my computer. One of them is BankerFox.A . What do i do to remove them?
#22
DaBoss
Said this on 2010-02-05 At 11:13 pm
In reply to #21
A Google search brings up instructions here…

http://www.spywarevoid.com/remove-bankerfoxa-pop-up-bankerfox-trojan-removal.html

Note that BankerFox.A is associated with fake anti-virus software so you may have other problems too. Please consult an anti-virus site for help with specific malware. CKnow cannot give personal support.

#23
DRANREB
Said this on 2010-02-09 At 07:28 pm
I am told I have a virus that is attahced to Internet Security 2010. I am unable to download any information including virus removal programs. how can I get rid of the virus, I get the message Trojan SPM/LX.

Please help
#24
DaBoss
Said this on 2010-02-09 At 11:13 pm
In reply to #23
Google is your friend…

http://community.mcafee.com/thread/7180

http://answers.yahoo.com/question/index?qid=20090523103340AAUQB1m

http://community.norton.com/t5/Norton-Internet-Security-Norton/TrojanSPM-LX-Please-help/m-p/152383

#25
elainehuxley
Said this on 2010-02-10 At 07:14 pm
First I used to search for the related solution for viruses, worms, and Trojans for hour and after that also it is not guarantee that I will get the perfect solution but now I have a site which provides the complete information related to the problem of networking and security.

http://forums.techarena.in/networking-security/

I will suggest you to visit this site one for getting the perfect solution for all your networking or virus problems.
[This appears to be a user forum. As with all things where users give advice to other users, make a good backup of any critical data files you have before trying anything suggested. –DaBoss]

#30
Scot.C.
Said this on 2010-04-14 At 07:41 am
Lol im in school tryin 2 find out about viruses and names and how to stop them coz the teachers bein a twat and i hate her!!!!!
[Grow up. –DaBoss]

#31
Prince
Said this on 2010-05-01 At 12:49 pm
my pc is infected by ctfmon, wscntfy,blastcln & spoolsv how can i remove these viruses from my system these viruses are recovering again & again plz tell me the solution plz plz someone help me
#32
DaBoss
Said this on 2010-05-01 At 12:54 pm
In reply to #31
Please check with an anti-virus software site. They are the experts on specific viruses. Assume that since you know the names that you use anti-virus software so please ask their support for help. CKnow cannot help with specific beasts.

#36
harshit upadhyay
Said this on 2010-06-24 At 06:13 am
sir’
iam a student and sir i have to make a project on computer viruses So sir iwant to get some information about it plz sir send ithe information obout it to my email id as soon as possible
thanking you sir,

[The tutorial is here on the website. Read it here please. –DaBoss]

#39
DESTINY
Said this on 2010-09-09 At 11:36 am
I Want To Know How This Virus Came Into The World

[“This” being? –DaBoss]

#43
security suite
Said this on 2010-11-29 At 08:06 am
www.antivirus-review.org/: Security suite, Virus scanner and Antivirus software reviews and comparison. Despite security improvements of operating systems the internet is not becoming a safer place. Compared to a simple Antivirus, an Internet Security Suite offers comprehensive security protection for your computer.

[(Edited to delete an active link which is not allowed in comments.) Much of what we used to call “anti-virus” software now comes as a suite. –DaBoss]

#47
Robert Freeman
Said this on 2011-03-21 At 01:52 pm
to me as long as i have been on computers i allways back up my computer and all of my programs to a disk untill they came out with the exsternal harddrives witch if i was everybody i would buy to back everything up on incase you have a problem such as viruses and even a crash 2 i would get me a restore disk of the windows that you are running and then just reinstall the opperating system then your computer will be like new again and then just reinstall your programs and be more carefull the next time when on the internet

#50
mohamad
Said this on 2011-04-19 At 11:10 am
hi im iranian and my final lecture is a particle of computer virus i need 10 name of new viruse that infected computers in years 208-210 thank for your help and sorry if i dont well write english

[Go to any anti-virus site and you’ll find lists upon lists of specific viruses that have recently infected computers. CKnow does not maintain any such lists as it’s too time-consuming for little benefit (and besides which, I’m basically retired). –DaBoss]

#51
yegeta from computer parts
Said this on 2011-06-05 At 03:09 pm
I think if we do want to have virus free computer, it won’t help much to know the name of a virus unless we install anti-virus program. Most anti-virus programs detect viruses, worms, trojans and other malicious codes. So, using the right AV program and updating its definition will keep a computer from virus.

And all of the viruses are grouped into the following major types:-
– virus
– Trojans
– worms
– spyware
– keylogger

#52
Melissa Fourt
Said this on 2011-09-14 At 10:49 pm
Since I started college and have been taking a computer class, I am starting to understand viruses and trojan horse, ste.. better then ever before. Before I would refuse to use the computer. Was afraid I would get a virus, no matter whatI did. Thank you for all of the great information.

#53
alvinezirim
Said this on 2011-10-05 At 09:57 am
are people meant to be afraid of virus,why

[Afraid? No. Cautious. Certainly. –DaBoss]

#54
Sam
Said this on 2012-01-06 At 02:43 am
whenever im opening my yahoo mail new version, im getting the additional tab as like as lady.dolly951 has been messaged you.
I checked with various computers, but it shows the same tab. If i close the tab its showing message do u want to close the conversation with lady.dolly951.

Kindly give me the solution for the same.

Thx and Regs
Sama

[Sorry, don’t use Yahoo! mail. No idea. –DaBoss]