Re: EMbedder

From: Dark (darkteraku_at_yahoo.com)
Date: 09/23/03 

Date: Mon, 22 Sep 2003 17:16:15 -0700

ah... hmm... that list helps... In trojaners, it's a mix
of reboot and zap... no clue what the EMbedder was
called... I ran Norton Antivirus, and comp shut down...
XP... cost a lot... downloaded a game, as said... then,
comp screen glitched. In SImCity or many other games, the
screen changes, to match the game, but thiswas different.
Blue screen came up, said press enter, or restart
computer, so I did. Then, I ran Anivirus, and it crashed,
reaching er... 2307 files...

>-----Original Message-----
>There is NO virus, worm or Trojan called "W32". That is
a prefix based upon standards and
>means that its an infector that is based on Win32
programming. So what you posted is BS.
>
>Now rewrite this post and tell us the TRUE name of the
virus, worm or Trojan to which you
>are inferring !.
>
>The following is a set of standards that McAfee uses to
name a given infector.....
>
>~ ~ ~
>PREFIX
>
>The prefix designates the type of file that the
>virus infects or the platform on which
>potentially harmful software can run. Viruses
>that infect DOS executables do not receive a
>prefix. Our naming convention includes the
>following prefixes:
>
> A97M/ Macro virus that infects Microsoft
> Access 97 files.
>
> APM/ Macro virus or Trojan-horse program
> that infects Ami Pro document and
> template files.
>
> Bat/ Batch-file virus or Trojan-horse
> program. These viruses usually run
> as batch or script files that
> affect a particular program that
> interprets the script or batch
> commands they include. They are
> very portable and can affect nearly
> any platform that can run batch or
> script files. The files themselves
> often have a BAT extension.
>
> CSC/ Corel Script virus or Trojan-horse
> program that infects Corel Draw
> document files, template files, and
> scripts.
>
> IRC/ Internet Relay Chat script virus.
> This virus type can use early
> versions of the mIRC client
> software to distribute a virus or
> payload.
>
> JS/ Script virus or Trojan-horse
> program written in JavaScript
> language.
>
> JV/ Potentially harmful Java
> application or applet.
>
> Linux/ Virus or Trojan-horse program
> compiled for Linux OS in ELF file
> format.
>
> LWP/ Potentially harmful software for
> Lotus WordPro.
>
> MacHC/ Virus or Trojan-horse program for
> Apple Macintosh HyperCard scripting
> language.
>
> MacOS/ Virus or Trojan-horse program for
> Apple Macintosh OS Versions 6-9.
>
> MSIL/ Application written using Microsoft
> Intermediate Language framework,
> also known as .NET.
>
> P98M/ Macro virus or Trojan-horse program
> that infects Microsoft Project
> documents and templates.
>
> PalmOS/ Virus or Trojan-horse program for a
> Palm Pilot.
>
> PDF/ File-infector of Adobe PDF files.
>
> Perl/ Script virus or Trojan-horse
> program written in Perl language.
>
> PHP/ Script virus or Trojan-horse
> program written in PHP language.
>
> PP97M/ Macro virus. Infects Microsoft
> PowerPoint 97 files.
>
> SunOS/ Potentially harmful software for
> Sun Solaris.
>
> SWF/ Potentially harmful software for
> Shockwave.
>
> Unix/ Program or a shell script for a
> version of UNIX.
>
> V5M/ Macro or script virus, or
> Trojan-horse program that infects
> Visio VBA (Visual Basic for
> Applications) macros or scripts.
>
> VBS/ Script virus or Trojan-horse
> program written in Visual Basic
> Script language.
>
> W16/ File-infector virus that runs in
> 16-bit Microsoft Windows
> environments (Windows 3.1x).
>
> W2K/ Potentially harmful software for
> 32-bit Microsoft Windows
> environments, specifically Windows
> NT, 2000 or XP.
>
> W32/ File-infector or boot-sector virus
> that runs in 32-bit Microsoft
> Windows environments (Windows 95,
> Windows 98 or Windows NT).
>
> W95/ File-infector virus that runs in
> Microsoft Windows 95, Windows 98
> and Windows ME environments.
>
> W97M/ Macro virus that infects Microsoft
> Word 97 files.
>
> WHLP/ Potentially harmful software for
> 32-bit Microsoft Windows
> environments that targets Windows
> HLP files.
>
> WM/ Macro virus that infects Microsoft
> Word 95 files.
>
> X97M/ Macro virus that infects Microsoft
> Excel 97 files.
>
> XF/ Macro virus that infects Microsoft
> Excel 95 or 97 via Excel formulas.
>
> XM/ Macro virus that infects Microsoft
> Excel 95 files.
>
>
>PREFIX FOR TROJAN-HORSE CLASSES
>
>A name such as "BackDoor-" denotes potentially
>harmful software that belongs to a class of
>similar Trojan-horse programs. The class name
>is followed by extra characters to denote a
>family (such as BackDoor-JZ) or a name (such as
>BackDoor-Sub7).
>
> AdClicker-
> Repeatedly accesses web sites that
> are funded by advertising.
>
> Adware- Installs advertising software but
> does not ask permission.
>
> BackDoor-
> Provides remote access or control
> through the Internet or network.
>
> Dialer- Dials a phone number without asking
> for permission.
>
> DDoS- Operates as a Distributed Denial of
> Service component.
>
> Del- Deletes files.
>
> Downloader-
> Downloads software from the
> Internet, usually to deliver
> backdoors, password stealers, and
> sometimes viruses.
>
> Exploit- Uses a vulnerability or a software
> defect.
>
> FDoS- Denotes a Flooding Denial of
> Service component.
>
> KeyLog- Logs keystrokes for immediate or
> future transmission to the
> attacker.
>
> Kit- Denotes a program designed for
> creating a virus or Trojan-horse
> program.
>
> MultiDropper-
> Drops several Trojan-horse program
> or viruses (often several different
> 'backdoors').
>
> Nuke- Uses defects in software on a
> remote computer to bring it down.
>
> ProcKill-
> Terminates the processes of
> anti-virus and security products.
> May also delete files associated
> with such applications.
>
> PWS- Steals a password.
>
> Reboot- Reboots the computer.
>
> Reg- Modifies the Registry in an
> undesirable fashion without asking
> questions. For example, reduces the
> security settings or creates
> abnormal associations or sets.
>
> Spam- Acts as a spamming tool.
>
> Spyware- Monitors browsing habits or other
> behavior and sends the information
> out, often for unsolicited
> advertising.
>
> Uploader-Sends files or other data from the
> computer.
>
> Vtool- Denotes a program used by virus
> writers or hackers for developing
> software.
>
> Zap- Wipes all or part of a hard disk.
>
>
>INFIX
>
>These designations usually appear in the middle
>of a virus name. AVERT assigns these
>designations, which differ from industry
>conventions.
>
> .cmp. Companion file that the virus adds
> to an existing executable file. Our
> anti-virus software deletes the
> companion file to prevent later
> infections.
>
> .mp. Legacy multi-partite virus for
> DOS.
>
> .ow. Overwriting virus. This identifies
> a virus that overwrites data in a
> file, thereby irreparably
> corrupting it. This file must be
> deleted.
>
>
>SUFFIX
>
>These designations usually appear as the last
>part of a virus name. A virus name can have
>more than one suffix. One might designate a
>variant, for example, while others give
>additional information.
>
> @M Slow mailer. This virus uses an
> e-mail system to spread. It usually
> replies to an incoming message
> once, or attaches itself to an
> outgoing message, or sends to just
> one e-mail address.
>
> @MM Mass mailing distribution. This
> virus might use standard techniques
> to propagate itself, but also uses
> an e-mail system to spread.
>
> .a - .zzz Virus variants.
>
>
>In accordance with the CARO (Computer
>Anti-virus Research Organization) naming
>convention, the vendor-specific suffices can be
>preceded by a "!" character. Our software uses
>the following suffices:
>
>
> apd Appended virus. A virus that
> appends its code to the file it
> infects, but fails to provide for
> correct replication.
>
> bat Software component in BAT
> language.
>
> cav Cavity virus. This designates a
> virus that copies itself into
> "cavities" (for example, areas of
> all zeroes) in a program file.
>
> cfg Configuration component of an
> Internet Trojan-horse program
> (frequently of a 'BackDoor-').
>
> cli Client-side component of an
> Internet Trojan-horse program
> (frequently of a 'BackDoor-').
>
> dam Damaged file. A file that is
> damaged or corrupted by an
> infection.
>
> demo Program that demonstrates
> potentially harmful action, such as
> an example of how an exploit
> works.
>
> dr Dropper file. This file introduces
> the virus into the host program.
>
> gen Generic detection. Native routines
> in our software detect this virus
> without using specific code
> strings.
>
> ini An mIRC or pIRCH script when it is
> a component of another virus.
>
> intd "Intended" virus. This virus has
> most of the usual virus
> characteristics but cannot
> replicate correctly.
>
> irc IRC component of potentially
> harmful software.
>
> js Potentially harmful software
> component in JavaScript.
>
> kit Virus or Trojan-horse program
> created from a 'virus construction
> kit'.
>
> p2p Potentially harmful software that
> uses peer-to-peer communication to
> function. For example, Gnutella and
> Kazaa.
>
> sfx Self-extracting installation
> utility for Trojan-horse programs.
>
> src Viral source code. This ordinarily
> cannot replicate or infect files,
> but some virus droppers add this to
> files as part of the infection
> cycle. Our products routinely flag
> files with additional code of this
> sort for deletion.
>
> sub Substitution virus. It substitutes
> the host file with itself, so that
> all infected hosts are of the same
> size and are a pure virus. (That
> is, a subclass of overwriting
> viruses.)
>
> svr Server-side component of an
> Internet Trojan-horse program,
> often of a 'backdoor'.
>
> vbs Potentially harmful software
> component written in Visual Basic
> Script language.
>
> worm A non-parasitic virus that copies
> itself, or a virus that propagates
> through a network by copying to
> remote computers or by sending
> itself out via any means of file
> transmission such as remote shares,
> peer-to-peer, instant messaging,
> IRC file transfers, FTP, and SMTP.
>
>~ ~ ~
>Dave
>
>"Dark" <darkteraku@yahoo.com> wrote in message
>news:143f01c38163$334f3440$a001280a@phx.gbl...
>| There's a new virus, that makes the W32 look like
>| nothing... called the EMbedder, and my last computer got
>| it. Someone designed this virus really well, becuase if
>| you tamper with it in any way, your computer will crash.
>| You can't even run disk defrag or Norton Antivirus. The
>| second it's been touched, your comp shuts down. Then,
you
>| lose everything when you restart. Don't download any
games
>| from [Mega .Doc]
>
>
>.
>

Relevant Pages