计算机病毒是编制者或者在计算机程序中插入的破坏计算机功能或者破坏数据,影响计算机使用并且能够自我复制的一组计算机指令或者程序代码被称为计算机病毒(Computer Virus)。具有破坏性,复制性和传染性。 常见的种类有:
系统病毒
系统病毒的前缀为:Win32、PE、Win95、W32、W95等。这些病毒的一般共有的特性是可以感染windows操作系统的 *.exe 和 *.dll 文件,并通过这些文件进行传播。如CIH病毒。
蠕虫病毒
蠕虫病毒的前缀是:Worm。这种病毒的共有特性是通过网络或者系统漏洞进行传播,很大部分的蠕虫病毒都有向外发送带毒邮件,阻塞网络的特性。比如冲击波(阻塞网络),小邮差(发带毒邮件) 等。
木马病毒、黑客病毒
木马病毒其前缀是:Trojan,黑客病毒前缀名一般为 Hack。木马病毒的共有特性是通过网络或者系统漏洞进入用户的系统并隐藏,然后向外界泄露用户的信息。而黑客病毒则有一个可视的界面,能对用户的电脑进行远程控制。木马、黑客病毒往往是成对出现的,即木马病毒负责侵入用户的电脑,而黑客病毒则会通过该木马病毒来进行控制。现在这两种类型都越来越趋向于整合了。一般的木马如QQ消息尾巴木马 Trojan.QQ3344 ,还有大家可能遇见比较多的针对网络游戏的木马病毒如 Trojan.LMir.PSW.60。这里补充一点,病毒名中有PSW或者什么PWD之类的一般都表示这个病毒有盗取密码的功能(这些字母一般都为“密码”的英文“password”的缩写)一些黑客程序如:网络枭雄(Hack.Nether.Client)等。
脚本病毒
脚本病毒的前缀是:Script。脚本病毒的共有特性是使用脚本语言编写,通过网页进行的传播的病毒,如红色代码(Script.Redlof)。脚本病毒还会有如下前缀:VBS、JS(表明是何种脚本编写的),如欢乐时光(VBS.Happytime)、十四日(Js.Fortnight.c.s)等。
宏病毒
其实宏病毒是也是脚本病毒的一种,由于它的特殊性,因此在这里单独算成一类。宏病毒的前缀是:Macro,第二前缀是:Word、Word97、Excel、Excel97(也许还有别的)其中之一。凡是只感染WORD97及以前版本WORD文档的病毒采用Word97作为第二前缀,格式是:Macro.Word97;凡是只感染WORD97以后版本WORD文档的病毒采用Word做为第二前缀,格式是:Macro.Word;凡是只感染EXCEL97及以前版本EXCEL文档的病毒采用Excel97做为第二前缀,格式是:Macro.Excel97;凡是只感染EXCEL97以后版本EXCEL文档的病毒采用Excel做为第二前缀,格式是:Macro.Excel,以此类推。该类病毒的共有特性是能感染OFFICE系列文档,然后通过OFFICE通用模板进行传播,如:著名的美丽莎(Macro.Melissa)。
后门病毒
后门病毒的前缀是:Backdoor。该类病毒的共有特性是通过网络传播,给系统开后门,给用户电脑带来安全隐患。
病毒种植程序病毒
这类病毒的共有特性是运行时会从体内释放出一个或几个新的病毒到系统目录下,由释放出来的新病毒产生破坏。如:冰河播种者(Dropper.BingHe2.2C)、MSN射手(Dropper.Worm.Smibag)等。
破坏性程序病毒
破坏性程序病毒的前缀是:Harm。这类病毒的共有特性是本身具有好看的图标来诱惑用户点击,当用户点击这类病毒时,病毒便会直接对用户计算机产生破坏。如:格式化C盘(Harm.formatC.f)、杀手命令(Harm.Command.Killer)等。
玩笑病毒
玩笑病毒的前缀是:Joke。也称恶作剧病毒。这类病毒的共有特性是本身具有好看的图标来诱惑用户点击,当用户点击这类病毒时,病毒会做出各种破坏操作来吓唬用户,其实病毒并没有对用户电脑进行任何破坏。如:女鬼(Joke.Girl ghost)病毒。
捆绑机病毒
捆绑机病毒的前缀是:Binder。这类病毒的共有特性是病毒作者会使用特定的捆绑程序将病毒与一些应用程序如QQ、IE捆绑起来,表面上看是一个正常的文件,当用户运行这些捆绑病毒时,会表面上运行这些应用程序,然后隐藏运行捆绑在一起的病毒,从而给用户造成危害。如:捆绑QQ(Binder.QQPass.QQBin)、系统杀手(Binder.killsys)等。
楼主可以根据需要翻译成英文。
灰鸽子 病毒
Gray is a well-known dove back door. Compared to the older ice, black, gray pigeon can be said to be the back door of the home are a combination of different opinions. The rich and powerful functionality and flexibility of operation, well hidden so that others are to be outshone by the back door. Client simple and convenient to operate so that the entry of just a beginner can act as hackers. When used in legal cases, the gray pigeon is a good remote control software. However, if some of it to do illegal things, gray pigeons have become very powerful hacking tool. This is like powder, on various occasions, brought different. Gray dove to the complete presentation may be only a gray pigeon author to make it clear that we are here only for a brief.
Gray Pigeon client and server are based on the preparation of Delphi. Hackers use of the client to configure a server program. Can be configured to include information on the type of line (for example, wait for the connection or take the initiative to connect), take the initiative to connect using the public network IP (domain name), a password to connect, the use of the port, the start of the name, the name of the service, the process of hidden ways, the use of the Shell, agents, icons and so on.
Server for the client to connect a variety of ways, making the environment in a variety of network users may be poisoning, including local area network users (Internet through a proxy), the public network and ADSL users to dial-up users.
As the gray dove to intercept the API call, in the normal mode file server and its services are registered to hide, that is to say, even if you set up a "show all hidden files" do not see them. In addition, the gray-end services doves of the file name can be customized, hand-All this has brought about the detection of certain difficulties.
However, through careful observation, we found that the detection of gray pigeons still have to follow the law. From the above analysis we can see that principle to run, regardless of the custom server-side file name is what will normally be installed in the operating system directory in order to generate a "_hook.dll" at the end of the document. Through this, we can more accurately detect the hand-gray-end services doves.
Due to the normal mode will hide their gray pigeons, so detection of gray pigeons must operate in a safe mode. Into the safe mode is: Start the computer in the Windows system into the start screen, press the F8 key (or in your computer holding down the Ctrl key), in the event of the start-up options menu, select "Safe Mode" Or "Safe Mode."
1, dove gray as a result of the document itself has hidden attributes, so set Windows to show all files. Open "My Computer" menu, select "Tools" - "" Folder Options ", click" view "to remove" hide protected operating system files "before the Duigou, and the" hidden files and folders " Select the item "Show hidden files and folders," then click "OK."
2, open the Windows "search files", enter the file name "_hook.dll", the search location to choose the Windows installation directory (for 98/xp default C: \ windows, 2k/NT for the C: \ Winnt).
3, after a search, we have Windows directory (does not contain a subdirectory), the discovery of a document Game_Hook.dll.
4, according to the analysis of the principle of gray pigeons, we know that if it is gray pigeons Game_Hook.DLL documents, the operating system is installed in the directory will be Game.exe and Game.dll document. Open the Windows directory, there are really two documents at the same time there is a record for keyboard operation GameKey.dll document.
After a few steps which we operate on the basic of these documents can be gray-end services doves of the.
你可以先写出中文的来,再翻译下即可。
内容全部来源于网络收集,如有侵权,请联系网站删除:QQ号:24596024