1. /
  2. Security Response/
  3. Virus Naming

Risk Naming Conventions

  • The following information pertains to how Symantec names threats and risks detected by products equipped with our antivirus engines.
  • The Prefix denotes the platform on which the risk runs or the type of risk. A detection name for a DOS virus usually does not contain a Prefix.
  • The Name is the family name of the risk.
  • The Suffix may not always be used. Suffixes distinguish among variants of the same family and sometimes show numbers denoting the size of the virus or letters indicating the variant designation.
Adware Program that facilitates the delivery of advertising content to the user.
ALS Threat that targets the AutoCAD application and is written in the LISP language.
Android Threat that targets the Android operating system.
Backdoor Threat that allows unauthorized access and control of the compromised computer.
BAT Threat that is written in the Windows batch script language.
BBOS Threat that targets the BlackBerry operating system.
Bloodhound Heuristic detection for previously unknown threats.
Boot Threat that modifies the boot records to cause the computer to execute malicious code before the operating system has started.
DDoS Threat used to perform distributed denial-of-service (DDoS) attacks from the compromised computer against a third party.
Dialer Program that uses a computer or modem to dial out to a toll number or website and typically accrues charges.
Downloader Threat that downloads and executes files from a remote location.
Exp Heuristic detection for code that exploits a known security vulnerability.
Hacktool Tool that can be used by an attacker or unauthorized user to attack, gain access to, or perform identification or fingerprinting of the computer.
Infostealer Threat that steals information. Often targets confidential information, such as user names and passwords or payment card details.
IOS Threat that targets the iOS operating system.
Java Threat written in the Java programming language or targets the Java framework.
Joke Program that alters or interrupts the normal behavior of the computer, creating a general distraction or nuisance.
JS Threat written in the JavaScript programming language.
Linux Threat that targets Linux-based operating systems.
MSIL Threat that targets the .NET framework.
O97M Malicious macro that targets multiple Microsoft Office applications from version 97 onwards.
OSX Threat that targets the Mac OS X operating system.
Packed Threat that is compressed or encoded in a way to avoid detection by security software.
Perl Threat written in the Perl programming language.
PHP Threat written in the PHP language.
PUA Program that users wish to be made aware of. This program could have an impact on security, privacy, or resource consumption. The program may install itself without getting the user’s permission or displaying a notice on the computer. It may also be deemed separate and different from the application that is actually being installed.
Python Threat written in the Python language.
RemoteAccess Tool designed to provide a remote user with access and control of a computer.
SAPE SAPE is a heuristic technology designed to detect several different classes of risks. Heuristic detections protect against many risk families that share similar characteristics and can often provide wider and faster detection for fast-evolving risks.
SecurityRisk Risk that does not meet the definitions of viruses, Trojan horses, worms, or other security risk categories, but which may present a risk to a computer and its data, cause an unwanted nuisance to the user, or exhibit other unexpected results.
SONAR Symantec Online Network for Advanced Response (SONAR) provides real-time protection against threats and proactively detects unknown risks on the computer. SONAR identifies emerging risks based on the behavior of applications.
Spyware Risk that tracks user habits, or gathers and sends information that is personally identifiable or confidential.
Suspicious Risk identified using a method for detecting previously unknown risks based on the file’s reputation.
SymbOS Threat that targets the Symbian operating system.
Trackware Program that monitors computer activity, gathers system information, or tracks user habits. The program relays this information to third-party organizations.
Trojan File that may masquerade as helpful programs, but is actually malicious code. Trojan horses do not replicate.
Unix Threat that targets Unix-based operating systems.
VBS Threat written in the VBScript programming language.
W32 Self-propagating threat that targets 32-bit Windows operating systems.
W64 Self-propagating threat that executes on Windows 64-bit operating systems.
W97M Malicious Microsoft Office macro that targets Microsoft Word version 97 onwards.
WinCE Threat that targets the Windows CE operating system and its descendants.
X97M Malicious Microsoft Office macro that targets Microsoft Excel 97 or later.
XF Threats written as a Microsoft Excel cell formula.
XM Microsoft Office macro that targets Microsoft Excel, including early versions (Excel 4 or Excel 95).
conf Configuration file.
dam File damaged in a way that prevents it from carrying out its functionality.
dcu File used to compile source code in the Delphi language.
dldr File that downloads another file which carries out the main functionality of the threat.
dr File that installs another file which carries out the main functionality of the threat.
enc Encoded file. Another program must be used to decode the file before the contained file can be executed.
g File detected using a method for identifying multiple new variants.
gen File detected using a method for identifying multiple new variants.
gm File detected using a method for identifying multiple new variants.
html Risk written in the HTML language.
inf Host file that has become infected with a virus or had malicious code inserted into it.
int Risk that is unable to execute its intended functionality.
job Job configuration file. This is used by Windows to schedule the execution of another file.
js Risk written in the JavaScript programming language.
kit Threat construction kit. This does not itself cause harm, but is used to create threats that may do so.
kmem Risk detected using a heuristic method for identifying multiple or new variants.
reg Registry file. This is used to modify the configuration of the Windows operating system.
sdb Shim database file. This is a Windows configuration file that can be used to restart a program after a reboot.
sys .sys file. This file type is typically used by Windows to provide device driver functionality.
vbs Risk written in the VBScript programming language.
zip File contained in a .zip archive. The contained file must be extracted from the archive before it can be executed.
@mm Threat that self-propagates by performing a mass emailing operation.
pas File used to compile source code in the Delphi language.