Emsisoft Malware Library

The Emsisoft dual-scanner may detect different types of malicious software on your computer. Each malware name gives information about the nature of the infection via its name prefix.

blog_categories

  • Adware: a malware that opens alerts, disturbs the user and shows advertising messages, usually with pop-up windows.
  • Android: this detection indicates a malicious application for Android devices. Normally, the extension is .apk. This malware can damage your Android device and execute malicious actions.
  • Application: refers to potentially unwanted program (PUP). Examples of PUPs include: toolbars, settings modifiers, ad popups, etc. For a complete description, see PUPs.
  • Backdoor: a program that allows remote control of an infected computer through the Internet. These programs are not able to duplicate themselves and spread, but they can open ports on the computer where they are executed. Open ports can be used by hackers to access data or programs. Different backdoors have different functions, such as: send and receive files, delete archives, execute payload, or virus management within the infected system.
  • Bad Reputation: refers to a program that showed suspicious behavior. The program was looked up in the Emsisoft Anti-Malware Network and the result indicated that the file is most likely malicious.
  • BehavesLike: indicates a program that behaves like the family of the malware named. Exhibition of a typical malware behavior allows us to catalogue some malware automatically.
  • Dialer: a malicious program that modifies a computer’s Internet connection by changing the telephone number used to connect. Most dangerous for those who use an analog modem and/or ISDN to connect to the Internet. Can also cause a disruption of service for those who use an ADSL connection.
  • Dropped: a vector file that installs a virus on a computer. Malware authors often use droppers to protect their viruses from malware detection. “Injector” refers to a dropper that installs a single virus in computer memory.
  • Email-Flooder: a program that continuously sends emails. Created to cram the user’s inbox. Can send hundreds/thousands of emails to overfill the incoming email folder of a specific, targeted account.
  • Email-Worm: a worm that spreads itself using email. Infects the computer when a malicious email attachment is opened, and then tries to send copies of itself to addresses on the infected user’s contacts list.
  • Exploit: malicious code that takes advantage of a real application’s bug or vulnerability. Can be used to execute malicious code. Can grant attacker administrator privileges, which can be used to perform illegal actions.
  • Fraudtool: the infamous “rogue-antivirus,” or malware that pretends to be a security solution. After installation, Fraudtools pretend to “detect” a lot of viruses and also “clean” the user’s system, all the while insisting that the user buy a paid version of the product to completely disinfect and/or optimize their computer. In addition to direct fraud, these programs also have adware functionality.
  • Generic, Gen: refers to a generic malware detection. Can be detected by signature definitions or heuristics. Can be malicious, but can sometimes be a benevolent “False Positive.” We advise you to scan a generic detection at Virustotal.com or to send it to us for further analysis.
  • HackTool: a tool used by hackers to gain access to a computer without authorization.
  • Heuristic: a detection made by our heuristic engine. This means that the detection is based on the analysis of the file’s code. Heuristic detections are not in the Emsisoft database, but have malicious characteristics and are therefore considered dangerous to the computer.
  • Hijacker: a malicious program that is usually called by Active-X controllers. Infects the computer, infects the web browser, and changes security parameters and default settings all at once.
  • Java: a malware object executed exclusively by the Java platform.
  • Joke: a program designed to annoy the user. Not dangerous to the system, but can create confusion and has fun joking around with the user in many ways.
  • Keylogger: a malicious program created to record everything that is typed on a keyboard and/or everything that occurs in a desktop session. Can also record webcam images and videos. Typed words pass from the keyboard to the computer; during this passage a keylogger filters words, searching for sensitive information, and then it records and transmits that information to a crime network.
  • LSP: Stands for Layer Service Provider. Libraries that are attached to WinSockTCP/IP functions. They are able to analyze the Internet traffic of an infected computer.
  • Malware: a generic term used to define a malicious computer program. Virus, Adware, Backdoor, BHO, Dialer, HTML, LSP, Spyware, Trojan, Worm – all of these are malware.
  • not-a-virus: a program that is not a virus, but is still detected due to the way it behaves. Does not fall under any of our malware definitions, and is in most cases harmless.
  • possible-Threat: a classification that indicates that the file could be a threat. Indicates that the file has not yet been classified, and that it is potentially dangerous to the computer. We suggest you submit possible-Threats to us for further analysis.
  • PUP: a potentially unwanted program. Not malware and not dangerous to the computer, but often quite annoying. Displays ads, warnings and other fake messages. Has little to no use and wastes space on the computer. Details.
  • Ransomware: a type of malware that takes your computer “for ransom.” Installed illegally, without authorization. Can be used by criminals to remotely block user-access to the computer. Once access is blocked, pop-up windows demand payment to unlock the computer.
  • Riskware: a legitimate program that can cause problems if it is used by hackers to delete, block, modify or copy data. Creates performance problems on infected machines.
  • Rogue: a fake security program, also known as “scareware.” Pretends to be a useful security program, but in reality offers limited protection or no protection at all. Generates fake warnings and attempts to lure users into fraudulent transactions.
  • Rootkit: a malicious program used to take complete control of an infected system, without user or administrator authorization. Rootkits are mainly used to hide Backdoors or other malicious code.
  • Script: a file executed by other platforms. Scripts use another program to execute themselves and can perform various malicious actions.
  • Setting: not a type of malware, but instead an incorrect system setting. Emsisoft detected this corrupted setting because it is not in the default position. Most likely, malware has tampered with and changed the setting. Emsisoft will restore the setting to its correct position.
  • Spyware: a malicious program that can secretly track computer activity. Sends recorded information to its criminal author.
  • SymbOS: this detection indicates a malicious application for Symbian devices. These applications can damage your device and execute malicious code.
  • Trace: an object (file, folder, or registry key) that remains after a malware infection. Traces can be used by some malware to help their actions but are useless and not dangerous in the absence of their associated malware.
  • Trace.Directory: a folder that’s leftover from a previous malware infection. Not necessarily dangerous in itself, and often useless in the absence of its associated files. Used by PUPs in the majority of cases, to perform some action.
  • Trace.File: a file that’s leftover from a previous malware infection. Not necessarily dangerous in itself, and often useless in the absence of its associated files. Used by PUPs in the majority of cases, to perform some action.
  • Trace.Registry: a registry key that’s leftover from a previous malware infection. Not dangerous in itself, and useless in the absence of its associated malware. Used by PUPs in the majority of cases, to perform some action.
  • Trojan: a program that intentionally hides its true, malicious actions from the user and also attempts to fool the user into thinking that it is performing legitimate functions. Trojans usually do not work alone; typically they are hidden by Backdoors and used to drop other malware. In general, the task of any Trojan is to execute its payload.
  • Virtool: a program used by hackers to create viruses and malicious code. Not dangerous in itself, but does produce many different types of malware.
  • Virus: a malicious program, or part of a program, that infects other programs, archives, system areas (MBR, Boot Sector) or executable objects, with a copy of itself.
  • Worm: an independent program that tries to infect computers by spreading through a network or by sending e-mails that contain attached copies of itself or other malicious code.

 

  • Legend

    A very good summary of all the different malware terms. ” Bookmark it ” . It could be handy when you read different articles, here or in the press.

  • Joseph

    what is Mobogenie?

  • Joseph

    what is mobogenie?

  • lucas

    Emsisoft Anti-Malware Anti-Malware – Versão 9.0

    Última atualização 06/08/2014 15:42:14

    User account name: Usuario-PCUsuario

    Configuração do exame:

    Tipo de exame: Exame Profundo

    arquivos: Rootkits, Memória, Rastros, C:, D:, Q:

    Detect Potentially Unwanted Programs: Ligado

    Análise de arquivos: Ligado

    Análise de ADS: Ligado

    Extensão de arquivo: Desligado

    Caching avançado: Ligado

    Acesso direto ao disco: Desligado

    Início do exame: 06/08/2014 16:26:09

    Value: HKEY_USERS.DEFAULTSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESEXPLORER -> NOFOLDEROPTIONS detectados: Setting.NoFolderOptions (A)

    Value: HKEY_USERSS-1-5-18SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESEXPLORER -> NOFOLDEROPTIONS detectados: Setting.NoFolderOptions (A)

    Value: HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESEXPLORER -> NOFOLDEROPTIONS detectados: Setting.NoFolderOptions (A)

    Value: HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESSYSTEM -> DISABLETASKMGR detectados: Setting.DisableTaskMgr (A)

    Value: HKEY_USERS.DEFAULTSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESSYSTEM -> DISABLETASKMGR detectados: Setting.DisableTaskMgr (A)

    Value: HKEY_USERSS-1-5-21-2923910985-2700960260-696738952-1000SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESSYSTEM -> DISABLETASKMGR detectados: Setting.DisableTaskMgr (A)

    Value: HKEY_USERSS-1-5-18SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESSYSTEM -> DISABLETASKMGR detectados: Setting.DisableTaskMgr (A)

    Value: HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESSYSTEM -> DISABLEREGISTRYTOOLS detectados: Setting.DisableRegistryTools (A)

    Value: HKEY_USERS.DEFAULTSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESSYSTEM -> DISABLEREGISTRYTOOLS detectados: Setting.DisableRegistryTools (A)

    Value: HKEY_USERSS-1-5-21-2923910985-2700960260-696738952-1000SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESSYSTEM -> DISABLEREGISTRYTOOLS detectados: Setting.DisableRegistryTools (A)

    Value: HKEY_USERSS-1-5-18SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESSYSTEM -> DISABLEREGISTRYTOOLS detectados: Setting.DisableRegistryTools (A)

    Value: HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESEXPLORER -> NORUN detectados: Setting.NoRun (A)

    Value: HKEY_USERS.DEFAULTSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESEXPLORER -> NORUN detectados: Setting.NoRun (A)

    Value: HKEY_USERSS-1-5-18SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESEXPLORER -> NORUN detectados: Setting.NoRun (A)

    Analisados: 155083

    Achado 14

    Fim do exame: 06/08/2014 17:39:26

    Duração do exame: 1:13:17

    Value: HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESEXPLORER -> NORUN Em quarentena Setting.NoRun (A)

    Value: HKEY_USERS.DEFAULTSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESEXPLORER -> NORUN Em quarentena Setting.NoRun (A)

    Value: HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESSYSTEM -> DISABLEREGISTRYTOOLS Em quarentena Setting.DisableRegistryTools (A)

    Value: HKEY_USERS.DEFAULTSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESSYSTEM -> DISABLEREGISTRYTOOLS Em quarentena Setting.DisableRegistryTools (A)

    Value: HKEY_USERSS-1-5-21-2923910985-2700960260-696738952-1000SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESSYSTEM -> DISABLEREGISTRYTOOLS Em quarentena Setting.DisableRegistryTools (A)

    Value: HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESSYSTEM -> DISABLETASKMGR Em quarentena Setting.DisableTaskMgr (A)

    Value: HKEY_USERS.DEFAULTSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESSYSTEM -> DISABLETASKMGR Em quarentena Setting.DisableTaskMgr (A)

    Value: HKEY_USERSS-1-5-21-2923910985-2700960260-696738952-1000SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESSYSTEM -> DISABLETASKMGR Em quarentena Setting.DisableTaskMgr (A)

    Value: HKEY_USERS.DEFAULTSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESEXPLORER -> NOFOLDEROPTIONS Em quarentena Setting.NoFolderOptions (A)

    Value: HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONPOLICIESEXPLORER -> NOFOLDEROPTIONS Em quarentena Setting.NoFolderOptions (A)

    Em quarentena 10

    • emsisoft_steve

      Hi Lucas,

      Do you require assistance? If so I can put you into contact with someone from our support team who speaks Portuguese.