Anti-antivirus Virus - Also called a retrovirus, this is a virus that attacks, disables, or avoids infecting specific antivirus software. It's just one of many methods used by virus authors to avoid detection by antivirus software.

Antivirus Virus - A virus that gets rid of a virus.

Back Door - Some programs have back doors, whereby special access to built in features may be accessed.

Bimodal Virus - "Bi" as a prefix is Latin for two. Bimodal viruses usually infect both boot records and files. They are more commonly called multipartite and sometimes bipartite. "Partite" means broken into parts, with multipartite meaning broken into multiple parts - infecting several areas of a PC.

Basic In/Out System (BIOS) - Chips on the motherboard of a computer contain read only memory instructions that are used to start up a computer. The operating system of a PC also makes use of BIOS instructions and settings to access hardware components such as a disk drive. Some BIOS/CMOS settings can be set to scan for viruses, causing problems for some installation programs.

Bipartite - Bipartite viruses usually infect both boot records and files. "Partite" means broken into parts, with bipartite meaning broken into two parts - infecting two areas of a PC. Also called bimodal or multipartite (most common name).

Boot - When you turn on a computer and start it up it is called "booting" the computer. A restart also qualifies as a boot, often called a "warm boot." When you shut off your computer for at least 10-30 seconds, and then boot it up again, it is called a "cold boot." When troubleshooting or trying to remove a virus it's important to use a cold boot since a warm boot (restart) may leave enough electricity in the computer for a virus to remain in memory, often interfering with antivirus efforts. Also, it's important to start up from a boot disk in most situations, like a CD.

Boot Disk - A boot disk contains special, hidden, startup files and other programs to run a computer. There are several types of boot disks available to the average user, ranging from a standard floppy boot disk to an emergency boot disk or bootable CD. It's important to use a boot disk when disinfecting a computer since most antivirus programs work best when they can gain complete access to the hard drive. If you start up from the hard drive some antivirus programs will fail in detecting and removing a virus from the computer.

Boot Sector Infector - Boot sector injectors are one of the most common types of viruses around because they are so easy to make and spread so quickly and effectively.

Bug - Programmers use the word bug to talk about errors or problems in a program. Debugging is a
method of testing a program and removing the bugs, making the program work correctly (as intended). Some
programmers have created "viruses" by accident, bad bugs if you will, that were then removed during the
debugging process.

Cluster Virus - Cluster viruses infect a disk and the associate themselves with the execution of programs by modifying the file system of the operating system. While the virus only infects one time it appears to infect every application on the computer. In reality, only one infection has occurred but each program is associated with the virus, running the viral instructions each time an application is launched. Cluster viruses are very clever in the idea that any program run, which is a common event, will run the virus and put it into memory, helping to spread the virus.

Companion Virus - Companion viruses are very clever. They create a new program with a file name of an existing program. The idea is for the user to attempt to run the program that they normally run, but then run the virus program instead. It can be as simple as taking a program called "tank.exe" and creating a virus program called "tank.com," to get the "tank.com" file to execute by tricking the user. this works really well in DOS based systems or where the user makes use of the "Run..." dialog box in a Windows based environment. This is sometimes called "Spawning."

Debugging - A process of testing a program and figuring out where the problems are to make the program works as intended. Some bugs are like viruses but are removed by the skilled programmer as they realize the errors in their programming statements.

DOS - Disk Operating System. While newer operating systems like NT basically do away with DOS, the bulk of non-Macintosh computers use DOS to start up and run the computer in conjunction with a Windows program.

Dropper - A dropper is a carrier of a virus, dropping a virus or Trojan Horse when run or opened. Dropper programs do not contain a virus, just the code to create a virus file or program on the computer. This makes detection of a dropper very difficult.

EXE File - EXE, or executable, files are programs that do things on your computer. For example, tank.exe may be a tank game. Files with different extensions, like .dll, are often support files for a program. Incidentally, .dll files contain lines of code that programmers make use of when making a program of their own - .dll files contain commonly used routines and code that all programmers user in their programs, making it possible for
programmers to focus on the unique code for their program. EXE files are commonly infected by viruses,
when after infection, run the virus each time the program is run.

False Alarm - Heuristic scans, used to detect new and previously undiscovered viruses, will often give off a lot of false alarms or flags. The novice user may think that a flag during a heuristic scan indicates a virus. In most cases it is just a false alarm but worth checking out nonetheless.

File Infector Virus - Some viruses infect files, like .exe and .com programs. The goal of the virus is to infect, undetected (usually), and then spread each time the file is opened or run.

Heuristic - Most leading packages have a heuristic scanning method to detect new or previously undetected viruses in the wild. Heuristic scanners look for patterns or activities that are virus like, changes in file sizes, etc. The disadvantage of a heuristic scan is that it will often result in a fair number of false alarms or flags.

Hoax - There are lots of virus hoaxes going around, especially the email type. Good Times is the most well known hoax with plenty to follow. Remember that you can never get a virus from just downloading and reading your mail. It is possible to get a virus from an email attachment - but you have to save and open/run the attachment to risk infection. Hoaxes are often official sounding, unsolicited, and reference important official like places.

I/O - In/Out - An I/O error is more common that what most people think. It means that something didn't work when
sending information in and out. With disks it usually means that the disk is corrupt, is full, or some other type
of problem. Sometimes a full format of the disk in question takes care of some of the I/O problems. Other times it's better to just replace the disk.

Logic Bomb - A Trojan Horse is sometimes left to lie dormant, only to attack when the conditions are just right. This is called a logic bomb.

Macro Virus - Macros have been around for a long time. They are little scripts that record what a user does. For example, a macro could be made to change to a different printer on a network, perform a special find and replace function, etc. With the release of Word 6.X and Excel, users figured out how to modify and program complex macros with destructive and stealth functions. Macro viruses are macros that are able to copy themselves (spread) into other documents and sometimes carry out malicious functions. Macros only run in applications that support them. Right now the bulk of macro viruses are for Word and Excel documents, with just one for Access and a few others for Lotus AmiPro. They are not OS specific either, they work on BOTH Mac and PC computers.

Malicious Code - Any code or set of instructions specifically designed to damage computer files and/or operation. It can be as simple as locking up a program to erasing the hard drive. While some virus authors create malicious code, the bulk of virus authors just create a virus to see if they can do it, get around a back-door, or exploit a security feature, without including malicious code.

Master Boot Records (MBR) - All hard drives contain master boot records. A master boot record (MBR) contains special information about files and operating system components on a computer. Master boot records are commonly infected by viruses because they are so easily infected and can be used to spread the virus quickly to other computer by infecting floppy disks used on an infected system.

Memory Resident Virus - A virus that, when run, places itself into the running memory on the computer. This allows for it to be running all the time, to infect and spread as the user works. This is more commonly called a TSR, or Terminate and Stay Resident virus.

Multipartite - Multipartite viruses usually infect both boot records and files. "Partite" means broken into parts, with multipartite meaning broken into multiple parts - infecting several areas of a PC. Also called bimodal or bipartite.

OS - Operating system, such as DOS, Windows 3.X, Windows 95, Windows 98, Windows NT, Sun/OS, Unix,
Macintosh 6.X, Macintosh 7.X, Macintosh 8.X.

OS/2 - An operating system, sold by IBM. It's a flexible operating system capable of multi-tasking both DOS and Windows programs.

Overwriting Virus - A virus that overwrites infected files. Sometimes used to refer to viruses that overwrite files with garbage data, effectively destroying the data overwritten.

Payload - Some viruses have a payload date, when they actually do something. Payloads are like the clock ticking inside an infected a computer, a trigger date if you will, for when something will happen.

Partition Sector - Partitions split things into sections. On a disk a partitions are often used to split a logical drive into several partitions for disk efficiency and easier use of the computer and file management. Each partition is normally given a drive letter assignment, like C and D. Partition information is stored in the Master Boot Record of a hard drive and are a common area of infection by viruses.

PC - Personal Computer. PC is commonly used to refer to any computer but is more specifically used to refer to DOS or Windows based computers.

Polymorphic Virus - A virus that has the ability to morph, or change, as it spreads. Polymorphic viruses are harder to identify since each copy of the virus is different. "Poly" is Latin for many, "morphic" means shape. Thus, Polymorphic literally means many shapes.

Resident Extension - When a virus installs itself into the running memory of the computer it is called a Terminate and Stay Resident (TSR) or memory resident virus. The part of the virus that is in memory is called a resident extension.

Retrovirus - Also called a anti-antivirus virus, this is a virus that attacks, disables, or avoids infecting specific antivirus software. It's just one of many methods used by virus authors to avoid detection by antivirus software.

Rogue Program - Any kind of malicious type program, Trojan Horses, viruses, etc, are considered to be rogue programs.

Self-Encrypting Viruses - Some viruses use self-encrypting techniques to try to hide their presence. Self-encryption often makes them look more like data within a file rather than the pattern of a virus. This is a stealth technique.

Self-Extracting Files - A file that, when run, extracts itself. Most files transferred across the Internet are compressed to save disk space and lower transfer times. If you download a self-extracting file and run it you could be asking for trouble. The self-extracting program could actual be a virus or Trojan Horse. These types of viruses can be effective since the scanning of compressed files is a rather new technique used by most leading antivirus package. You can't get a virus by just downloading a file, you must run it. Always scan new files before using them.

Signature - Each virus has it's own specific pattern, ways of infecting, etc. A series of letters and numbers within the code of a virus are often unique, providing antivirus developers with a signature of the virus. It's like a
thumbprint for the virus, giving antivirus developers the ability to identify the virus based upon a unique string.
That's why some companies call their virus database files signature files. A signature file is a database of
various virus signatures, used to compare against found strings during dis-infection of a computer.

Signature File - A signature file is a database of various virus signatures, used to compare against found strings during dis-infection of a computer. Signature files are called a variety of names, including the ever-popular DAT file update used by ViruScan, meaning data. It's important that you download or purchase signature file updates often to provide yourself with the best possible protection available to date.

Spawning Viruses - Spawning viruses create a new program with a file name of an existing program. The idea is for the user to attempt to run the program that they normally run, but then run the virus program instead. It can be as simple as taking a program called "tank.exe" and creating a virus program called "tank.com," to get the "tank.com" file to execute by tricking the user. this works really well in DOS based systems or where the user makes use of the "Run..." dialog box in a Windows based environment. This is more often referred to as a "Companion viruses."

Stealth Viruses - Some viruses are very good at hiding themselves. When a virus makes use of a "hiding" technique it is classified as a stealth virus. Stealth viruses are usually memory resident viruses, running in the memory of the computer at all times to help intercept instructions and control detection of the infection. One way this works is for a virus to intercept a call for data on a block that is infected by the virus. The virus moves the viral code to a different portion of the disk and then offers up the information from the original infected area of the disk. It's kind of like shuffling things around when you know where the computer is looking.

System Boot Records - All hard drives have a master boot record. Most hard drives are partitioned into separate drive letters. For example, a 4 MB drive may be split into a 2 MB C and 2 MB D drive on the computer. A system boot record is used to keep track of each partition.

Time Bomb - A logic bomb activated at a certain time or date.

Trojan Horse - A malicious program that masquerades as a legitimate program. You may think you're opening up a compression program when in fact, you're running a Trojan Horse that erases your hard drive! Trojan Horse programs tend to be nasty, and hard to detect. They are often created on your computer with a dropper program.

TSR - Terminate and Stay Resident. "Memory Resident" viruses go into memory and stay there while the
computer is still running. TSR viruses usually design a method by which they are put into memory when the
computer is booted, and then run until the computer is shut down.

Variant - A modified version of an original virus.

Wild - Some viruses are only within a company while others are spread out all around the world. Most viruses are in the "wild," where the average user could contract and be infected with the virus. Some viruses are identified and stopped, or created for testing purposes only, prior to distribution into the wild.

Worm - A program that propagates without action from a user or program. It's much like a virus, but programs and files don't need to be run in order to activate the spreading of a worm. Because of this, worms are normally highly prolific when released into the wild. The Internet Worm was one of the first worms to debut, having been
released in 1988. Legitimate worm functions are used for system diagnostics and network utility programs.

ZIP Files - A zipped file is one that has been compressed and given the file name extension (usually) of .zip. Zipped files may contain viruses. Make sure your antivirus program scans for viruses in compressed files. If you plan on downloading software from the Internet try to limit your downloads to reputable sites.

Download Virus Definitions from Norton

Favorite Links

Yahoo | Google | Microsoft | Symantec | Trend Micro | McAfee