What to imagine behind Win32:MalOb [Cryp]
Our users are sometimes confused what can some malware name mean. In fact – there are some names without an special meaning – they are mostly related to short-lived pieces of malware. Contrary to this daily stuff there are some malware families (long-lived, widespread or highly dangerous), which should have some unique name. One of the reasons could be the possibility of effective seeking through the results of search engines (check the difference when you type “Win32:Trojan-gen” and “Win32:Fasec” in your search engine). There’s not a mandatory naming convention applicable to all AV vendors. Our names contain these parts:
- platform (or file type) prefix
- malware name
- malware type
The most frequently used prefixes nowadays are Win32: and JS:, because there’s a majority of Win32 and JavaScript malware. If you want to see some recently active malware families (their names) visit www.avast.com/eng/latest-virus-report.html. Malware type field is the last part of name (in brackets) and it can be
Trj = trojan horse
Wrm = worm
Rtk = rootkit
Expl = exploit
Cryp = malware cryptor
and few others. Sometimes the malware type is missing. This means either an file infector or some kind of generic malware. You can always use our forums when you are not sure what you’re dealing with. And now the answer to the question in title – what to imagine behind Win32:MalOb [Cryp]?
Win32 – means a platform, that the malware was developed for
MalOb – it’s a shortcut for “malware obfuscator” – this means that the file was modified with some custom tool to hide the bad things
Cryp – cryptor used (only) by malware creators
Btw: the spectrum of malware covered by Win32:MalOb consists of fake antiviruses, fake codecs, spam engines etc.
Optimizes and simple explanation, thanks!
I still ask myself why there are so many names for the same malware among different software house. Some of that are very different.
It’s because there are different approaches to detect malware (exact match, algo, heuristics etc) – what someone calls Win32:Agent someone else calls W32/Heur.15f5a8e just because he detected it heuristically. There are only slight differences in names of some well known viruses (e.g. Virut vs. Virux).
Thanks of the explanation! Now I have understanded.
P.S.
And sorry for my English
Thanks for the info,its helpful in understanding the naming conventions used by AVAST..!
Thx
are there no malware for 64bits platform??
xD
thanks for the explanation… i’ve UNDERSTOOD
(for the comment #3)
reading and writing in english is the best way to learn the language.. im from Mexico
Umm i had a problem I Had A Game Gothic II And Avast Have Finded It like A Virus I Dont No Why I Dont Have Patched This Game And Noting More
I Played It For few Years And Avast Havent find it like a virus
Maybe must i Uninstall it And Install???
No Uninstall And Install Does Nothing I Did It But Still Virus
I Bought It In Shop
This GothicII.exe is Win32:MalOb [Cryp]
Someone Can Help Me?????
@Cristian
This file has been considered as a false positive. The detection will be fixed soon. Wait for the VPS update.