Naming malware

We name the malware and unwanted software that we detect according to the Computer Antivirus Research Organization (CARO) Malware naming scheme.

This scheme uses the following format:

MMPC naming format as it applies to a Reveton detection

When our analysts research a particular threat, they will determine what each of the components of the name will be.


The type describes what the threat does on your computer. Worms, trojans, viruses, and adware are some of the most common types of threats we detect.


The platform refers to the operating system (such as Windows, Mac OS X, and Android) that the threat is designed to work on. Platforms can also include programming languages and file formats.


A group of threats with the same name is known as a family. Sometimes different security software companies use different names.

Variant letters

Variant letters are used sequentially for each different version or member of a family. For example, the detection for the variant “.AF” would have been created after the detection for the variant “.AE”.

Additional information

Additional information is sometimes used to describe a specific file or component that is used by another threat in relation to this threat. In the example above, the !lnk indicates that the threat is a shortcut file used by the Trojan:Win32/Reveton.T variant, as shortcut files usually use the extension .lnk.


Expand all

Additional suffixes

Expand all