Threat Description

Heuristic

Details

Aliases:Heuristic, Gen:Heur, Gen:Trojan.Heur, Memscan:trojan, Could be a mass-mailing worm, Could be infected with an unknown virus
Category:Malware
Type:Other
Platform:W32

Summary



The file appears to be suspicious, is potentially undesirable, or may be structured in a way or has characteristics that resembles known malware. This may indicate the presence of a malware infection, or that the suspect file is malicious.



Removal


Flagged as Suspicious

If a file contains potentially damaging routines or suspicious code, F-Secure products will flag it as Suspicious as a precautionary measure. Once detected, the F-Secure security product may either automatically disinfect the suspect file or prompt the user to select a desired action. For more information, see: Support Community article: Automatic actions for viruses also used for suspicious items.

Recategorization

If in doubt, or in cases where a legitimate file is suspected to contain malicious code, please send a sample to F-Secure Security Labs via the Sample Analysis System for analysis. In some cases, subsequent analysis may determine the file is a False Alarm or False Positive. The relevant detection will then be modified to ensure the issue does not reoccur.



Technical Details



F-Secure security programs include heuristic engines that perform extended file analysis during a system scan in order to identify suspicious, malware-like code or potentially harmful routines. Actual detection names used by the heuristic engines may vary, and include:

Possibly Infected With an Unknown Virus, Saattaa olla tuntemattoman viruksen saastuttama, Possibly a mass mailing worm, Virus-like code found by heuristics, Deepscan:generic.malware, Gen:Heur, Possibly Destructive Program, New or Modified Variant Of, Viruses cannot be disinfected unless they are identified

The suspect file found on the computer system showed malicious/potentially damaging routines or characteristics.

Gen:Trojan.Heur

The suspect file contains trojan-like code or behavior.

Memscan:

After a suspect file has been emulated in a 'virtual' environment, the virtual memory is examined for malware.

Possible misdisinfected virus

The suspect document or a workbook may contain an incompletely disinfected virus.

Suspicious Win32 PE

A Windows program file contains suspicious code; this may be either a unknown virus or simply virus-like code. Please send a sample to F-Secure Labs for analysis.

Type_Com

The suspect file contains virus-like code resembling a COM file infector virus.

Type_ComTSR

The suspect file contains contains virus-like code resembling a memory resident COM file infector virus.

Type_Exe

The suspect file contains contains virus-like code resembling an EXE file infector virus.

Type_ExeTSR

The suspect file contains contains virus-like code resembling a memory-resident EXE file infector virus.

Type_ComExe

The suspect file contains contains virus-like code resembling a file infector virus that may affect COM and EXE files.

Type_ComExeTSR

The suspect file contains contains virus-like code resembling a memory-resident file infector virus that may affect both/either COM and EXE files.

Type_Boot

The suspect file contains contains virus-like code resembling a BOOT sector infector virus. .

Type_Trojan

Found trojan-like code in file or boot record.

Type_Win32

Found virus-like code resembling a Windows 95/98/NT EXE file infector virus.

Type_Formula

A Microsoft Excel sheet containing a 'CALL' instruction was found. This relates to a known security vulnerability. Further information is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms98-018.asp.

Type_RemoteTemplate

A Microsoft Word document containing a reference to a remote template (i.e., not in the local machine) was found. This relates to a known security vulnerability. Further information is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms99-002.asp.

Type_Script

A suspicious fragment in a program written with a scripting language (e.g., JavaScript or Visual Basic Script) was found. This relates to a known security vulnerability. Further information is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms99-002.asp.

JS.ActiveXComponent

A HTML page containing references to a known vulnerability in the Internet Explorer web browser was found. Further information, including a fix, is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms00-075.asp.

HTML.SecurityBreach.2 HTML.SecurityBreach.3

A suspicious reference to a script object has been found. Further information about the vulnerability is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms99-032.asp.






SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More