F-Secure
Tools
Other:W32/Heuristic
| Name : | Other:W32/Heuristic |
| Detection Names : |
Gen:Trojan.Heur |
| Category: | Malware |
| Type: | Other |
| Platform: | W32 |
Summary
F-Secure Anti-Virus analyzes scanned files and gives warnings if it finds suspicious code inside. When a file is suspected having a "Type_XXX" virus it means that the heuristic scanner found virus-like or trojan-like code in the analyzed file.
We appreciate samples of suspected viruses as well as suspected false alarms to our sample submission address. Samples are usually analyzed within a few days.
We appreciate samples of suspected viruses as well as suspected false alarms to our sample submission address. Samples are usually analyzed within a few days.
Additional Details
VARIANT: Possibly Destructive Program
VARIANT: New or Modified Variant Of
VARIANT: Possibly Infected With an Unknown Virus
VARIANT: Saattaa olla tuntemattoman viruksen saastuttama
VARIANT: Viruses cannot be disinfected unless they are identified
Files detected as "Possibly destructive program", "Possibly infected with an unknown virus", "New or modified variant of [virus name]", etc are F-Prot heuristic engine messages. Send a sample to F-Secure for analysis.
VARIANT: Possible misdisinfected virus
Found a document or a workbook that may contain an incompetely disinfected virus. Please send a sample to us for investigation.
VARIANT: Suspicious Win32 PE
Suspicious code has been found from a Windows program file. This could be a new, unknown virus or simply a program which happens to contain code similar to viruses. Submit a sample to F-Secure for analysis.
VARIANT: Virus-like code found by heuristics
An suspicious file has been found by AVP engine. Please send a sample to us for analysis.
VARIANT: HTML.SecurityBreach.2
VARIANT: HTML.SecurityBreach.3
A suspicious reference to scriptlet.typelib object has been found. Further information about the vulnernability is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms99-032.asp
VARIANT: Type_Com
Found virus-like code resembling a COM file infector. The COM file infector is usually a simple small virus that searches for COM files on its startup and infects them. These viruses work in DOS and DOS sessions of Windows.
VARIANT: Type_ComTSR
Found virus-like code resembling a memory resident COM file infector. The memory resident COM file infector is usually a simple virus that stays resident in memory and hooks some DOS or BIOS interrupts (usually Int 21h Fn 4Bh (exec) DOS interrupt). It infects COM files being accessed or executed using the hooked interrupt. Works in DOS and DOS sessions of Windows only. Might fail to stay resident in DOS sessions and DOS 7.0+.
VARIANT: Type_Exe
Found virus-like code resembling an EXE file infector. The EXE file infector is usually a virus that searches for EXE files on its startup and infects them. This type of virus is more complex than a COM infector and is more widely spread. Works in DOS and DOS sessions of Windows.
VARIANT: Type_ExeTSR
Found virus-like code resembling a memory resident EXE file infector. The memory resident EXE file infector is usually a virus that stays resident in memory and hooks some DOS or BIOS interrupts (usually Int 21h Fn 4Bh (exec) DOS interrupt). It infects EXE files being accessed or executed using the hooked interrupt. This type of virus is more complex than a resident COM infector and is more widely spread. Works in DOS and DOS sessions of Windows. Might fail to stay resident in DOS sessions and DOS 7.0+.
VARIANT: Type_ComExe
Found virus-like code resembling COM and EXE file infector. The COM and EXE file infector is usually a virus that searches for COM and EXE files on its startup and infects them. This type of virus is rather complex and is also widely spread. Works in DOS and DOS sessions of Windows.
VARIANT: Type_ComExeTSR
Found virus-like code resembling a memory resident COM and EXE file infector. The memory resident COM and EXE file infector is usually complex virus that stays resident in memory and hooks some DOS or BIOS interrupts (usually Int 21h Fn 4Bh (exec) DOS interrupt). It infects COM and EXE files being accessed or executed using the hooked interrupt. This type of virus is widely spread. Works in DOS and DOS sessions of Windows. Might fail to stay resident in DOS sessions and DOS 7.0+.
VARIANT: Type_Boot
Found virus-like code resembling a BOOT sector infector. The BOOT sector infector is usually a virus that infects MBRs and/or DOS BOOT records of hard drives and floppy disks. These viruses are almost always memory resident (hook BIOS disk interrupt Int 13h). They gain control on system bootup and infect files and/or boot sectors of hard drives and/or floppy disks being accessed. Boot viruses usually infect hard drives from infected floppy disks being left in floppy drives on system bootup (if diskette drive is set as a first bootable device). There are file viruses that drop boot viruses to hard drive (Messev & Gwar).
VARIANT: Type_Trojan
Found trojan-like code in file or boot record. Trojans are standalone programs/sectors that can perform malicious actions (blocking keyboard, erasing hard drives, sending insulting e-mail, etc.) being executed by a user. Some viruses drop trojan programs or write trojan code to MBR or/and BOOT records (Tchechen). Most of trojans start to act immediately after being run, some of them activate only on certain occasions (date, time, day of week, etc.). They are also called time bombs.
VARIANT: Type_Win32
Found virus-like code resembling a Windows 95/98/NT EXE file infector. The Windows 95/98/NT EXE file infector is usually a Windows-based virus that infects Portable executables (PE EXE files). This type of virus doesn't work in DOS, but can be started from DOS session of Windows. This type of virus is a rather new one, but it is more dangerous as its detection and disinfection under Windows (especially if the virus is a resident one or a shared file is infected) is a complicated task. Some Windows-based viruses are very big, for example DeTroie virus is more than 450 kilobytes long.
VARIANT: Type_Formula
FSAV found a Microsoft Excel sheet that contains a 'CALL' instruction. This is a warning about a potential security vulnerability. Further information about the issue is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms98-018.asp
VARIANT: Type_RemoteTemplate
Found a Microsoft Word document that has a reference to a remote template, i.e. one that is not in the local machine. This is a warning about potential security vulnerability. Further information about the issue is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms99-002.asp
VARIANT: Type_Script
FSAV found a suspicious fragment from a program written with a scripting language, such as JavaScript or Visual Basic Script.
VARIANT: JS.ActiveXComponent
F-Secure Anti-Virus found a HTML page that contains reference to a known vulnerability in Internet Explorer. The vulnerability allows execution of code in the current user context. Further information, including a fix, is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms00-075.asp
VARIANT: Gen:Trojan.Heur
F-Secure Internet Security Technology Preview detects Trojans with the prefix of Gen:Trojan.Heur.
In some cases the heuristic engine can give false alarms.
(An example of a false alarm would be from early March, 2006. Software from www.osmosian.com, The Osmosian Order of Plain English Programmers, resulted in a Heuristic Type_Win32 alert. The software from Osmosian is not malware and a fix for this is included in current F-Secure Anti-Virus updates.)
VARIANT: New or Modified Variant Of
VARIANT: Possibly Infected With an Unknown Virus
VARIANT: Saattaa olla tuntemattoman viruksen saastuttama
VARIANT: Viruses cannot be disinfected unless they are identified
Files detected as "Possibly destructive program", "Possibly infected with an unknown virus", "New or modified variant of [virus name]", etc are F-Prot heuristic engine messages. Send a sample to F-Secure for analysis.
VARIANT: Possible misdisinfected virus
Found a document or a workbook that may contain an incompetely disinfected virus. Please send a sample to us for investigation.
VARIANT: Suspicious Win32 PE
Suspicious code has been found from a Windows program file. This could be a new, unknown virus or simply a program which happens to contain code similar to viruses. Submit a sample to F-Secure for analysis.
VARIANT: Virus-like code found by heuristics
An suspicious file has been found by AVP engine. Please send a sample to us for analysis.
VARIANT: HTML.SecurityBreach.2
VARIANT: HTML.SecurityBreach.3
A suspicious reference to scriptlet.typelib object has been found. Further information about the vulnernability is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms99-032.asp
VARIANT: Type_Com
Found virus-like code resembling a COM file infector. The COM file infector is usually a simple small virus that searches for COM files on its startup and infects them. These viruses work in DOS and DOS sessions of Windows.
VARIANT: Type_ComTSR
Found virus-like code resembling a memory resident COM file infector. The memory resident COM file infector is usually a simple virus that stays resident in memory and hooks some DOS or BIOS interrupts (usually Int 21h Fn 4Bh (exec) DOS interrupt). It infects COM files being accessed or executed using the hooked interrupt. Works in DOS and DOS sessions of Windows only. Might fail to stay resident in DOS sessions and DOS 7.0+.
VARIANT: Type_Exe
Found virus-like code resembling an EXE file infector. The EXE file infector is usually a virus that searches for EXE files on its startup and infects them. This type of virus is more complex than a COM infector and is more widely spread. Works in DOS and DOS sessions of Windows.
VARIANT: Type_ExeTSR
Found virus-like code resembling a memory resident EXE file infector. The memory resident EXE file infector is usually a virus that stays resident in memory and hooks some DOS or BIOS interrupts (usually Int 21h Fn 4Bh (exec) DOS interrupt). It infects EXE files being accessed or executed using the hooked interrupt. This type of virus is more complex than a resident COM infector and is more widely spread. Works in DOS and DOS sessions of Windows. Might fail to stay resident in DOS sessions and DOS 7.0+.
VARIANT: Type_ComExe
Found virus-like code resembling COM and EXE file infector. The COM and EXE file infector is usually a virus that searches for COM and EXE files on its startup and infects them. This type of virus is rather complex and is also widely spread. Works in DOS and DOS sessions of Windows.
VARIANT: Type_ComExeTSR
Found virus-like code resembling a memory resident COM and EXE file infector. The memory resident COM and EXE file infector is usually complex virus that stays resident in memory and hooks some DOS or BIOS interrupts (usually Int 21h Fn 4Bh (exec) DOS interrupt). It infects COM and EXE files being accessed or executed using the hooked interrupt. This type of virus is widely spread. Works in DOS and DOS sessions of Windows. Might fail to stay resident in DOS sessions and DOS 7.0+.
VARIANT: Type_Boot
Found virus-like code resembling a BOOT sector infector. The BOOT sector infector is usually a virus that infects MBRs and/or DOS BOOT records of hard drives and floppy disks. These viruses are almost always memory resident (hook BIOS disk interrupt Int 13h). They gain control on system bootup and infect files and/or boot sectors of hard drives and/or floppy disks being accessed. Boot viruses usually infect hard drives from infected floppy disks being left in floppy drives on system bootup (if diskette drive is set as a first bootable device). There are file viruses that drop boot viruses to hard drive (Messev & Gwar).
VARIANT: Type_Trojan
Found trojan-like code in file or boot record. Trojans are standalone programs/sectors that can perform malicious actions (blocking keyboard, erasing hard drives, sending insulting e-mail, etc.) being executed by a user. Some viruses drop trojan programs or write trojan code to MBR or/and BOOT records (Tchechen). Most of trojans start to act immediately after being run, some of them activate only on certain occasions (date, time, day of week, etc.). They are also called time bombs.
VARIANT: Type_Win32
Found virus-like code resembling a Windows 95/98/NT EXE file infector. The Windows 95/98/NT EXE file infector is usually a Windows-based virus that infects Portable executables (PE EXE files). This type of virus doesn't work in DOS, but can be started from DOS session of Windows. This type of virus is a rather new one, but it is more dangerous as its detection and disinfection under Windows (especially if the virus is a resident one or a shared file is infected) is a complicated task. Some Windows-based viruses are very big, for example DeTroie virus is more than 450 kilobytes long.
VARIANT: Type_Formula
FSAV found a Microsoft Excel sheet that contains a 'CALL' instruction. This is a warning about a potential security vulnerability. Further information about the issue is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms98-018.asp
VARIANT: Type_RemoteTemplate
Found a Microsoft Word document that has a reference to a remote template, i.e. one that is not in the local machine. This is a warning about potential security vulnerability. Further information about the issue is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms99-002.asp
VARIANT: Type_Script
FSAV found a suspicious fragment from a program written with a scripting language, such as JavaScript or Visual Basic Script.
VARIANT: JS.ActiveXComponent
F-Secure Anti-Virus found a HTML page that contains reference to a known vulnerability in Internet Explorer. The vulnerability allows execution of code in the current user context. Further information, including a fix, is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms00-075.asp
VARIANT: Gen:Trojan.Heur
F-Secure Internet Security Technology Preview detects Trojans with the prefix of Gen:Trojan.Heur.
• Example: Gen:Trojan.Heur.1121405506
In some cases the heuristic engine can give false alarms.
(An example of a false alarm would be from early March, 2006. Software from www.osmosian.com, The Osmosian Order of Plain English Programmers, resulted in a Heuristic Type_Win32 alert. The software from Osmosian is not malware and a fix for this is included in current F-Secure Anti-Virus updates.)