Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Heuristic


Aliases:


Heuristic
Gen:Heur
Gen:Trojan.Heur
Memscan:trojan
Could be a mass-mailing worm
Could be infected with an unknown virus

Malware
Other
W32

Summary

The file appears to be suspicious, is potentially undesirable, or may be structured in a way or has characteristics that resembles known malware. This may indicate the presence of a malware infection, or that the suspect file is malicious.



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details

F-Secure security programs includeheuristic enginesthat perform extended file analysis during a system scan in order to identify suspicious, malware-like code or potentially harmful routines.

For more information about heuristics, please see Terminology: Heuristic Analysis.

Once found, the program may either automatically disinfect the suspect file, or prompt the user for their desired action. If in doubt, or in cases where a legitimate file is suspected to contain malicious code, please send a sample to F-Secure Security Labs via the Sample Analysis System for analysis.

Actual detection names used by the heuristic engines may vary, and include:


Possibly Infected With an Unknown Virus, Saattaa olla tuntemattoman viruksen saastuttama, Possibly a mass mailing worm, Virus-like code found by heuristics, Deepscan:generic.malware, Gen:Heur, Possibly Destructive Program, New or Modified Variant Of, Viruses cannot be disinfected unless they are identified

The suspect file found on the computer system showed malicious/potentially damaging routines or characteristics.


Gen:Trojan.Heur

The suspect file contains trojan-like code or behavior.


Memscan:

After a suspect file has been emulated in a 'virtual' environment, the virtual memory is examined for malware.


Possible misdisinfected virus

The suspect document or a workbook may contain an incompletely disinfected virus.


Suspicious Win32 PE

A Windows program file contains suspicious code; this may be either a unknown virus or simply virus-like code. Please Please send a sample to F-Secure Labs for analysis. to F-Secure Security Labs for analysis.


Type_Com

The suspect file contains virus-like code resembling a COM file infector virus. For more information about file infector viruses, please see Terminology: File Virus.


Type_ComTSR

The suspect file contains contains virus-like code resembling a memory resident COM file infector virus. For more information about file infector viruses, please see Terminology: File Virus.


Type_Exe

The suspect file contains contains virus-like code resembling an EXE file infector virus. For more information about file infector viruses, please see Terminology: File Virus.


Type_ExeTSR

The suspect file contains contains virus-like code resembling a memory-resident EXE file infector virus. For more information about file infector viruses, please see Terminology: File Virus.


Type_ComExe

The suspect file contains contains virus-like code resembling a file infector virus that may affect COM and EXE files. For more information about file infector viruses, please see Terminology: File Virus.


Type_ComExeTSR

The suspect file contains contains virus-like code resembling a memory-resident file infector virus that may affect both/either COM and EXE files. For more information about file infector viruses, please see Terminology: File Virus.


Type_Boot

The suspect file contains contains virus-like code resembling a BOOT sector infector virus. For more information about file infector viruses, please see Terminology: Boot Virus.


Type_Trojan

Found trojan-like code in file or boot record. For more information about trojans, please see Terminology: Trojan.


Type_Win32

Found virus-like code resembling a Windows 95/98/NT EXE file infector virus. For more information about infector viruses, please see Terminology: File Virus.


Type_Formula

A Microsoft Excel sheet containing a 'CALL' instruction was found. This relates to a known security vulnerability. Further information is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms98-018.asp.


Type_RemoteTemplate

A Microsoft Word document containing a reference to a remote template (i.e., not in the local machine) was found. This relates to a known security vulnerability. Further information is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms99-002.asp.


Type_Script

A suspicious fragment in a program written with a scripting language (e.g., JavaScript or Visual Basic Script) was found. This relates to a known security vulnerability. Further information is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms99-002.asp.


JS.ActiveXComponent

A HTML page containing references to a known vulnerability in the Internet Explorer web browser was found. Further information, including a fix, is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms00-075.asp.


HTML.SecurityBreach.2 HTML.SecurityBreach.3

A suspicious reference to a script object has been found. Further information about the vulnerability is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms99-032.asp.


NOTE:

If a legitimate file contains potentially damaging routines or suspicious code, F-Secure products will flag it as Suspicious as a precautionary measure.

Subsequent analysis may then determine the file is in fact a False Alarm, or a False Positive. The relevant detection will then be modified to ensure the issue does not reoccur.

For more information about the latest False Alarms, please see the False Positive description.







Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.