Threat Description

Generic Detection

Details

Aliases: Generic.malware.[variant],, Generic.[variant], , gen:win32.malware.[variant], , Gen:variant.[variant]
Category: Malware
Type: Other
Platform: W32

Summary



A Generic Detection for programs with features or behaviors indicative of known malicious threats, such as trojans, worms or viruses.



Removal



Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details



A detection name that uses the format "Generic.malware.[variant]", or similar, is a Generic Detection that is triggered if the suspect file appears to be suspicious, potentially undesirable, or has characteristics that resemble known malware. This may indicate the presence of a malware infection, or that the suspect file is malicious.

Once found, either the suspect file will be automatically disinfected or the user will be prompted to select a desired action.

Possible False Alarms (FAs)

Occassionally, a legitimate program or file containing code sufficiently similar to a known malware signature will inadvertently trigger a false alarm.

For example, 'tmp.edb' and other '.edb' files stored at the location 'C:\WINDOWS\SoftwareDistribution\DataStore\Logs\' may be unintentionally detected as malicious by various security programs.

If the suspect file is known to be legitimate, it may be excluded from scanning with the following instructions:

Microsoft also provides enterprise-level instructions for excluding the file in question from scanning by antivirus software:

Note

If in doubt, or in cases where a legitimate file is suspected to contain malicious code, please send a sample to F-Secure Security Labs via the Sample Analysis System (SAS) for analysis. You may want to refer to the following Support articles for more details:

Or Contact Support for further assistance.

About Generic Detections

Generic Detections are a type of sophisticated detection used by antivirus programs to identify files with malicious characteristics.

Unlike more traditional detections (also known as signatures or single-file detections) a Generic Detection does not identify a unique or individual malicious program. Instead, a Generic Detection looks for broadly applicable code or behavior characteristics that indicate a file as potentially malicious, so that a single Generic Detection can efficiently identify dozens, or even hundreds of malware.

Generic Detections can be used to identify particular types of malware, based on general physical or behavioral characteristics:

In this case, the Generic Detection does not generally specify which family the malware belongs to.

Alternatively, a Generic Detection can be targeted to identify particular malware families, based on familial similarities:






SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More