1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Threats
  3. Virus and threat descriptions
  4. Heuristic detection

Heuristic detection

Detection Names : Gen:Trojan.Heur, Gen:Heur, Could be infected with an unknown virus, Memscan:trojan
Category:Malware
Type:Other
Platform:W32

Summary

The file appears to be suspicious, is potentially undesirable, or may be structured in a way or has characteristics that resembles known malware. This may indicate the presence of a malware infection, or that the suspect file is malicious.

Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.

Additional Details

F-Secure security programs include heuristic engines that perform extended file analysis during a system scan in order to identify suspicious, malware-like code or potentially harmful routines. For more information about heuristics, please see Terminology: Heuristic Analysis.

Once found, the program may either automatically disinfect the suspect file, or prompt the user for their desired action. If in doubt, or in cases where a legitimate file is suspected to contain malicious code, please send a sample to F-Secure Security Labs via the Sample Analysis System for analysis.

Actual detection names used by the heuristic engines may vary, and include:

  • Possibly Infected With an Unknown Virus / Saattaa olla tuntemattoman viruksen saastuttama
    Possibly a mass mailing worm
    Virus-like code found by heuristics
    Deepscan:generic.malware
    Gen:Heur
    Possibly Destructive Program
    New or Modified Variant Of
    Viruses cannot be disinfected unless they are identified
    The suspect file found on the computer system showed malicious/potentially damaging routines or characteristics.

  • Gen:Trojan.Heur
    The suspect file contains trojan-like code or behavior.

  • Memscan:
    After a suspect file has been emulated in a 'virtual' environment, the virtual memory is examined for malware.

  • Possible misdisinfected virus
    The suspect document or a workbook may contain an incompletely disinfected virus.

  • Suspicious Win32 PE
    A Windows program file contains suspicious code; this may be either a unknown virus or simply virus-like code. Please send a sample to F-Secure Labs for analysis.

  • Type_Com
    The suspect file contains virus-like code resembling a COM file infector virus. For more information about file infector viruses, please see Terminology: File Virus.

  • Type_ComTSR
    The suspect file contains contains virus-like code resembling a memory resident COM file infector virus. For more information about file infector viruses, please see Terminology: File Virus.

  • Type_Exe
    The suspect file contains contains virus-like code resembling an EXE file infector virus. For more information about file infector viruses, please see Terminology: File Virus.

  • Type_ExeTSR
    The suspect file contains contains virus-like code resembling a memory-resident EXE file infector virus. For more information about file infector viruses, please see Terminology: File Virus.

  • Type_ComExe
    The suspect file contains contains virus-like code resembling a file infector virus that may affect COM and EXE files. For more information about file infector viruses, please see Terminology: File Virus.

  • Type_ComExeTSR
    The suspect file contains contains virus-like code resembling a memory-resident file infector virus that may affect both/either COM and EXE files. For more information about file infector viruses, please see Terminology: File Virus.

  • Type_Boot
    The suspect file contains contains virus-like code resembling a BOOT sector infector virus. For more information about file infector viruses, please see Terminology: Boot Virus.

  • Type_Trojan
    Found trojan-like code in file or boot record. For more information about trojans, please see Terminology: Trojan.

  • Type_Win32
    Found virus-like code resembling a Windows 95/98/NT EXE file infector virus. For more information about infector viruses, please see Terminology: File Virus.

  • Type_Formula
    A Microsoft Excel sheet containing a 'CALL' instruction was found. This relates to a known security vulnerability. Further information is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms98-018.asp.

  • Type_RemoteTemplate
    A Microsoft Word document containing a reference to a remote template (i.e., not in the local machine) was found. This relates to a known security vulnerability. Further information is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms99-002.asp.

  • Type_Script
    A suspicious fragment in a program written with a scripting language (e.g., JavaScript or Visual Basic Script) was found. This relates to a known security vulnerability. Further information is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms99-002.asp.

  • JS.ActiveXComponent
    A HTML page containing references to a known vulnerability in the Internet Explorer web browser was found. Further information, including a fix, is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms00-075.asp.

  • HTML.SecurityBreach.2
    HTML.SecurityBreach.3
    A suspicious reference to a script object has been found. Further information about the vulnerability is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms99-032.asp.


NOTE:
If a legitimate file contains potentially damaging routines or suspicious code, F-Secure products will flag it as Suspicious as a precautionary measure. Subsequent analysis may then determine the file is in fact a False Alarm, or a False Positive. The relevant detection will then be modified to ensure the issue does not reoccur.

For more information about the latest False Alarms, please see the False Positive description.