1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Threats
  3. Virus and threat descriptions
  4. Suspicious:W32/Malware.variant!Online

Suspicious:W32/Malware.variant!Online

Category:Malware
Type:Suspicious
Platform:W32

Summary

Suspicious:W32/Malware.variant!Online is a detection from F-Secure's in-the-cloud reputation service that indicates the presence of malware-like characteristics or behavior.

Disinfection

Unquarantine

A file detected as Suspicious may be Quarantined as a precautionary measure. If you are certain the quarantined file is safe, you may elect to unquarantine the file by following the steps below:

Note: You must have administrative access to perform an unquarantine.

  • In the F-Secure antivirus program, go to Tasks
  • Select 'Restore a removed file or program'.
  • Select the file you wish to restore.
  • Click 'Restore'.

Manual Unquarantine

Under certain circumstances, you may also manually unquarantine the file using the instructions available in:


Suspect A False Positive?

It is possible that a heuristic detection can inadvertently cause a False Positive. If you suspect this to be the case, please first ensure your F-Secure security program is completely up-to-date with the latest detection database updates, then rescan the suspect file.

If you continue to suspect a False Positive (or alternatively, a file identified as Clean should have been marked as malicious) you can submit a sample of the suspect file to our Security Labs for further analysis via:

Additional Details

This detection indicates the suspect file has been analyzed by F-Secure's Real Time Protection Network and found to display malware-like characteristics or behavior. The suspect file has therefore been quarantined as a precautionary measure.


About the Real Time Protection Network

The Real Time Protection Network is an 'in-the-cloud' reputation service used to determine the categorization of suspect files as 'safe' or 'harmful' programs.

This reputation-based analysis provides an important additional layer of security and is used to complement signature-based analysis (signature and generic detections) and local behavioral analysis (heuristic detections), to provide comprehensive protection.


How It Works

This service does not use traditional antivirus databases; instead, it depends on F-Secure's in-house web and file reputation databases, which maintain an up-to-date listing of both trusted programs and websites, as well as known bad ones.

When the antivirus program encounters a suspect file, a real-time query is made over the Internet to the Protection Network's servers to retrieve any existing reputation scores.

Based on the available repuation data (and if necessary, further analysis), the antivirus program may then quarantine the suspect file, block it or allow it to proceed.


Note

Detections from the Real Time Protection Network use the following format:

  • Suspicious:W32/Malware.variant!Online

Where variant is a random alphanumeric string, such as 34ed04 or dd9c57.