The file appears to be suspicious, is potentially undesirable, or may be structured in a way or has characteristics that resembles known malware. This may indicate the presence of a malware infection, or that the suspect file is malicious.
Flagged as Suspicious
If a legitimate file contains potentially damaging routines or suspicious code, F-Secure security products will flag it as Suspicious as a precautionary measure. Once detected, the F-Secure security product may either automatically disinfect the suspect file or prompt the user to select a desired action. For more information, see: Support Community article: Automatic actions for viruses also used for suspicious items.
If in doubt, or in cases where a legitimate file is suspected to contain malicious code, please send a sample to F-Secure Security Labs via the Submit A Sample (SAS) page for analysis. In some cases, subsequent analysis may determine the file is a False Alarm or False Positive. The relevant detection will then be modified to ensure the issue does not reoccur.
F-Secure security programs include heuristic engines that perform extended file analysis during a system scan in order to identify suspicious, malware-like code or potentially harmful routines. Actual detection names used by the heuristic engines may vary, and include:
Possibly Infected With an Unknown Virus, Saattaa olla tuntemattoman viruksen saastuttama, Possibly a mass mailing worm, Virus-like code found by heuristics, Deepscan:generic.malware, Gen:Heur, Possibly Destructive Program, New or Modified Variant Of, Viruses cannot be disinfected unless they are identified
The suspect file found on the computer system showed malicious/potentially damaging routines or characteristics.
The suspect file contains trojan-like code or behavior.
After a suspect file has been emulated in a 'virtual' environment, the virtual memory is examined for malware.
Possible misdisinfected virus
The suspect document or a workbook may contain an incompletely disinfected virus.
Suspicious Win32 PE
A Windows program file contains suspicious code; this may be either a unknown virus or simply virus-like code. Please send a sample to F-Secure Labs for analysis.
The suspect file contains virus-like code resembling a COM file infector virus.
The suspect file contains contains virus-like code resembling a memory resident COM file infector virus.
The suspect file contains contains virus-like code resembling an EXE file infector virus.
The suspect file contains contains virus-like code resembling a memory-resident EXE file infector virus.
The suspect file contains contains virus-like code resembling a file infector virus that may affect COM and EXE files.
The suspect file contains contains virus-like code resembling a memory-resident file infector virus that may affect both/either COM and EXE files.
The suspect file contains contains virus-like code resembling a BOOT sector infector virus. .
Found trojan-like code in file or boot record.
Found virus-like code resembling a Windows 95/98/NT EXE file infector virus.
A Microsoft Excel sheet containing a 'CALL' instruction was found. This relates to a known security vulnerability. Further information is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms98-018.asp.
A Microsoft Word document containing a reference to a remote template (i.e., not in the local machine) was found. This relates to a known security vulnerability. Further information is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms99-002.asp.
A HTML page containing references to a known vulnerability in the Internet Explorer web browser was found. Further information, including a fix, is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms00-075.asp.
A suspicious reference to a script object has been found. Further information about the vulnerability is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms99-032.asp.