Home > Threat descriptions >

Suspicious:W32/Malware!Gemini

Classification

Category: Malware

Type: Suspicious

Aliases: Suspicious:W32/Malware!Gemini

Summary


The file appears to be performing suspicious or potentially undesirable actions on the system. This may potentially indicate the presence of a malware infection, or that the suspect file is malicious.

Removal


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


Suspicious:W32/Malware!Gemini is a heuristic detection which may be triggered by a file that behaves in a suspicious manner. This detection may be seen in a variety of channels:

  1. From an F-Secure antivirus product that has the "advanced heuristics option" enabled
  2. From an F-Secure product with the DeepGuard feature enabled
  3. From the Virustotal website

Note: Proactive behavioral analysis may lead to a compatibility issue that causes copy-protected applications to fail to start or crash. For more information, see:

1. From an F-Secure product that has the "advanced heuristics option" enabled

Heurisic analysis technology is available as a feature in F-Secure's Antivirus and Internet Security products. The Suspicious:W32/Malware!Gemini detection may be generated when a manual scan is performed with the Advanced Heuristics feature is enabled.

Please note however that the Advanced Heuristics feature is optional and is disabled in our products by default. The feature can be enabled in the Settings menu.

Use of this feature may be more appropriate for more advanced users. It may also be automatically enabled by some ISPs.

Note: False Positive on a legitimate file

Heuristic analysis may sometimes generate a false positive on a legitimate file. If the user is confident a flagged file is safe, it is possible to avoid generating a false positive on the file by disabling the Advance Heuristics feature while performing a manual scan.

Solution: Disregard a False Positive by Temporarily Disabling Advanced Heuristics
  • In the product, go to Settings
  • Go to Computer, and select Manual scanning
  • Uncheck the 'Use advanced heuristics (slower)' option
  • Click 'OK'.
Further action: Submit a sample

You can submit a file you suspect is a False Positive (FP) for further analysis via Labs: Submit A Sample.

  • In the product, go to Settings
  • Go to Computer, and select Manual scanning
  • Uncheck the 'Use advanced heuristics (slower)' option
  • Click 'OK'.
Further action: Submit a sample

You can submit a file you suspect is a False Positive (FP) for further analysis via Labs: Submit A Sample.

2. From an F-Secure product with the DeepGuard feature enabled

DeepGuard runs in the background while the user is working and constantly checks the processes running to ensure no malicious activity is taking place.

If an application process does behave suspiciously, DeepGuard will display a message notifying the user about the suspect activity and asking if it should be allowed to proceed. If the activity is considered may be significantly damaging, DeepGuard may block the activity altogether, unless the user authorizes its to proceed.

DeepGuard is a Host-based Intrusion-Prevention System (HIPS) feature included in various F-Secure products. DeepGuard also uses a form of heuristics analysis and is enabled by default.

Solution 1 : Whitelist a Known, Legitimate Program or Process

If the user is certain the application or process is desired and non-malicious, they can configure DeepGuard to 'whitelist' the application or process,. Doing so will allow the application/process to run as per normal.

To whitelist an application or process:

  • In the product, go to Settings
  • Go to Computer, and select DeepGuard
  • Click the link'Open list of monitored programs'
  • Find the application in question and set the entry to 'Allow'
  • Click 'OK'.
  • In the product, go to Settings
  • Go to Security settings, and select DeepGuard
  • Click the link 'Change application permissions'
  • Find the application in question and set the entry to 'Allow'
  • Click 'OK'.
Solution 2 : Temporarily Disable DeepGuard (not recommended)

To continue using an application or process deemed suspicious, the user can also temporarily disable the DeepGuard entirely:

  • In the product, go to Settings
  • Go to Security settings, and select DeepGuard
  • Move the slider to turn off DeepGuard
  • Click 'OK'.
Further action: Submit a sample

You can submit a file you suspect is a False Positive (FP) for further analysis via Labs: Submit A Sample.

  • In the product, go to Settings
  • Go to Computer, and select DeepGuard
  • Uncheckthe 'Turn on DeepGuard' option
  • Click 'OK'.
Further action: Submit a sample

You can submit a file you suspect is a False Positive (FP) for further analysis via Labs: Submit A Sample.

3. From the Virustotal Website

This detection can also be seen from the DeepGuard scanning engine used by Virustotal, a website to which files may be submitted for scanning by multiple antivirus engines.

From Virustotal's website:

Virustotal.com is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines.

The detection of Suspicious:W32/Malware!Gemini by Virustotal's scan is equivalent to an automatic block by DeepGuard.

Possible Compatibility Issues

If a copy-protected application fails to start or crashes while DeepGuard is enabled, this may be due to a compatibility issue.

To continue using this application, it is advisable to temporarily disable the Advanced Process Monitoring component of the DeepGuard feature:

  • In the product, go to Settings
  • Go to Security setting, and select DeepGuard
  • Check the 'Use the compatibility mode (lowers security)' option
  • Click 'OK'.

A sample of the file involved in the compatibility issue may also be submitted for further analysis via Labs: Submit A Sample. When submitting the file, please provide a brief description of the problem.

  • In the product, go to Settings
  • Go to Computer, and select DeepGuard
  • Uncheck the 'Use advanced process monitoring' option
  • Click 'OK'.

A sample of the file involved in the compatibility issue may also be submitted for further analysis via Labs: Submit A Sample. When submitting the file, please provide a brief description of the problem.

Date Created: -

Date Last Modified: -