Worm

Threat description

Details

CATEGORYMalware
TYPEWorm

Summary

A program which uses computer or network resources to make complete copies of itself.

Removal

Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.

Security programs will sometimes unintentionally identify a clean program or file as malicious if its code or behavior is similar to a known harmful program or file. This is known as a False Alarm or False Positive (FP).

For example, 'tmp.edb' and other '.edb' files stored at the location 'C:\WINDOWS\SoftwareDistribution\DataStore\Logs\' may be unintentionally detected as malicious by various security programs.

Checking for a fix

In most cases, a False Positive is fixed in a subsequent database release; updating your F-Secure security product to use the latest database is enough to resolve the issue. If you suspect a detected file may be a False Positive, you can check by first updating your F-Secure security product to use the latest detection database updates, then rescanning the suspect file.

Send a sample to F-Secure Labs

After checking, if you believe the file or program is still incorrectly detected, you can submit a sample of it to F-Secure Labs for analysis and correction:

Exclude a known safe file from further scanning

If you are positive that the suspect file is safe and you want to continue using it, you can exclude it from further scanning by the F-Secure security product:

You may also refer to the Knowledge Base on the F-Secure Community site for more assistance.

Also

Microsoft provides enterprise-level instructions for excluding files from scanning by antivirus software:

Technical Details

A worm is a parasitic program capable of replicating by sending copies of itself to new hosts (computers, servers, mobile devices, etc) over a network and other transferable media.

At one time, worms were considered more of a nuisance than a threat, but today it has become increasingly common among malware authors to create malicious, complex worms that can perform malicious activities such as data-stealing or launching Denial of Service (DoS) attacks. Worms may now also be used to deliver other threats, such as viruses or trojans.

There are multiple worm sub-types, which are defined by the platform or medium they use to spread:

  • An Email-Worm will spread copies of itself using e-mail messages
  • An IRC-Worm spreads through Internet Relay Chat (IRC) channels
  • An SMS-Worm multiplies using the Short Message System (SMS) of telecommunications networks.

Description Created: 2009-07-08 11:59:43.0

Description Last Modified: 2010-08-11 12:31:13.0

Submit a Sample

Suspect a file or URL was wrongly detected? Send it to our Labs for further analysis

Submit a Sample

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

More Info