Threat Description

Worm (Generic)


Category: Malware
Type: Worm
Platform: W32
Aliases: Worm.Generic.[variant], gen:worm.[variant]


A Generic Detection of a file that appears to have worm-like features or behavior.


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More scanning & removal options

More information on scanning or removal options is available in the documentation for your F-Secure security product on the Downloads section of our Home - Global site.

Contact Support

For further assistance, F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for more assistance.

Suspect a file is malicious?

If in doubt, or in cases where a legitimate file is suspected to contain malicious code, please send a sample to F-Secure Security Labs via the Sample Analysis System (SAS) for analysis. You may want to refer to the following Support articles for more details:

Or Contact Support for further assistance.

Suspect a False Alarm (FA)?

Occassionally, a legitimate program or file containing code sufficiently similar to a known malware signature will inadvertently trigger a False Alarm or False Positive.

For example, 'tmp.edb' and other '.edb' files stored at the location 'C:\WINDOWS\SoftwareDistribution\DataStore\Logs\' may be unintentionally detected as malicious by various security programs.

If the suspect file is known to be legitimate, it may be excluded from scanning with the following instructions:

Microsoft also provides enterprise-level instructions for excluding the file in question from scanning by antivirus software:

Technical Details

A worm is a standalone malicious program which uses computer or network resources to make complete copies of itself. It

This type of parasitic program is capable of replicating by sending copies of itself to new hosts (computers, servers, mobile devices, etc) over a network and other transferable media. There are numerous worm sub-types, which are defined by the platform or medium in which they propagate.

A worm that is identified by a detection using the format 'worm.gen.[variant]' indicates that the program was identified by a Generic Detection.

Unlike single-file detections which identify unique files, a Generic Detection looks for broadly applicable code or behavior characteristics to evaluate a file's potential for causing harm; a single Generic Detection can therefore efficiently identify dozens, or even hundreds of malware.


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More