Home / malware Other:W32/Heuristic
First posted on 27 April 2010.
Source: SecurityHomeAliases :
There are no other names known for Other:W32/Heuristic.
Explanation :
The file appears to be suspicious, is potentially undesirable, or may be structured in a way or has characteristics that resembles known malware. This may indicate the presence of a malware infection, or that the suspect file is malicious.
Additional Details F-Secure security programs include heuristic engines that perform extended file analysis during a system scan in order to identify suspicious, malware-like code or potentially harmful routines. For more information about heuristics, please see Encyclopedia: Heuristic Analysis.
Once found, the program may either automatically disinfect the suspect file, or prompt the user for their desired action. If in doubt, or in cases where a legitimate file is suspected to contain malicious code, please send a sample to F-Secure Security Labs via the Sample Analysis System for analysis.
Actual detection names used by the heuristic engines may vary, and include:
€ Possibly Infected With an Unknown Virus
Virus-like code found by heuristics
Deepscan:generic.malware
Gen:Heur
Possibly Destructive Program
New or Modified Variant Of
Viruses cannot be disinfected unless they are identified
Saattaa olla tuntemattoman viruksen saastuttama
The suspect file found on the computer system showed malicious/potentially damaging routines or characteristics.
€ Gen:Trojan.Heur
The suspect file contains trojan-like code or behavior.
€ Possible misdisinfected virus
The suspect document or a workbook may contain an incompletely disinfected virus.
€ Suspicious Win32 PE
A Windows program file contains suspicious code; this may be either a unknown virus or simply virus-like code.
Please send a sample to F-Secure Security Labs for analysis.
€ Type_Com
The suspect file contains virus-like code resembling a COM file infector virus.
For more information about file infector viruses, please see Encyclopedia: File Virus.
€ Type_ComTSR
The suspect file contains contains virus-like code resembling a memory resident COM file infector virus.
For more information about file infector viruses, please see Encyclopedia: File Virus.
€ Type_Exe
The suspect file contains contains virus-like code resembling an EXE file infector virus.
For more information about file infector viruses, please see Encyclopedia: File Virus.
€ Type_ExeTSR
The suspect file contains contains virus-like code resembling a memory-resident EXE file infector virus.
For more information about file infector viruses, please see Encyclopedia: File Virus.
€ Type_ComExe
The suspect file contains contains virus-like code resembling a file infector virus that may affect COM and EXE files.
For more information about file infector viruses, please see Encyclopedia: File Virus.
€ Type_ComExeTSR
The suspect file contains contains virus-like code resembling a memory-resident file infector virus that may affect
both/either COM and EXE files. For more information about file infector viruses, please see Encyclopedia: File Virus.
€ Type_Boot
The suspect file contains contains virus-like code resembling a BOOT sector infector virus.
For more information about boot viruses, please see Encyclopedia: Boot Virus.
€ Type_Trojan
Found trojan-like code in file or boot record. For more information about trojans, please see Encyclopedia: Trojan.
€ Type_Win32
Found virus-like code resembling a Windows 95/98/NT EXE file infector virus.
For more information about file infector viruses, please see Encyclopedia: File Virus.
€ Type_Formula
A Microsoft Excel sheet containing a 'CALL' instruction was found. This relates to a known security vulnerability.
Further information is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms98-018.asp.
€ Type_RemoteTemplate
A Microsoft Word document containing a reference to a remote template (i.e., not in the local machine) was found.
This relates to a known security vulnerability. Further information is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms99-002.asp.
€ Type_Script
A suspicious fragment in a program written with a scripting language (e.g., JavaScript or Visual Basic Script) was found.
€ JS.ActiveXComponent
A HTML page containing references to a known vulnerability in the Internet Explorer web browser was found.
Further information, including a fix, is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms00-075.asp.
€ HTML.SecurityBreach.2
HTML.SecurityBreach.3
A suspicious reference to a scriptlet.typelib object has been found. Further information about the vulnernability is
available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms99-032.asp.
Note
If a legitimate file contains potentially damaging routines or suspicious code, F-Secure products will flag it as Suspicious as a precautionary measure. Subsequent analysis may then determine the file is in fact a False Alarm, or a False Positive. The relevant detection will then be modified to ensure the issue does not reoccur.
For more information about the latest False Alarms, please see the Other:W32/False Positive description.Last update 27 April 2010
