Emsisoft Malware Library

The Emsisoft dual-scanner may detect different types of malicious software on your computer. Each malware name gives information about the nature of the infection via its name prefix. While we do not have specific information about your particular infection, we do have some generic information that may help.

• Adware: a malware that opens alerts, disturbs the user and shows advertising messages, usually with pop-up windows.
• Android: this detection indicates a malicious application for Android devices. Normally, the extension is .apk. This malware can damage your Android device and execute malicious actions.
• Application: refers to potentially unwanted program (PUP). Examples of PUPs include: toolbars, settings modifiers, ad popups, etc. For a complete description, see PUPs.
• Backdoor: a program that allows remote control of an infected computer through the Internet. These programs are not able to duplicate themselves and spread, but they can open ports on the computer where they are executed. Open ports can be used by hackers to access data or programs. Different backdoors have different functions, such as: send and receive files, delete archives, execute payload, or virus management within the infected system.
• Bad Reputation: refers to a program that showed suspicious behavior. The program was looked up in the Emsisoft Anti-Malware Network and the result indicated that the file is most likely malicious.
• BehavesLike: indicates a program that behaves like the family of the malware named. Exhibition of a typical malware behavior allows us to catalogue some malware automatically.
• Dialer: a malicious program that modifies a computer’s Internet connection by changing the telephone number used to connect. Most dangerous for those who use an analog modem and/or ISDN to connect to the Internet. Can also cause a disruption of service for those who use an ADSL connection.
• Dropped: a vector file that installs a virus on a computer. Malware authors often use droppers to protect their viruses from malware detection. “Injector” refers to a dropper that installs a single virus in computer memory.
• Email-Flooder: a program that continuously sends emails. Created to cram the user’s inbox. Can send hundreds/thousands of emails to overfill the incoming email folder of a specific, targeted account.
• Email-Worm: a worm that spreads itself using email. Infects the computer when a malicious email attachment is opened, and then tries to send copies of itself to addresses on the infected user’s contacts list.
• Exploit: malicious code that takes advantage of a real application’s bug or vulnerability. Can be used to execute malicious code. Can grant attacker administrator privileges, which can be used to perform illegal actions.
• Fraudtool: the infamous “rogue-antivirus,” or malware that pretends to be a security solution. After installation, Fraudtools pretend to “detect” a lot of viruses and also “clean” the user’s system, all the while insisting that the user buy a paid version of the product to completely disinfect and/or optimize their computer. In addition to direct fraud, these programs also have adware functionality.
• Generic, Gen: refers to a generic malware detection. Can be detected by signature definitions or heuristics.
• HackTool: may refer to tools that are used to hack applications (used in piracy).
• Heuristic: a detection made by a heuristic engine. This means that the detection is based on the analysis of the file’s code. Heuristic detections are not in a database, but have malicious characteristics and are therefore considered dangerous to the computer.
• Hijacker: a malicious program that is usually called by Active-X controllers. Infects the computer, infects the web browser, and changes security parameters and default settings all at once.
• Java: a malware object executed exclusively by the Java platform.
• Joke: a program designed to annoy the user. Not dangerous to the system, but can create confusion and has fun joking around with the user in many ways.
• Keylogger: functionality varies between keyloggers, but they are typically associated with recording everything that is typed on a keyboard and/or everything that occurs in a desktop session. Typed words pass from the keyboard to the computer; during this passage a keylogger filters words, searching for sensitive information, and then it records and transmits that information to a crime network.
• LSP: Stands for Layer Service Provider. Libraries that are attached to WinSockTCP/IP functions. They are able to analyze the Internet traffic of an infected computer.
• Malware: a generic term used to define a malicious computer program, including a virus, adware, backdoor, dialer, spyware, Trojan and worm, among others.
• PUP: a potentially unwanted program. Not malware and not dangerous to the computer, but often quite annoying. Displays ads, warnings and other fake messages. Has little to no use and wastes space on the computer. Details.
• Ransomware: a type of malware that either encrypts your files (cryptomalware) or blocks you from using your computer (screen lockers), and demands a hefty ransom to restore access to your system.
• Riskware: a legitimate program that can cause problems if it is used by hackers to delete, block, modify or copy data. Creates performance problems on infected machines.
• Rogue: a fake security program, also known as “scareware.” Pretends to be a useful security program, but in reality offers limited protection or no protection at all. Generates fake warnings and attempts to lure users into fraudulent transactions.
• Rootkit: a type of software (often, malicious), that enables a level of access that would not otherwise be allowed. Rootkits are mainly used to hide Backdoors or other malicious code.
• Script: a file executed by other platforms. Scripts use another program to execute themselves and can perform various malicious actions.
• Setting: not a type of malware, but instead an incorrect system setting. Emsisoft detected this setting because it is not in the default position. Most likely, malware has tampered with and changed the setting. Emsisoft will restore the setting to its correct position.
• Spyware: a malicious program that can secretly track computer activity. Sends recorded information to its criminal author.
• Trace: a type of detection used only in on-demand scans to ensure all malware remnants are removed.
• Trojan: a program that intentionally hides its true, malicious actions from the user and also attempts to fool the user into thinking that it is performing legitimate functions.
• Virtool: a program used by hackers to create malware and malicious code. Not dangerous in itself, but does produce many different types of malware.
• Virus: a malicious program, or part of a program, that infects files rather than creating new files. It inserts a piece of its own code into existing files, whereas most other malware creates an entirely new file.
• Worm: an independent program that tries to infect computers by spreading through a network, removable media or by sending e-mails that contain attached copies of itself or other malicious code.