Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

What is a heuristic virus? Find out how to detect one

Found using heuristics, heuristic viruses can install malicious programs on your device, change antivirus settings, and disable antivirus software. Here’s everything you need to know about heuristic viruses and how to detect them.

Zen Bahar

Zen Bahar

What is a heuristic virus? Find out how to detect one

What is a heuristic virus?

Have you ever received a notification saying that a heuristic virus has been found? Don’t panic. A virus is only called “heuristic” due to the way it's discovered by antivirus software. The term heuristic is derived from the Greek word “heurisko,” which means to “find out” or “discover.”

Technical details of a heuristic virus

Older versions of antivirus software used “signature detection” to detect viruses, comparing computer code against a list of known viruses to check whether it’s a virus or not. As you can imagine, signature detection is limited to viruses that are already known.

Heuristic virus detection identifies viruses by checking files and code behaving suspiciously. It then flags them as potentially dangerous in three separate stages: dynamic scanning, file analysis, and multicriteria analysis (MCA).

3 stages of detection

What is heuristic virus detection?

Heuristic viruses are called “heuristic” due to the way that they’re detected. Using heuristic analysis, your antivirus software identifies this type of virus by examining code for suspicious properties. Most antivirus tools use heuristic analysis, making it easier to detect new threats before they wreak havoc on your device.

Types of heuristic virus

Common heuristic viruses include:

  • Win32Heur – a Trojan virus
  • HEUR/QVM06.1.0000.Malware.Gen – a Trojan virus
  • Pup.Adware.Heuristics – Adware, usually identified as a “potentially unwanted program.”

The history of heuristic detection and heuristic viruses

Heuristics for software were developed as early as 1990 by Jakob Nielsen and Rolf Molich. Nielsen’s heuristic evaluation championed user friendliness, abandoning computer lingo for everyday language to help the user identify problems with software.

Today, antivirus software is an essential tool. With 560,000 new pieces of malware detected every day, now more than one billion malware programs exist, with trojans accounting for 58% of all computer malware.

Biggest heuristic virus attacks

Since trojans can hide as code within files on your computer and take control of your device, they’re often detected heuristically, so they’re considered a heuristic virus.

In the biggest heuristic virus attacks:

  • The Emotet trojan cost the Chilean bank Consorcio $2 million in 2018.
  • In 2007, the Zeus trojan cost Amazon, Cisco, and the Bank of America more than $100 million.
  • Trojans have ransacked some of the most formidable companies, including Microsoft and Google, so no one is immune to these nasty pieces of malware.

What is Heur malware?

There does happen to be a form of malware called Heur.Invader, which is nicknamed “The Heuristic Virus.” Heur.Invader malware is notorious for attacking your antivirus software, changing settings, and disabling security software.

How does the heuristic virus work?

Certain viruses hide in files on your device, files that you accidentally downloaded, or files were tricked into downloading via phishing emails, for instance. Luckily there’s an easy way to scan for heuristic viruses. To get rid of Heur.Invader malware or any other kind of heuristic virus, follow these three steps.

How to identify and remove a heuristic virus

    1. Launch your device in safe mode. (See below for “how to enable safe mode”).
    2. Using your antivirus software, run an antivirus scan.
    3. Your antivirus software will flag certain files behaving suspiciously. Before you delete them, inspect each one yourself to make sure you don’t delete false positives.

How to enable safe mode

Safe mode disables all non-essential programs and most known malware, making it easier to detect malware that's camouflaged or disrupting the antivirus scan.

To enable safe mode on a PC:

    1. Restart your PC.
    2. When the sign in screen appears, press the “Shift” key, select “Power,” then click “Restart.” Your PC will now restart.
    3. When prompted to “Choose an option.” Select “Troubleshoot” then “Advanced Options” then “Startup Settings.”
    4. Once the next window loads, click “Restart” and wait.
    5. When the startup options menu appears, select number 4 or F4 to load your PC in safe mode.

How to tell if your computer is infected with heuristic malware

    1. Annoying pop-ups: Look out for annoying ads that are constantly popping up on your device. Relentless pop-up ads could be a sign of malware, adware, or spyware.
    2. Your device has turned into a slug: If your device suddenly becomes painfully slow, it could be a sign that malware is eating up a big chunk of your computer’s processing power.
    3. Crashes: Unless your device is ancient or has a tiny CPU or low RAM, crashes shouldn’t really happen. So take notice if your device is randomly shutting itself down when you’re performing the lightest of tasks. Crashes can be a sign of malware consuming massive amounts of your processing power.
    4. You can’t access the control panel: Certain viruses can disable and modify your security settings, so if you’re suddenly locked out of the control panel, it could be a sign that malware has taken over your device.
    5. Your amount of online traffic rapidly increases: The amount of internet traffic coming from your device should be relative to what you’re doing online. So if you’re watching a movie and you notice massive amounts of traffic coming from your device, you could be infected with a botnet.

How to prevent a heuristic virus

1. Click with caution

Hackers trick you into clicking legitimate-looking links that could download malware onto your device. Double check the spelling of the site name and the URL to make sure you haven’t been directed to a suspicious website. Better yet, use NordVPN. It includes Threat Protection which when enabled, blocks suspicious sites known for hosting malware.

2. Don’t ignore updates

When you’re notified to update your software on your laptop, smartphone, tablet, or PC, never ignore the message. These updates containcybersecurity improvements that fix security weaknesses and help keep your devices free from malware and bugs.

3. Keep scanning for viruses

Make sure you frequently run antivirus scans to nip any hidden viruses in the bud. It's also best to enable heuristic analysis on your antivirus software – most antivirus tools offer a heuristic analysis feature so you can weed out hidden malware that might be camouflaged.

You should also try NordVPN's new Threat Protection feature that identifies malicious files, blocks trackers, dodgy websites and ads. It can also neutralize cyber threats before they land on your device.

Online security starts with a click.

Stay safe with the world’s leading VPN


Zen Bahar
Zen Bahar Zen Bahar
Zen likes to use her cybersecurity knowledge to help protect the privacy and freedom of others, otherwise, you can find her playing with paints in her studio in London.