Windows 2000, Windows XP, Windows Server 2003


  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes


This is the Trend Micro detection for possibly malicious executable files that are compressed using Win32 compression tools. This proactive detection also includes appending viruses found in the wild.

It is a heuristic detection based on well-established characteristics inherent to compressed malware. To keep customers a step ahead from possible malware infections, all executable files found in the system that match established characteristics are immediately detected.

If your Trend Micro product detects a file under this detection name, do not execute the file. Delete it immediately especially if it came from an untrusted or an unknown source (e.g., a Web site of doubtful nature). However, if you have reason to believe that the detected file is non-malicious, you can submit a sample for analysis. Detailed analysis will be done on submitted samples, and corresponding removal instructions will be provided, if necessary.


Minimum Scan Engine: 9.200


Sample files for submission must be in ZIP format and should be password-protected. To submit a ZIP file, file compression software such as Winzip must be used. A trial version of Winzip is available at

To compress a file, please follow the steps below:

  1. Right-click on the file and select Add to Zip.
  2. Enter a file name for the zip file.
  3. On the Options menu, choose Encrpyt. In the input box, type virus. This serves as the password for the zip file.
  4. Send the sample through the following channels:
    • For Trend Micro Premium customers, please submit a virus support case by clicking here:
    • For Trend Micro non-Premium customers, please contact your local support network here:

Did this description help? Tell us how we did.