There is no such thing as a heuristic virus. This happens when detection is accomplished through heuristics​ analysis​. Antivirus programs usually compare your files against a database of known viruses. When they fail to remove a ​culprit program​, they mark it as suspicious malware.​ ​Then the heuristic analysis is used to clean that ​malware. Such a virus that is identified, detected, and removed by the heuristic method is called Heuristic Virus. It cannot identify it as a specific virus. It doesn’t even know that it is a virus but it looks like one so it identifies it as a heuristic virus

Why we name heuristic viruses?

What may be referred to as a “heuristic virus” is the detection of possible malware, trojans, or other threats. This preliminary warning may appear in a scan as “HEUR” and should be considered suspect code to further inspect. Heuristic analysis can detect potential viruses without needing to specifically identify them​. While the term heuristic virus can be referred to as the method in which malicious code is detected, it’s better suited to describe the specific virus, ‘Heur’ detections could very well be a virus, a Trojan, Spyware, Adware or some other kind of unwanted application.

Classification of Heuristic Virus

When an object is detected by ​the heuristic analysis module, the name of the object begins with the “HEUR:” prefix.”Heur” means a “heuristic” virus detection
​Heur objects so identified can be classified as Heur.Invader​-They attempt to adjust the Windows registry keys, and could generate additional malware onto the infiltrated system.​A​ malware designed to change system settings, that is corrupt files re-opens after been erased, Modify browser start page, search page, and error page, Missing registry files, Annoying Pop-Up Advertisement, Changes in Internet Settings and so on.


We can sub-divide these objects identified by heuristic analysis into following:


1.HEUR: Worm​-​They run a search on remote computers and attempt to copy themselves to read/write accessible directories, search accessible network directories using operating system functions, and/or conducts a random search for computers.​
2.HEUR: Virus​-​They create copies of themselves on the local resources of the victim computer.
3.HEUR: Email​-​​​ They attempt to send copies of themselves in the form of an email attachment, or as a link to their own files located on a network resource.​
4.HEUR: Trojan​- They delete, block, modify, or copy information, and disrupt the performance of computers or computer networks.
5.HEUR: Backdoor​- They enable a malicious user to remotely control the victim computer.​​
6.HEUR: Adware​​- They redirect search requests.

What is Heuristic Analysis?

Heuristic analysis is a method for identifying a virus. Basically it looks at the file and the antivirus program says this looks like a virus. A heuristic is a method that lets a computer program “guess” about the unknown ​viruses. You give the computer a bunch of rules about what makes something look like a virus and when it sees a program that does similar things, it gets flagged as questionable. A heuristic virus is an extension ​of the antivirus. It cannot identify it as a specific virus. It doesn’t even know that it is a virus but it looks like one so it identifies it as a heuristic virus.

In order to prevent malware from infiltrating your system, there are a number of steps one can take, which includes the following:

1. Install a comprehensive anti-spyware product
2. Update your anti-spyware software definitions
3. Perform Windows security updates
4. Scan your system regularly for spyware