Threat Levels

Individual infections in our malware database are presented with a colored bar (), which is filled from left to right, depending on its level of threat.

Our MRC team assigns a threat level to an infection based on the following criteria:

  • Suspicious (): these are files recognized by the Heuristics Engine as highly suspicious because they are packed with the same run-time compression that is commonly used by malware, so they could be threats. Unless you know these files to be legitimate you should quarantine and remove them.
  • Info & PUAs (): these Potentially Unwanted Applications (PUAs) have some characteristics of malware, but possess no known risks to your system. Typical characteristics could include:
    • Displaying low-impact advertisements
    • Partially uninstalling
    • Applications which have been associated with adware or spyware in the past

    Note: Threats of this type will not be blocked by IntelliGuard (Real Time) Protection. They will however be detected during a scan where the user will be given the option to leave them on the system. The user may also select not to have these threats detected in the scan by changing the general settings. (Include 'Information Only' low level Threats in scan results)

  • Low (): typical characteristics could include:
    • Installing components without informing the user
    • Returning non-sensitive data to other servers
    • Displaying nuisance adverts in pop-up windows
  • Medium (): these infections may cause inconvenience and may display misleading information. Typical characteristics could include:
    • Presenting the user with a misleading or incomplete End User License Agreement (EULA) during installation
    • Displaying aggressive advertising in multiple pop-up windows
    • Pretending to uninstall
  • Elevated (): these infections may interfere with the use of your system or may be capable of capturing low-risk data, for example sending web browsing habits to third-parties for targeted advertising. Typical characteristics could include:
    • No EULA displayed during installation
    • Displaying unsolicited advertising
    • Hijacking browser search pages
  • High (): these infections may override user control of your system or pose high security risks such as capturing high-risk data for example, bank account details or passwords for unsolicited third-party use. Typical characteristics could include:
    • Involuntary installation with no user interaction or control
    • Hijacking browser home pages
    • Returning sensitive data to other servers
    • Automatically reinstalling itself following an uninstall
    • Examples of these infections include keyloggers and dialers


On rare occasions, useful software may be categorized as malware, on the basis that it possesses characteristics which we define as malware. For this reason, when you conduct a scan with Spyware Doctor, it is recommended that you review all detected items on your system, before you decide to remove or quarantine them.

Malware is constantly changing and evolving, therefore infection threat levels may be updated without notice at any time.

See our disclaimer for more information

Go to another page: MRC Home, Infection Database, Threat Levels, Glossary, Malware Dispute Form, Submit Spyware