Traces of Malware Left Behind

Traces of Malware Left Behind

By Leo Notenboom

I have two computers: one running Windows XP, SP3 and the other running Windows 7, SP 1. I frequently see the phrase when looking over the internet for advice; “Such and such has left malware traces in the registry”. My questions about this are, are traces dangerous? Is there executable code in these traces? Can my computer get infected or reinfected from these traces?

In this excerpt from Answercast #99 I look at the possible reasons traces of malware could be left on a computer. Don’t panic!

Traces of malware

Well, unfortunately, there really isn’t a definition that’s comprehensive enough; a definition that really makes sure everybody means the same thing when they use the word “traces”.

Generally what it means is that the anti-malware tool that was used to remove a particular piece of malware, didn’t remove everything. In other words, there’s some traces left over. What those traces are, could be just about anything.

Most of the time, they are benign. They are simply a little bit of information that the malware happened to use when it was around. Now that it’s not around anymore? Well, okay, that information may still be there but nobody’s using so it doesn’t really matter.

Triggering false alarms

It’s possible, sometimes that the traces could trigger false alarms from other anti-malware tools.

For example, if anti-malware tool A didn’t do a very good job of removing the malware, and you then ran a scan with tool B it may say, “Hey, I found pieces of this malware around.”

That’s one way that traces can, at least, have an alarming effect, I guess.

The other thing that comes to mind is that traces if they’re in the wrong place, yea, they can cause problems. If what was left behind by an incomplete removal of malware is in fact an instruction to reinstall the malware, yea that can cause problems.

Traces with executable code–Article Continued Here:.

This post is excerpted with permission from Leo Notenboom.

Leo Notenboom

Leo A. Notenboom is the owner of Puget Sound Software, LLC and the Leo in Ask Leo!. Leo has been in the personal computer and software industry since 1979, as a software engineer, a manager of software engineers, and as a consultant. In 1983 Leo joined what was then a medium sized local company called Microsoft and spent the next 18 years in a wide variety of groups working on a wide variety of software. If you're running Microsoft Windows, if you've used a Microsoft development tool or Microsoft Money, or if you've ever purchased a ticket through Expedia, there's a good chance you've been touched by some of his work. And of course, since 2003, Leo has been answering your tech questions on Ask Leo!

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *