Traces of Malware Left Behind
By Leo Notenboom
I have two computers: one running Windows XP, SP3 and the other running Windows 7, SP 1. I frequently see the phrase when looking over the internet for advice; “Such and such has left malware traces in the registry”. My questions about this are, are traces dangerous? Is there executable code in these traces? Can my computer get infected or reinfected from these traces?
In this excerpt from Answercast #99 I look at the possible reasons traces of malware could be left on a computer. Don’t panic!
Traces of malware
Well, unfortunately, there really isn’t a definition that’s comprehensive enough; a definition that really makes sure everybody means the same thing when they use the word “traces”.
Generally what it means is that the anti-malware tool that was used to remove a particular piece of malware, didn’t remove everything. In other words, there’s some traces left over. What those traces are, could be just about anything.
Most of the time, they are benign. They are simply a little bit of information that the malware happened to use when it was around. Now that it’s not around anymore? Well, okay, that information may still be there but nobody’s using so it doesn’t really matter.
Triggering false alarms
It’s possible, sometimes that the traces could trigger false alarms from other anti-malware tools.
For example, if anti-malware tool A didn’t do a very good job of removing the malware, and you then ran a scan with tool B it may say, “Hey, I found pieces of this malware around.”
That’s one way that traces can, at least, have an alarming effect, I guess.
The other thing that comes to mind is that traces if they’re in the wrong place, yea, they can cause problems. If what was left behind by an incomplete removal of malware is in fact an instruction to reinstall the malware, yea that can cause problems.
This post is excerpted with permission from Leo Notenboom.