Helping people with computers... one answer at a time.
Traces of malware could be left in various places on a computer after a virus or spyware infection. First thing: don't panic!
I have two computers: one running Windows XP, SP3 and the other running Windows 7, SP 1. I frequently see the phrase when looking over the internet for advice; "Such and such has left malware traces in the registry". My questions about this are, are traces dangerous? Is there executable code in these traces? Can my computer get infected or reinfected from these traces?
In this excerpt from Answercast #99 I look at the possible reasons traces of malware could be left on a computer. Don't panic!
Well, unfortunately, there really isn't a definition that's comprehensive enough; a definition that really makes sure everybody means the same thing when they use the word "traces".
Generally what it means is that the anti-malware tool that was used to remove a particular piece of malware, didn't remove everything. In other words, there's some traces left over. What those traces are, could be just about anything.
Most of the time, they are benign. They are simply a little bit of information that the malware happened to use when it was around. Now that it's not around anymore? Well, okay, that information may still be there but nobody's using so it doesn't really matter.
It's possible, sometimes that the traces could trigger false alarms from other anti-malware tools.
For example, if anti-malware tool A didn't do a very good job of removing the malware, and you then ran a scan with tool B it may say, "Hey, I found pieces of this malware around."
That's one way that traces can, at least, have an alarming effect, I guess.
The other thing that comes to mind is that traces if they're in the wrong place, yea, they can cause problems. If what was left behind by an incomplete removal of malware is in fact an instruction to reinstall the malware, yea that can cause problems.
To actually answer one question specifically: "Do the traces themselves contain executable code?"
No, they typically do not. They typically reference executable code which came from the internet or from somewhere on your PC. That's why removing malware and having some traces left over in the registry is generally not something to worry about.
My recommendation in a situation like this, where you're being told that there is (for some reasons) traces on your machine:
Make sure you're running up to date and good anti-malware software yourself.
If those tools don't turn anything up you're probably just fine. Yea, there may be something in your registry but it's not harming anything.
And of course, the most important thing, when it comes to keeping your computer malware-free, is actually you.
Don't do the kinds of things that cause malware to show up on your machine. Don't open attachments from people you don't expect. Don't open downloads from suspicious places and so on. I mean, we understand the steps that it takes for an individual to be a good player on the internet.
I'll point you at the article, "Internet
Safety: How do I keep my computer safe on the internet?" for a summary of
the steps that you as a computer user need to take to keep your computer safe.
But the most important thing with respect to these so called traces is to A)
not panic and B) make sure you're running good software yourself and you should
be just fine.
(Transcript lightly edited for readability.)
End of Answercast 99 Back to - Audio Segment
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.