Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What does it mean when “traces” are left behind from malware removal?


I have two computers: one running Windows XP, SP3 and the other running
Windows 7, SP 1. I frequently see the phrase when looking over the internet for
advice; “Such and such has left malware traces in the registry”. My questions
about this are, are traces dangerous? Is there executable code in these traces?
Can my computer get infected or reinfected from these traces?

In this excerpt from
Answercast #99
I look at the possible reasons traces of malware could be
left on a computer. Don’t panic!

Become a Patron of Ask Leo! and go ad-free!

Traces of malware

Well, unfortunately, there really isn’t a definition that’s comprehensive
enough; a definition that really makes sure everybody means the same thing when
they use the word “traces”.

Generally what it means is that the anti-malware tool that was used to
remove a particular piece of malware, didn’t remove everything. In other words,
there’s some traces left over. What those traces are, could be just about

Most of the time, they are benign. They are simply a little bit of
information that the malware happened to use when it was around. Now that it’s
not around anymore? Well, okay, that information may still be there but
nobody’s using so it doesn’t really matter.

Triggering false alarms

It’s possible, sometimes that the traces could trigger false alarms from
other anti-malware tools.

For example, if anti-malware tool A didn’t do a very good job of removing
the malware, and you then ran a scan with tool B it may say, “Hey, I found
pieces of this malware around.”

That’s one way that traces can, at least, have an alarming effect, I

The other thing that comes to mind is that traces if they’re in the wrong
place, yea, they can cause problems. If what was left behind by an incomplete
removal of malware is in fact an instruction to reinstall the malware, yea that
can cause problems.

Traces with executable code

To actually answer one question specifically: “Do the traces themselves
contain executable code?”

No, they typically do not. They typically reference executable code which
came from the internet or from somewhere on your PC. That’s why removing
malware and having some traces left over in the registry is generally not
something to worry about.

What to do about malware traces

My recommendation in a situation like this, where you’re being told that
there is (for some reasons) traces on your machine:

  1. Don’t panic.

  2. Make sure you’re running up to date and good anti-malware software

Currently I recommend Microsoft Security Essentials. Also, run Malwarebytes if you
want an extra level of security and you suspect that there may be a

If those tools don’t turn anything up you’re probably just fine. Yea, there
may be something in your registry but it’s not harming anything.

Keep your computer safe

And of course, the most important thing, when it comes to keeping your
computer malware-free, is actually you.

Don’t do the kinds of things that cause malware to show up on your machine.
Don’t open attachments from people you don’t expect. Don’t open downloads from
suspicious places and so on. I mean, we understand the steps that it takes for
an individual to be a good player on the internet.

I’ll point you at the article, “Internet
Safety: How do I keep my computer safe on the internet?
” for a summary of
the steps that you as a computer user need to take to keep your computer safe.
But the most important thing with respect to these so called traces is to A)
not panic and B) make sure you’re running good software yourself and you should
be just fine.

(Transcript lightly edited for readability.)

End of Answercast 99 Back to –
Audio Segment

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.