Spyware Traces in Detail

  • January 20, 2007
  • 3 min read


In December of 2006, a total of over 150,000 Malware infections were reported by the Emsisoft Anti-Malware Scanner. The actual figure including all those not reported is probably much higher. According to this statistic, one could think that almost every computer was infected with one or more types of Malware before Anti-Malware was used.

Well over half of the discovered objects were so-called Spyware Traces. As usual, the term “Traces” comes from English computer terminology and means “tracks” or “indications” in this context. To explain exactly what this means, we will first make a small excursion into the world of Malware extermination.

The first and main approach to finding damaging software is through the use of signatures. In a similar manner to the way in which the police use fingerprints to recognize a criminal, the Anti-Malware Scanner compares every scanned file on the hard drive with a signature database of known damaging programs. If the file and signature agree then the file is declared to be Malware and can be deleted or placed under quarantine.
The Traces scan functions in a somewhat different manner. Instead of using a fingerprint, the Anti-Malware Scanner looks for files, folders, registry entries and Tracking Cookies that are typically created by Spyware programs. Traces are exactly these trails that Spyware leaves behind.

This approach has both advantages and disadvantages for Malware recognition. The positive property of using Traces is that a simple folder trace can recognize all versions of a particular Spyware program, as long as all versions use the same file path. This can provide additional protection against new Spyware for which a file signature is not yet available. The negative side is that it provides a relatively inexact, or insufficiently differentiated to be more precise, Malware recognition. Benign software can be falsely recognized, for example, if it uses the same file name or folder as a dangerous Spyware program.

Software discovered via Traces should therefore first be double-checked to see if it is actually Malware before it is finally deleted.
There are four different types of Traces scanned, which are described in more detail below:

Summary:
If Traces are found on your computer then this is an indication of Spyware infection. Do not blindly delete all discovered objects but rather check first whether this is possibly benign software. Only Tracking Cookies can usually be deleted without further thought. All other discoveries should first be placed in quarantine so that you can restore them if necessary.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Have a Great (Malware-Free) Day!

What to read next