Spyware Traces in Detail

In December of 2006, a total of over 150,000 Malware infections were reported by the a-squared Scanner. The actual figure including all those not reported is probably much higher. According to this statistic, one could think that almost every computer was infected with one or more types of Malware before a-squared was used.

Well over half of the discovered objects were so-called Spyware Traces. As usual, the term "Traces" comes from English computer terminology and means "tracks" or "indications" in this context. To explain exactly what this means, we will first make a small excursion into the world of Malware extermination.

The first and main approach to finding damaging software is through the use of signatures. In a similar manner to the way in which the police use fingerprints to recognize a criminal, the a-squared Scanner compares every scanned file on the hard drive with a signature database of known damaging programs. If the file and signature agree then the file is declared to be Malware and can be deleted or placed under quarantine.

The Traces scan functions in a somewhat different manner. Instead of using a fingerprint, the a-squared Scanner looks for files, folders, registry entries and Tracking Cookies that are typically created by Spyware programs. Traces are exactly these trails that Spyware leaves behind.

This approach has both advantages and disadvantages for Malware recognition. The positive property of using Traces is that a simple folder trace can recognize all versions of a particular Spyware program, as long as all versions use the same file path. This can provide additional protection against new Spyware for which a file signature is not yet available. The negative side is that it provides a relatively inexact, or insufficiently differentiated to be more precise, Malware recognition. Benign software can be falsely recognized, for example, if it uses the same file name or folder as a dangerous Spyware program.

Software discovered via Traces should therefore first be double-checked to see if it is actually Malware before it is finally deleted.

There are four different types of Traces scanned, which are described in more detail below:

Image Source: emsisoft.com