Forum Discussion
Registry modifications
If a file was downloaded, executed, and created a registry entry for persistence, is it enough to just delete the file from its original location? Or does the registry entry also need to be removed? What happens if it is not removed?
If a malicious file created an entry under HKLM Run, HKCU Run, or RunOnce, and the file is later deleted but the registry entry is left behind, will the system still try to execute it at startup?
1 Reply
It’s hard to comment on it without knowing what kind of malicious content was found in the file, but the basic cleanup should include of the file and all the traces it is leaving behind. Including registries.
