Malicious software removal tools focus on cleaning up files detected to be malicious. For example, when a particular file on a computing device is determined to be malicious, the particular file may be deleted from the computing device. However, such approaches may not account for changes made to the computing device by the malicious software. For example, the malicious software may have been running for a period of time on the computing device and may have made a number of changes on the computing device, such as making changes to the registry of the computing device or downloading/installing other malicious software. As another example, the malicious software may be a backdoor, and a malicious actor may have accessed the computing device via the malicious software to modify the computing device.