Adjunct Computing Machine for Remediating Malware on Compromised Computing Machine

US 20130152201A1
Filed: 12/12/2011
Published: 06/13/2013
Est. Priority Date: 12/12/2011
Status: Abandoned Application

First Claim

Patent Images

1. In a computing environment, a method performed at least in part on at least one processor comprising, obtaining antimalware-related data at a functional adjunct machine, and transferring the antimalware-related data to a malware-compromised machine for use in remediating malware on the compromised machine.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described is a technology by which a malware-compromised machine, such as a personal computer is cleaned through the use of a functional adjunct machine, such as a mobile device (or vice-versa). The functional adjunct machine performs actions on behalf of the malware-compromised machine and/or to assist the remediation. This may include downloading antimalware-related data (e.g., an application, antimalware code, signature updates and/or the like) via a marketplace/application store, and transferring at least some of the data and/or programs to the compromised machine. Other actions may include using the functional adjunct machine to boot the malware-compromised machine into a non-compromised state and providing the data or programs to allow remediation of the malware while in this state.

Citations

20 Claims

1. In a computing environment, a method performed at least in part on at least one processor comprising, obtaining antimalware-related data at a functional adjunct machine, and transferring the antimalware-related data to a malware-compromised machine for use in remediating malware on the compromised machine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein obtaining the antimalware-related data comprises downloading an application from a marketplace or application store.
  - 3. The method of claim 1 wherein at least part of the antimalware-related data includes antimalware code, and further comprising, executing the antimalware code to scan and remediate the malware on the malware-compromised machine to transform the malware-compromised machine into a clean machine.
  - 4. The method of claim 1 further comprising, updating signatures on the malware-compromised machine with at least part of the antimalware-related data.
  - 5. The method of claim 1 wherein transferring the antimalware-related data to a malware-compromised machine comprises loading code for execution by the malware-compromised machine.
  - 6. The method of claim 1 wherein the malware-compromised machine is compromised by having malware in a storage mechanism thereof, and further comprising, booting the malware-compromised machine from the functional adjunct machine to operate the compromised machine in a non-compromised operational state.
  - 7. The method of claim 6 wherein booting the malware-compromised machine from the functional adjunct machine comprises simulating an input device at the adjunct machine to simulate human interaction with the malware-compromised machine.
  - 8. The method of claim 6 wherein transferring the antimalware-related data to the malware-compromised machine comprises loading antimalware code for execution by the malware-compromised machine while the malware-compromised machine is operating in the non-compromised operational state, and further comprising, executing the antimalware code to scan and remediate the malware on the malware-compromised machine to clean the storage mechanism and transform the malware-compromised machine to a clean machine.
  - 9. The method of claim 8 further comprising, rebooting the clean machine from the storage mechanism after the storage mechanism is cleaned.

10. In a computing environment, a system comprising, a compromised machine containing malware that prevents the compromised machine from cleaning the malware by disabling one or more resources of the compromised machine, a functional adjunct machine coupled to the compromised machine, the functional adjunct machine configured to obtain antimalware-related data on behalf of the malware-compromised machine and to perform one or more actions that use the antimalware-related data as part of a remediation operation that remediates the malware to transform the compromised machine into a clean machine.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The system of claim 10 wherein the functional adjunct machine is configured to download an application from a marketplace or application store to obtain the antimalware-related data.
  - 12. The system of claim 10 wherein the functional adjunct machine comprises a mobile device and wherein the compromised machine comprises a personal computer.
  - 13. The system of claim 10 wherein the antimalware-related data comprises executable antimalware code or antimalware signature data, or both executable antimalware code and antimalware signature data.
  - 14. The system of claim 10 wherein the one or more actions that use the antimalware-related data as part of a remediation operation comprises transferring at least part of the antimalware-related data from the functional adjunct machine to the malware-compromised machine.
  - 15. The system of claim 10 wherein the one or more actions that use the antimalware-related data as part of a remediation operation include booting the malware-compromised machine from the functional adjunct machine to operate the compromised machine in a non-compromised operational state.
  - 16. The system of claim 10 wherein the functional adjunct machine is configured to emulate an input device to simulate human interaction with the malware-compromised machine.

17. One or more computer-readable media having computer-executable instructions, which when executed perform steps, comprising:
- booting a machine having storage compromised with malware into an offline state with respect to running malware, in which the booting is performed off of a functional adjunct machine that has downloaded boot code and antimalware data;
  
  receiving at least part of the antimalware data while in the offline state from the functional adjunct machine, including antimalware code; and
  
  executing the antimalware code while in the offline state to remediate the malware in the storage.
- View Dependent Claims (18, 19, 20)
- - 18. The one or more computer-readable media of claim 17 having further computer-executable instructions comprising, accessing a marketplace or application store to obtain an application associated with the downloaded boot code and the antimalware data.
  - 19. The one or more computer-readable media of claim 17 wherein receiving at least part of the antimalware data while in the offline state from the functional adjunct machine comprises receiving antimalware signature data.
  - 20. The one or more computer-readable media of claim 17 having further computer-executable instructions comprising, rebooting the machine from the storage after remediating the malware in the storage.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Seinfeld, Marc E., Kuo, Chengi Jimmy, Gullotto, Vincent P., Molenkamp, Kelsey Scott

Application Number

US13/316,709
Publication Number

US 20130152201A1
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

G06F 21/564   by virus signature recognition

G06F 21/568   eliminating virus, restorin...

G06F 21/575   Secure boot

H04L 63/145   the attack involving the pr...

Adjunct Computing Machine for Remediating Malware on Compromised Computing Machine

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Adjunct Computing Machine for Remediating Malware on Compromised Computing Machine

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links