Method and system for automatic cure against malware

US 7,540,030 B1
Filed: 09/15/2008
Issued: 05/26/2009
Est. Priority Date: 09/15/2008
Status: Active Grant

First Claim

Patent Images

1. A method for curing a computer against malware components and collecting malware-related statistics, the method being executed on a computer having a processor and a memory, the method comprising:

(a) receiving a protocol log of a user computer;

(b) providing the protocol log to an auto-parser;

(c) analyzing the protocol log and generating a first cure script by the auto-parser;

(d) storing the protocol log and the first cure script in a database;

(e) generating a helper solution based on the first cure script;

(f) storing the helper solution in the database;

(g) sending the helper solution to the auto-parser;

(h) generating a second cure script based on the helper solution by the auto-parser;

(i) providing the second cure script to the user;

(j) receiving quarantined files from the user, wherein the files are quarantined by execution of the second cure script; and

(k) repeating the steps (b) through (j) for another protocol log.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is intended as a method, system and computer program product for identification of malware components based on automatically collected statistical data and providing effective cure to infected computer systems. The malware components on a user'"'"'s computer system are identified and appropriate cure is administered in a form of cure scripts. The cure scripts are automatically generated based on collected comprehensive malware-related statistical data. The statistical data is collected through generating protocol logs of malware affected computer system. The protocol logs are stored in the database. The statistical data is also collected through emulation of known malware components. Cure solutions against malware in a form of scripts are also stored in the database for future references. The system constantly collects malware-related statistics (i.e., self-teaches) and effectiveness of the cure provided to infected computer systems is improved with time.

44 Citations

View as Search Results

16 Claims

1. A method for curing a computer against malware components and collecting malware-related statistics, the method being executed on a computer having a processor and a memory, the method comprising:
- (a) receiving a protocol log of a user computer;
  
  (b) providing the protocol log to an auto-parser;
  
  (c) analyzing the protocol log and generating a first cure script by the auto-parser;
  
  (d) storing the protocol log and the first cure script in a database;
  
  (e) generating a helper solution based on the first cure script;
  
  (f) storing the helper solution in the database;
  
  (g) sending the helper solution to the auto-parser;
  
  (h) generating a second cure script based on the helper solution by the auto-parser;
  
  (i) providing the second cure script to the user;
  
  (j) receiving quarantined files from the user, wherein the files are quarantined by execution of the second cure script; and
  
  (k) repeating the steps (b) through (j) for another protocol log.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the protocol log is automatically generated by a component provided to the user.
  - 3. The method of claim 1, wherein the protocol log is in HTML format.
  - 4. The method of claim 1, wherein step (c) further comprises comparing objects of the protocol log against clean objects and known malware components, wherein the checksums and signatures of the objects are used.
  - 5. The method of claim 4, further comprising storing results of the analysis in the database.
  - 6. The method of claim 5, further comprising storing any helper errors in the database.
  - 7. The method of claim 6, wherein the helper errors are any of:
    - identifying a clean object as a malware component;
      
      identifying a malware component as a clean object; and
      
      unsuccessful quarantine of the files.
  - 8. The method of claim 1, further comprising generating the cure scripts in a text format.
  - 9. The method of claim 1, further comprising analyzing the files placed in the quarantine, wherein analysis comprise emulation of the files and anti-virus processing.
  - 10. The method of claim 9, further comprising saving results of analysis in the database.

11. A system for curing a computer against malware components and collecting malware-related statistics, the system comprising:
- a protocol log received from a user computer;
  
  an auto-parser that analyzes the protocol log and generates a first cure script by the auto-parser;
  
  a database that stores the protocol log and the first cure script in a database;
  
  a helper solution generated based on the first cure script, the helper solution being stored in the database;
  
  a second cure script generated by the auto-parser based on the helper solution and provided to the user computer; and
  
  means for receiving quarantined files from the user, wherein the files are quarantined by execution of the second cure script.
- View Dependent Claims (12, 13, 14)
- - 12. The system of claim 11, wherein the auto-parser generates a cure script based on helper solutions provided through the helpdesk, and wherein the malware-related data from the database is used for generation of the cure script.
  - 13. The system of claim 11, wherein the database contains any of:
    - clean objects;
      
      known malware components;
      
      recorded helper errors;
      
      checksums of clean objects;
      
      signatures of known malware components;
      
      cure scripts;
      
      user protocol logs;
      
      malware emulation data;
      
      helper solutions; and
      
      helper errors.
  - 14. The system of claim 11, wherein the administrator station is located on a client computer and the database is located on a server.

15. A method for curing a computer against malware components, the method being executed on a computer having a processor and a memory, the method comprising:
- (a) selecting a security wizard from a plurality of available wizards;
  
  (b) acquiring security wizard check script from a database;
  
  (c) executing the check script;
  
  (d) generating a log of issues identified by the check script;
  
  (e) generating a fix script based on the log;
  
  (f) executing the fix script; and
  
  (g) storing results of execution of the fix script in a database.
- View Dependent Claims (16)
- - 16. The method of claim 15, further comprising checking for deleted system registry files and correcting the system registry.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kaspersky Lab ZAO
Original Assignee
Kaspersky Lab ZAO
Inventors
Zaitsev, Oleg V.
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US12/210,732
Time in Patent Office

253 Days
Field of Search

726/22, 726/23, 726/24, 726/25, 713/187, 713/188
US Class Current

726/24
CPC Class Codes

G06F 21/568 eliminating virus, restorin...

Method and system for automatic cure against malware

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for automatic cure against malware

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links