Method and system for automatic cure against malware
First Claim
1. A method for curing a computer against malware components and collecting malware-related statistics, the method being executed on a computer having a processor and a memory, the method comprising:
- (a) receiving a protocol log of a user computer;
(b) providing the protocol log to an auto-parser;
(c) analyzing the protocol log and generating a first cure script by the auto-parser;
(d) storing the protocol log and the first cure script in a database;
(e) generating a helper solution based on the first cure script;
(f) storing the helper solution in the database;
(g) sending the helper solution to the auto-parser;
(h) generating a second cure script based on the helper solution by the auto-parser;
(i) providing the second cure script to the user;
(j) receiving quarantined files from the user, wherein the files are quarantined by execution of the second cure script; and
(k) repeating the steps (b) through (j) for another protocol log.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention is intended as a method, system and computer program product for identification of malware components based on automatically collected statistical data and providing effective cure to infected computer systems. The malware components on a user'"'"'s computer system are identified and appropriate cure is administered in a form of cure scripts. The cure scripts are automatically generated based on collected comprehensive malware-related statistical data. The statistical data is collected through generating protocol logs of malware affected computer system. The protocol logs are stored in the database. The statistical data is also collected through emulation of known malware components. Cure solutions against malware in a form of scripts are also stored in the database for future references. The system constantly collects malware-related statistics (i.e., self-teaches) and effectiveness of the cure provided to infected computer systems is improved with time.
44 Citations
16 Claims
-
1. A method for curing a computer against malware components and collecting malware-related statistics, the method being executed on a computer having a processor and a memory, the method comprising:
-
(a) receiving a protocol log of a user computer; (b) providing the protocol log to an auto-parser; (c) analyzing the protocol log and generating a first cure script by the auto-parser; (d) storing the protocol log and the first cure script in a database; (e) generating a helper solution based on the first cure script; (f) storing the helper solution in the database; (g) sending the helper solution to the auto-parser; (h) generating a second cure script based on the helper solution by the auto-parser; (i) providing the second cure script to the user; (j) receiving quarantined files from the user, wherein the files are quarantined by execution of the second cure script; and (k) repeating the steps (b) through (j) for another protocol log. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for curing a computer against malware components and collecting malware-related statistics, the system comprising:
-
a protocol log received from a user computer; an auto-parser that analyzes the protocol log and generates a first cure script by the auto-parser; a database that stores the protocol log and the first cure script in a database; a helper solution generated based on the first cure script, the helper solution being stored in the database; a second cure script generated by the auto-parser based on the helper solution and provided to the user computer; and means for receiving quarantined files from the user, wherein the files are quarantined by execution of the second cure script. - View Dependent Claims (12, 13, 14)
-
-
15. A method for curing a computer against malware components, the method being executed on a computer having a processor and a memory, the method comprising:
-
(a) selecting a security wizard from a plurality of available wizards; (b) acquiring security wizard check script from a database; (c) executing the check script; (d) generating a log of issues identified by the check script; (e) generating a fix script based on the log; (f) executing the fix script; and (g) storing results of execution of the fix script in a database. - View Dependent Claims (16)
-
Specification