Determining the source of malware
First Claim
Patent Images
1. A method for determining a source of a selected malware file in a user computer system, the method comprising:
- receiving a selection from a user on a first graphical user interface identifying a known malware file in said user computer system for analysis;
receiving on said first graphical user interface an indication from said user to execute a function to determine said source of said known malware file;
determining the creation date of said selected malware file;
searching a file system associated with said user computer system for a file based on said creation date of the selected malware file;
locating said file, said file being different from said malware file;
determining that the creation date of said file of said file system matches said creation date of said selected malware file; and
generating source information identifying at least one potential source of said selected malware file based on said matching, said source information including said file;
providing a second graphical user interface for displaying the source information, wherein said source information includes a file name of said file; and
displaying said source information on said computer system.
2 Assignments
0 Petitions
Accused Products
Abstract
A malware detection system capable of detecting and removing malware from a computer system. The malware detection system determines whether there are files potentially related to a selected malware file using a time-based embodiment based on whether files were installed around the time of the malware. A cache-based embodiment searches an Internet cache to determine the URLs that might be the source of the malware. A location-based embodiment dissects the file system path to determine an application related to the malware. Results are displayed to the user for action.
29 Citations
15 Claims
-
1. A method for determining a source of a selected malware file in a user computer system, the method comprising:
-
receiving a selection from a user on a first graphical user interface identifying a known malware file in said user computer system for analysis; receiving on said first graphical user interface an indication from said user to execute a function to determine said source of said known malware file; determining the creation date of said selected malware file; searching a file system associated with said user computer system for a file based on said creation date of the selected malware file; locating said file, said file being different from said malware file; determining that the creation date of said file of said file system matches said creation date of said selected malware file; and generating source information identifying at least one potential source of said selected malware file based on said matching, said source information including said file; providing a second graphical user interface for displaying the source information, wherein said source information includes a file name of said file; and displaying said source information on said computer system. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for determining an internet source of a selected malware file in a user computer system, the method comprising:
-
receiving a selection from a user on a first graphical user interface identifying a known malware file in said user computer system for analysis; receiving on said first graphical user interface an indication from said user to execute a function to determine said source of said known malware file; determining the file name of said selected malware file using said computer system; searching an internet cache associated with said user computer system based on the file name of said selected malware file, said internet cache including URL history entries and being maintained by a Web browser of said user computer system; determining that a URL history entry belonging to said internet cache contains the file name of said selected malware file; and generating source information, by said computer system, identifying at least one potential internet source of said selected malware file based on said URL history entry; providing a second graphical user interface for displaying said source information; and displaying said source information on said computer system. - View Dependent Claims (8, 9, 10)
-
-
11. A method for determining the name of an application associated with a selected malware file in a user computer system, the method comprising:
-
receiving a selection from a user on a first graphical user interface identifying a known malware file in said user computer system for analysis; receiving on said first graphical user interface an indication from said user to execute a function to determine a source of said known malware file; determining the full path file name of said selected malware file using said computer system; parsing the full path file name into segments based on their association with said malware file; determining that one of said segments is a root directory of said malware file; determining the name of the application which may have installed said malware file based upon said determined root directory; and generating source information, by said computer system, identifying the name of the application associated with said selected malware file based on said root directory; providing a second graphical user interface for displaying the source information; and displaying said source information on said computer system. - View Dependent Claims (12, 13)
-
-
14. A method for determining the source of a selected malware file in a user computer system, the method comprising:
-
executing an anti-malware application in said computer system; displaying a list of malware to a user on a first graphical user interface; receiving a selection from a user identifying said malware file to determine the source of the selected malware file; receiving on said first graphical user interface an indication from said user to execute a function to determine said source of said known malware file; determining at least one file installed at the same time as said selected malware file using a creation date of said malware file; determining at least one URL including the file name of said selected malware file by reference to an internet cache of URL history entries; determining at least one software application related to said selected malware file by reference to a root directory of a full path name of said malware file; and displaying, on a second graphical user interface, said at least one file, said at least one URL, and said at least one software application to said user on said computer system as being potential sources of said selected malware file. - View Dependent Claims (15)
-
Specification