×

Systems and methods for generating repair scripts that facilitate remediation of malware side-effects

  • US 9,659,176 B1
  • Filed: 07/17/2014
  • Issued: 05/23/2017
  • Est. Priority Date: 07/17/2014
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for generating repair scripts that facilitate remediation of malware side-effects, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

  • identifying a potentially malicious file located on a computing system;

    determining at least one potential side-effect of the potentially malicious file, wherein the potential side-effect represents a registry key or another file that has been created or modified on the computing system by executing or removing the potentially malicious file;

    generating, based at least in part on the potential side-effect, a repair script that facilitates remediation of the potential side-effect by;

    identifying all known variants of a family of malware that includes the potentially malicious file;

    performing a controlled software automation analysis or a field telemetry analysis on all of the known variants of the family of malware; and

    determining, based at least in part on the controlled software automation analysis or the field telemetry analysis, one or more variations in potential side-effects that result from executing or removing the variants from computing systems; and

    remedying the potential side-effect by directing the computing system to execute the repair script such that the repair script causes the computing system to;

    compute a heuristic distance from a known side-effect of the potentially malicious file to the registry key or the other file that has been created or modified on the computing system by executing or removing the potentially malicious file, wherein the heuristic distance represents an amount of difference between the known-side effect and the potential side-effect;

    determine that the heuristic distance from the known side-effect to the registry key or the other file is below a certain threshold;

    in response to determining that the heuristic distance is below the certain threshold;

    classify the registry key or the other file as a side-effect of the potentially malicious file; and

    remedy the registry key or the other file due at least in part to the classification as a side-effect of the potentially malicious file.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×