With the prevalence of data communications over the global information network (i.e., the internet), software having a malicious effect on the personal computer may become situated in the computer system using system resources and ‘infecting’ system ‘objects.’ The software may be knowingly downloaded, such as where the undesired malicious effect isn't known or appreciated at the time of downloading. Also, the software may tag along with other software. Still further, the software may enter the computer system unknown to the computer user. Typically, the software has effects on the computer that are unknown to the user or undesired by the user. For example, a string of code may embed itself into a strategic location within other code. Upon execution the infiltrating code may replicate itself or generate other code that accesses system resources. Various objects may become ‘infected’ on a user's machine, including but not limited to: files, directories, registry entries, Layered Service Providers (LSP's), file contents, services, running processes and modules, browser helper objects, and browser cookies.
The term malicious software, or ‘malware,’ is used to describe software having the malicious effect. In some instances, the software may be referred to as an ‘infection,’ or a ‘computer virus.’ In other instances, the software may be referred to as ‘spyware’ or ‘adware.’ The term ‘malware’ is used to encompass computer viruses and other ‘infections’, along with spyware, adware and other software having a malicious effect on the computer.
An objective of a virus scanning software application is to detect and clean from the computer, various types of virus infections, spyware, adware and applications which are deemed as malware. A conventional virus scanning application includes a scanning engine which has an objective of scanning a user's computer resources to detect whether any known, specific malware items are present, (e.g., to detect infected objects on a user's machine). A conventional virus scanning application includes a set of definition files used by the scanning engine for indicating what objects should be looked for and what actions are to be taken in the case where the object is detected. For example, actions may include shutting down or deleting an infected object.
Accordingly, the performance of a conventional virus scanning software application is limited by the information contained in the definition files. In the event that a virus is not fully removed or that infected files remain after a scan, the user's options are limited. For example, a user may contract for technical support. The user may ship their computer to the contractor to fix the problem. This causes the user to forego access to the computer for days, or weeks at a time. Alternatively, technical support may analyze the problem over the phone by guiding the user through steps. Telephone support, while valuable to users, can be cumbersome and, because of its dependency on considerable user interaction, has a high error probability. One shortcoming of this approach is the amount of time required for communication back and forth between the user and Support Technician. Also, the user of an infected computer may not understand how to navigate their computer and its file system to determine a virus or malware location or type. Further, the user might not gather all the necessary system information needed by Support Technician to properly diagnose a problem. Still further, the instructions to remedy the problem may be too complicated or cumbersome, proving a burden to a novice user.
Accordingly, there is a need for more effective and efficient tools for detecting and clearing viruses and other malware from a user's computer.