1. Field of the Invention
The present invention generally relates to a mechanism for cleaning malicious software (malware), and more particularly, to a method and a system for cleaning malware by detecting all processes and elements related to a malicious process according to a relation graph, and a computer program product and a storage medium thereof.
2. Description of Related Art
The development of computer information technology brings great impact upon our society and daily life. People rely more and more on computer systems to carry out various operations. In particular, many of these operations, such as web browsing, email sending/receiving, and online shopping, are carried out through the Internet. Accordingly, malicious software (malware) is created by some people for attacking computer systems. A computer system will be attacked by a malware if the computer system is connected to a malicious website.
Malwares may threaten the security of confidential information stored in computer systems or damage these computer systems. Thus, users of the computer systems or the Internet have to spend a lot of time and money for preventing the attack of such malwares, mostly by using antivirus software. Generally speaking, an antivirus software company captures these malwares and analyzes the feature codes thereof, such that when any malware is detected, the antivirus software can remove the malware according to its feature code.
However, a malware has two major elements, one is an attacker for attacking a computer system, and the other is an instigator for controlling and maintaining the malicious processes. Because the instigator only performs maintenance works in the attacked computer system but does not directly attack the computer system, it is difficult to be found by an antivirus software company, and accordingly the feature code thereof cannot be summarized. Thus, it is difficult to completely remove the instigator. After the attacker is detected and deleted by an antivirus software, the instigator is still able to copy or download new attackers and continue to steal confidential information from the attacked computer system. As a result, a user may lose his valuable data unconsciously or a computer system may be constantly jeopardized, and property or reputation loss may be further caused.