Malware often causes side-effects in infected computing devices. For example, a variant of a malware family may infect a computing device. Upon execution by the infected computing device, this variant may create or modify a component (such as a file or registry key) of the infected computing device. The name given to this component may depend on which variant of the malware family has infected the computing device. Accordingly, one variant may give one name to the component while another variant may give another name to the component.
Unfortunately, conventional remediation technologies may apply repair scripts that are only able to remedy malware side-effects corresponding to components with specific known names. For example, a remediation analyst may prepare a repair script designed to remedy malware side-effects caused by a specific variant of a malware family. These malware side-effects may correspond to components whose names were created or modified by the variant. In the event that another variant of the malware family gives slightly different names to these components, the repair script may be unable to remedy certain side-effects caused by this other variant.
The instant disclosure, therefore, identifies and addresses a need for improved systems and methods for generating repair scripts that facilitate remediation of malware side-effects.