A virus is a type of malicious code that spreads by injecting copies of itself into computer files so that, when a computer system accesses these “infected” files, the virus code is also executed. Because infected files may be needed for proper system execution, it is desirable to be able to remediate the files and restore them to a usable, uninfected state.
The state of the art for remediation of infected files only covers a small percentage of file infections. If the specific malware responsible for the infection is known, a repair script can be developed for that particular infection. The repair script is uniquely generated for each specific malware infection and is used when that specific infection can be identified. Because the repair script is limited to the positive identification of a particular infection, it is not effective in situations where an infection is identified but the particular malware is unknown. Infections by newly introduced malware cannot be treated in this fashion until the malware has become known and a repair script has been generated for that particular malicious code. In practice, even a large collection of repair scripts can only remediate a fraction of infected files.
If the file happens to be a well-known system file, then it may be possible to replace the entire file using a cloud repository. If the file is not found in the cloud, as is often the case, then remediation fails.
In view of the foregoing, it may be understood that there may be significant problems and shortcomings associated with current file remediation technologies.