1. Field of the Invention
The present invention relates generally to computing devices and software for protection against malware. More specifically, it relates to generating customized clean patterns for deleting malware files and repairing damage from malware execution on a computing device.
2. Description of the Related Art
Malware is on the rise. The types of malware and their proliferation and complexity increases with time and affects more users, as an increasing number of people are getting on the Internet or using computers on both public and private networks from remote locations. Once malware gets on a computer and executes, damage is inevitable and further use of the computer may be seriously impaired or may cause even greater damage, such as loss of data and software.
Currently there are procedures and methodologies available to clean up a computer or block further harm to a computer from malware. For example, there are scripts available called “clean patterns” that a user can execute on his computer to clean it or restore it to a normal operating state after malware execution has been detected. Currently there are generic clean patterns which, given the increasing sophistication of malware today, have limited capabilities for restoring a computer. They often reside on the computer and perform some basic clean-up and restore functions, but are not tailored to a specific malware program or virus. Other more effective clean patterns require too much time and resources to generate once malware execution on the computing device has begun. And while generic clean patterns may be available on the computer for immediate execution to address the malware execution early, these patterns cannot deal with special malware behavior or any type of malware behavior that is not considered typical or generic. This falls short of adequate protection in light of the growing sophistication of malware in terms of their deployment, effects on the computer, tools needed for their clean up, and execution.
Currently, clean patterns are typically prepared manually; that is, by malware threat analysts and engineers. They use their vast, collective knowledge and experience of malware behavior and execution to manually write a clean pattern that is specifically tailored for a targeted malware program based on that malware's execution indicators. The analysts study the malware execution related data, such as early indicators of potential malware typically collected by a malware detection engine, malware samples (if available) and then use their experience, knowledge, intuition, and a set of rules and guidelines for generating (i.e., writing) clean patterns that are transmitted back to the computing device where it is executed on a clean engine to clean the device of the suspected malware. This process—from early detection to clean pattern execution—has become inefficient, slow, and resource intensive. As noted, this is particularly true given the rise in malware proliferation and the number of users. More people are getting onto the Internet and other networks via wireless devices (e.g., laptops, netbooks, mini laptops, mobile handsets, etc) and, consequently, it is getting increasingly difficult for anti-malware providers (companies who employ the Web threat analysts and engineers) to manually generate and disseminate clean patterns quickly enough to prevent serious damage to a computer for all subscribers (users). Although these providers may strive to be as nimble, reactive and efficient as possible, the sheer volume of malware activity and users is making these goals difficult to achieve. Furthermore, many users, such as home users, may not realize that malware is executing on their devices or that their anti-malware (security) software provider is supplying them with a so-called clean pattern that they should execute as soon as possible to prevent further damage. Not surprisingly, many may not know or even heard of a clean pattern or realize that something needs to be done on their computing devices to prevent serious harm, such as loss of data.