A malware is any code, data, communication, or method that is applied to a data processing system covertly, unintentionally, or without a user's permission, to cause an undesirable behavior or operation of the data processing system. Often, a malware is difficult to discover in the data processing system, difficult to remove upon discovery, or both.
For example, some malware install code on a data processing system that causes the data processing system to track a user's keystrokes, such as when entering passwords, and transmit a record of the keystrokes to a remote computer. As another example, some other malware cause unintended diversions in an application's operation. Browser operation hijacking is an example of such a malware. Many types of malware exist today, and new ones are created almost on a daily basis.
A computer virus comprises code or data and is a manner of delivering malware to a data processing system. For example, a common method for delivering a virus to a user's data processing system includes modifying content to hide the code or data of a virus. As an example, unbeknownst to a user who downloads or receives certain content, the content is modified to include a virus. The virus is designed to cause a data processing system of the user to perform a function that is not desired, permitted, intended, or expected by the user. When the user receives the virus-infected content on the user's data processing system, the virus modifies code or data in the data processing system to cause the data processing system to perform the undesired, not permitted, unintended, or unexpected function of the malware.
A variety of antivirus and/or malware protection applications (hereinafter collectively referred to as “malware protection application”) are presently available for detecting and removing viruses and/or malware of various types, (hereinafter collectively referred to as “malware”), from a user's data processing system, such as from desktop or laptop computers, server computers, and the like. Typically, a malware protection application scans all data, including code, that is susceptible to malware on a given data processing system to identify the presence of a malware in the data using known malware signatures. When the malware protection application finds a malware, the malware protection application modifies the portion of data in which the malware is detected to remove the malware. The modified portion of the data thereafter operates without the undesired, not permitted, unintended, or unexpected function of the malware.