System and method for removal of malicious software from computer systems and management of treatment side-effects

摘要

Removing malware from a computer system. An inspection module obtains an inspection log representing operational history of the operating system and the application programs of the computer system. The inspection log is analyzed to detect a presence of any malware on the computer system. A treatment scenario is generated that defines a plurality of actions to be executed for removing any malware present on the computer system, as detected in the analyzing. The treatment scenario is generated based on the information contained in the inspection log and on a knowledge base of malware removal rules. The generated treatment scenario is evaluated to assess the actions defined in the generated treatment scenario that are associated with a risk of damaging the operating system or the application programs of the computer system. A modified treatment scenario can be created to reduce the risk in response to an assessment of the risk.

主权项

1. A security arrangement for removing malware from a computer system, the security arrangement comprising:
computing hardware, including a processor, a data store, and input/output facilities; an operating system and application programs executable on the computing hardware; an inspection module that monitors operation of the operating system and application programs for a presence of malware, and generates an inspection log representing operational history of the operating system and the application programs;
wherein the inspection module passes the inspection log to a log analyzer module operating on a remote service that responds by detecting a presence of any malware on the computer system based on information contained in the inspection log and in accordance with a malware knowledge base containing indicia of known malware or non-malware programs; and a treatment scenario execution module that obtains, from the remote service a pre-evaluated treatment scenario which contains a specific set of instructions that represent a sequence of actions to be executed for removing any malware present on the computer system, as detected by the log analyzer module, the pre-evaluated treatment scenario having been generated specifically for use by the computer system by a scenario generator module based on the information contained in the inspection log and on a knowledge base of malware removal rules, the generated treatment scenario having been further pre-evaluated by a scenario side-effect evaluation module based on a knowledge base of side-effects relating to malware treatment actions and on the information contained in the inspection log, such that the actions represented by the instructions of the generated treatment scenario that are associated with a risk of damaging the operating system or the application programs of the computer system are automatically modified to reduce the risk; and
wherein the treatment scenario execution module executes the pre-evaluated treatment scenario using the computing hardware.