CPC G06F 11/1469 (2013.01) [G06F 21/568 (2013.01); G06F 2201/84 (2013.01); G06F 2221/034 (2013.01)] | 21 Claims |
1. A method of restoring a clean backup after a malware attack, comprising:
forming a list of files that are of a plurality of designated file types that can be infected by malicious software, the files stored on a computing device;
performing one or more snapshots of the files according to a predetermined schedule over a predetermined period of time;
performing one or more backups according to a predetermined schedule of the computing device;
storing the one or more snapshots simultaneously with the one or more backups, wherein the one or more snapshots correlate to one or more of the backups;
determining that a malware attack is being carried out on the computing device and generating a list of dangerous objects that spread the malware attack, wherein the malware attack comprises a polymorphic virus whose code changes each time an infected file is executed;
comparing the list of dangerous objects with the one or more snapshots to determine when the malware attack occurred;
identifying a clean backup that was created most recently before the malware attack as compared to other backups by incrementally scanning a subset of the one or more backups representing half-way points in a binary search until the clean backup that does not include any version of the polymorphic virus is detected; and
recovering data for the computing device from the clean backup.
|