Back to the Future: A Framework for Automatic Malware Removal and System Repair
Francis Hsu, Hao Chen, Thomas Ristenpart, Jason Li, and Zhendong Su

Malware, software with malicious intent, has emerged as a
widely-spread threat to system security.  It is difficult to detect
malware reliably because new and polymorphic malware programs appear
frequently.  It is also difficult to remove malware and repair its
damage to the system because it can extensively modify a system.

We propose a novel framework for automatically removing malware from
and repairing its damage to a system. The primary goal of our
framework is to preserve system integrity. Our framework monitors and
logs untrusted programs' operations. Using the logs, it can completely
remove malware programs and their effects on the system.  Our
framework does not require signatures or other prior knowledge of
malware behavior.  We implemented this framework on Windows and
evaluated it with seven spyware, trojan horses, and email worms.
Comparing our tool with two popular commercial anti-malware tools, we
found that our tool detected all the malware's modifications to the
system detected by the commercial tools, but the commercial tools
overlooked up to 97\% of the modifications detected by our tool.  The
runtime and space overhead of our prototype tool is acceptable.  Our
experience suggests that this framework offers an effective new
defense against malware.