US Patent 9659175 Methods and apparatus for identifying and removing malicious applications

A system, method, and apparatus for identifying and removing malicious applications are disclosed. An example apparatus includes an analysis server configured to receive from an executable application operating on a client device a data structure including information identifying processes operating on the client device during a time period and analyze the data structure to identify a malicious application by determining which of the processes on the client device were triggered after an application server was accessed by the executable application and identifying processes associated with the malicious application by comparing the determined processes to records of processes of a device similarly configured as the client device. The apparatus also includes a remover configured to determine files on the client device that are associated with the identified malicious application and transmit instructions to the executable application causing the executable application to remove the malicious application from operation on the client device.