Virus precaution method and device

A virus and configuration file technology, applied in the network field, can solve problems such as the inability to quickly and effectively remove viruses, achieve the effect of improving efficiency and accuracy, and eliminating tedious operations

Active Publication Date: 2008-12-03
CHENGDU HUAWEI TECH
View PDF0 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In summary, the inventors have found that the above-mentioned prior art has at leas

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Virus precaution method and device
  • Virus precaution method and device
  • Virus precaution method and device

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0026] Example 1

[0027] figure 1 A schematic flowchart of Embodiment 1 of the virus prevention method provided by the present invention, the method includes:

[0028] S101. Detecting a network connection request message sent by a client, where the request message includes a first network address that the client requests to connect;

[0029] For a virus program with an automatic update download mechanism, when the virus runs, it will trigger the client to automatically connect to the network resource preset by the virus program with a certain strategy (such as regular automatic update detection), and download the updated version or new variant of the virus . The client will try to connect to the preset network address. According to the provisions of the network protocol, a network connection request must be sent, and the request includes the first network address.

[0030] S102. Determine whether the first network address is a network address used by the virus to update d...

Example Embodiment

[0036] Embodiment 2

[0037] This embodiment mainly introduces a specific application embodiment of step S103. Steps S101 and S102 can be implemented by using conventional means in the field, and details are not repeated here. The following takes a virus Trojan-Downloader.Win32.QQHelper.ws as an example to introduce how to automatically remove the virus by configuring network parameters. According to the name, this virus is a Trojan downloader. After analysis, it is found that the behavior characteristics of the virus include the following content between the dotted lines:

[0038] -------------------------------------------------- ----------------------

[0039] (The number 70204 below may vary by host)

[0040] Try downloading the following four files in random order

[0041] http: / / install1.ring520.org / kkkk / mminstall.exe?s queryid=70204

[0042] http: / / install2.ring520.org / kkkk / mminstall.exe?s queryid=70204

[0043] http: / / install3.ring520.org / kkkk / mminstall.exe?s ...

Example Embodiment

[0058] Embodiment 3

[0059] Taking the virus Trojan-Downloader.Win32.QQHelper.vn as an example, this paper introduces how to automatically remove the virus by configuring network parameters.

[0060] Behavioral characteristics of the virus include:

[0061] (1) First download the following configuration file:

[0062] http: / / up.bizmd.cn / software / update.txt

[0063] (2) Then the next download content is determined according to the content in the file, and the virus author can completely control the download behavior of the downloader by controlling and updating the content of the file. For example, at a certain stage, the content of the file is as shown between the dotted lines below:

[0064] -------------------------------------------------- ----------------------

[0065] [PlugList]

[0066] Url=http: / / up.bizmd.cn / software / pluglist.xml

[0067] [Download]

[0068] Ver=42

[0069] Key=2

[0070] ic=1

[0071] URL=http: / / up.bizmd.cn / software / netdde32.exe, 0, 2, W, ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses a virus prevention method and a device, the method includes detecting a network connection request message transmitted from a client, the request message includes a first network address requested by the client for connection; judging if the first network address is utilized as the network address by the virus for updating data; if so, setting the network parameters to lead the client to be connected to a second network address, a server corresponding to the second network address stores a program for killing the virus. The virus prevention method provided by the embodiment utilizes the automatic updating mechanism of the virus to lead the virus to download virus-killing software during the automatic updating of the virus by setting the network parameters, thereby, the trouble of finding virus-killing programs by the customer can be saved, and at the same time, the efficiency and accuracy of the virus-killing software can be improved considerably.

Description

technical field [0001] The invention relates to the field of network technology, in particular to a virus prevention method and device. Background technique [0002] With the development of network technology, there have been many viruses that have invaded computers in various forms and violated the interests of computer users. Virus types include worms (worm), downloaders (downloaders), malicious software or codes (malware), and the like. Among them, worms generally refer to viruses that have network replication capabilities and can automatically spread through the network. At present, quite a few viruses belong to this category. Downloader, software with a download function, specifically refers to a type of virus classification in this article, which can connect to a preset specific server regularly or with a certain strategy, download malware and start execution. Malicious code or malicious software, software and codes that secretly or forcibly run on a computer and har...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L9/36H04L29/06G06F21/00G06F21/56
Inventor 李君生
Owner CHENGDU HUAWEI TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap