Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and device for processing malicious programs

A malicious program and storage location technology, applied in the computer field, can solve problems such as time-consuming, lack of malicious programs, and complicated operations, and achieve the effect of improving efficiency

Active Publication Date: 2016-05-18
三六零数字安全科技集团有限公司
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, the only way to check and kill malicious programs to restore the system is to reinstall the system, or start from a U disk, and replace the restore driver with a clean driver. time consuming
[0004] Therefore, there is still relatively lack of a truly effective and fast method of killing malicious programs bundled with restore drivers.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for processing malicious programs
  • A method and device for processing malicious programs
  • A method and device for processing malicious programs

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0029] Embodiment one: see figure 1 , the process of handling malicious programs includes:

[0030] Step 101: Analyze the file system where the first file bundled with the malicious program is located, and obtain the storage location where the first file is located.

[0031] After the system is infected with the malicious program bundled with the first file, it needs to obtain the storage location of the first file. The first file may be a file carrying a restore driver, or a file with other functions. The storage location includes: a sector of a physical disk, or other physical storage media.

[0032] The storage location of the first file can be obtained through the file system, that is, the file system where the first file bundled with the malicious program is analyzed to obtain the storage location of the first file, which specifically includes: sending the storage location of the first file to the file system The command is requested, and then the storage location wher...

Embodiment 2

[0044] Embodiment 2: In the process of processing the malicious program, it is necessary to detect that the system is infected with the malicious program bundled with the first file, and then the scanning and killing process can be performed. see figure 2 , the process of processing malicious programs in this embodiment includes:

[0045] Step 201: Detect and report a malicious program and the first file bundled with the malicious program.

[0046] In the embodiment of the present invention, it can be detected that the system is infected with a malicious program bundled with the first file, that is, the malicious program and the first file bundled with the malicious program can be detected and reported, or reported and displayed. Specifically include:

[0047] The malicious program and the first file bundled with the malicious program are scanned, and the first information of the malicious program and the first file is sent to the cloud server, so that the cloud server upda...

Embodiment 3

[0068] Embodiment 3: In this implementation, the system is a Windows system, the first file carries the AoDun recovery driver, the malicious program bundles the first file, and the first file is stored on a certain specific disk sector of the Windows system C disk. see in image 3 , in this embodiment, the process of processing malicious programs includes:

[0069] Step 301: It is detected that the system disk C in the Windows environment is infected with a malicious program bundled with a file carrying a restore driver.

[0070] The malicious program bundles the first file, and the first file carries the AoDun restore driver. In this way, the system disk C is set to restore mode after being infected with the malicious program, such as Figure 4 As shown, there is a restore arrow on the C drive.

[0071] Specifically, it can be determined through regular virus scanning that the system disk C is infected with a malicious program bundled with a file carrying a restore driver. ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and device for processing malicious programs, and aims to improve efficiency of checking, killing and processing the malicious programs. The method for processing the malicious programs includes the steps that a file system where a first file is located is analyzed, wherein the first file is bound with the malicious programs; the storage position where the first file is located is acquired; a first drive is loaded, a miniport drive corresponding to the storage position sends instructions through the first drive, and the first file which is bound with the malicious programs is modified into a second file to check, kill and process the malicious programs, wherein the second file is a non-function drive file which is not infected by the malicious programs.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a method and device for processing malicious programs. Background technique [0002] With the development of antivirus software technology, general malicious programs cannot escape the fate of being checked and killed. But, along with the publicity of reduction drive technology, malicious program just begins to utilize this technology to reach the purpose that antivirus software can't check and kill. Specifically, a malicious program is bundled with a file carrying a restore driver, so that after the malicious program infects the system, it sets the disk where the infected system is located to restore mode. At this time, although existing antivirus software can detect The existence of this malicious program, however, when checking and killing, because the existing anti-virus software all checks and kills the malicious program and the files bundled on the malicious program thro...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
CPCG06F21/568
Inventor 邵坚磊申迪
Owner 三六零数字安全科技集团有限公司