技术领域technical field
本发明涉及计算机安全技术,具体涉及一种恶意代码的查杀方法和系统。The invention relates to computer security technology, in particular to a method and system for checking and killing malicious codes.
背景技术Background technique
当终端被病毒、木马等恶意代码感染后,恶意代码会侵入该终端的操作系统,破坏硬盘上的数据等。并且在该终端的操作系统的启动序列上,安全软件的进程通常位于恶意代码的进程之后,使得恶意代码的进程可以优先于安全软件的进程来执行驱动。When a terminal is infected by malicious codes such as viruses and Trojan horses, the malicious codes will invade the operating system of the terminal and destroy data on the hard disk. And in the startup sequence of the operating system of the terminal, the process of the security software is usually located behind the process of the malicious code, so that the process of the malicious code can execute the driver prior to the process of the security software.
恶意代码的进程优先执行驱动,因此可以在系统中执行一些操作以避免其被查杀。例如,恶意代码可以隐藏自身的文件、进程、模块等数据,从而使得安全软件在扫描系统时,无法扫描到恶意代码的数据。又如,恶意代码可以攻击操作系统,修改安全软件的信任区,阻止安全软件连网、修改安全软件的查杀结果等,从而使得安全软件出现加载失败或查杀失败等状况,进而使得恶意代码达到避免被查杀的目的。The process of malicious code executes the driver first, so it can perform some operations in the system to avoid being detected and killed. For example, malicious code can hide data such as its own files, processes, and modules, so that the security software cannot scan the data of malicious code when scanning the system. For another example, malicious code can attack the operating system, modify the trust zone of the security software, prevent the security software from connecting to the network, modify the antivirus results of the security software, etc., so that the security software fails to load or the antivirus fails, and the malicious code To achieve the purpose of avoiding being checked and killed.
因此,当终端被恶意代码感染后,就会出现安全软件失去作用的情况,使得安全软件无法确保终端的安全。Therefore, when the terminal is infected by malicious codes, the security software will lose its function, so that the security software cannot ensure the security of the terminal.
发明内容Contents of the invention
鉴于上述问题,提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的恶意代码的查杀系统和相应的恶意代码的查杀方法。In view of the above problems, the present invention is proposed to provide a system for checking and killing malicious codes and a corresponding method for checking and killing malicious codes that overcome the above problems or at least partially solve the above problems.
依据本发明的一个方面,提供了一种恶意代码的查杀方法,终端中配臵有第一操作系统,外臵存储设备中配臵有第二操作系统,所述第二操作系统中安装有安全软件,所述的方法包括:According to one aspect of the present invention, a method for detecting and killing malicious codes is provided. A first operating system is configured in a terminal, a second operating system is configured in an external storage device, and a second operating system is installed in the second operating system. Security software, the method comprising:
预先在终端的启动项中添加所述第二操作系统的启动选项;Adding the startup option of the second operating system in the startup item of the terminal in advance;
进入所述终端的启动项后,选择所述第二操作系统的启动选项,以进入配置于存储设备中的第二操作系统;After entering the startup item of the terminal, select the startup option of the second operating system to enter the second operating system configured in the storage device;
启动所述第二操作系统中的安全软件,对所述终端进行扫描以查杀恶意代码。The security software in the second operating system is started, and the terminal is scanned to check and kill malicious codes.
本发明实施例中,所述预先在终端的启动项中添加所述第二操作系统的启动选项,包括:在终端的系统盘中写入引导文件,所述引导文件指向所述第二操作系统;在终端的启动项中添加一个启动选项,将所述启动选项指向所述引导文件。In the embodiment of the present invention, the pre-adding the startup option of the second operating system in the startup item of the terminal includes: writing a boot file in the system disk of the terminal, and the boot file points to the second operating system ;Add a startup option to the startup item of the terminal, and point the startup option to the boot file.
本发明实施例中,所述选择所述第二操作系统的启动选项,以进入配置于存储设备中第二操作系统,包括:通过选择所述第二操作系统的启动选项,触发所述引导文件;采用所述引导文件查找所述外置存储设备;读取所述外置存储设备中的数据或配置文件,启动所述第二操作系统。In the embodiment of the present invention, the selecting the startup option of the second operating system to enter the second operating system configured in the storage device includes: triggering the boot file by selecting the startup option of the second operating system ; Find the external storage device by using the boot file; read the data or configuration file in the external storage device, and start the second operating system.
本发明实施例中,所述外置存储设备具备若干设备类型,所述采用所述引导文件查找所述外置存储设备,包括:所述引导文件触发系统引导文件,获取终端的硬件设备;依据所述设备类型参数从所述硬件设备中查找所述外置存储设备。In the embodiment of the present invention, the external storage device has several device types, and the searching for the external storage device by using the boot file includes: the boot file triggers the system boot file to obtain the hardware device of the terminal; The device type parameter searches for the external storage device from the hardware device.
本发明实施例中,所述外置存储设备为可引导存储设备,则所述可引导存储设备中存在主引导记录,所述读取所述外置存储设备中的数据或配置文件,启动所述第二操作系统,包括:读取所述外置存储设备的数据或配置文件,查找是否存在所述主引导记录;若存在所述主引导记录,则启动所述主引导记录进入所述第二操作系统。In the embodiment of the present invention, the external storage device is a bootable storage device, and there is a master boot record in the bootable storage device, and the reading of the data or configuration file in the external storage device starts the The second operating system includes: reading the data or configuration file of the external storage device to find whether the master boot record exists; if the master boot record exists, start the master boot record and enter the first Two operating systems.
本发明实施例中,所述读取所述外置存储设备的数据或配置文件,查找是否存在所述主引导记录,包括:读取所述外置存储设备中任一扇区的数据或配置文件;根据所述扇区中各分区表的类型,确定是否存在所述主引导记录。In the embodiment of the present invention, the reading the data or configuration file of the external storage device and searching for whether the master boot record exists includes: reading the data or configuration of any sector in the external storage device file; according to the type of each partition table in the sector, determine whether the master boot record exists.
本发明实施例中,所述外置存储设备为可移动磁盘,包括:闪存盘、移动硬盘、手机、无线上网终端和存储卡。In the embodiment of the present invention, the external storage device is a removable disk, including: a flash disk, a mobile hard disk, a mobile phone, a wireless Internet access terminal, and a memory card.
根据本发明的另一方面,提供了一种恶意代码的查杀系统,包括终端和外置存储设备,其中,终端中配置有第一操作系统,外置存储设备中配置有第二操作系统,所述第二操作系统中配置有安全软件;According to another aspect of the present invention, a malicious code detection and killing system is provided, including a terminal and an external storage device, wherein the terminal is configured with a first operating system, and the external storage device is configured with a second operating system, Security software is configured in the second operating system;
所述终端包括:The terminals include:
添加模块,用于预先在启动项中添加所述第二操作系统的启动选项;Adding a module for pre-adding the startup option of the second operating system in the startup item;
启动模块,用于进入所述终端的启动项后,选择所述第二操作系统的启动选项,以进入配置于存储设备中第二操作系统;The startup module is used to select the startup option of the second operating system after entering the startup item of the terminal, so as to enter the second operating system configured in the storage device;
所述外置存储设备包括:The external storage devices include:
查杀模块,用于启动所述第二操作系统中的安全软件,对所述终端中的恶意代码进行查杀。The checking and killing module is configured to start the security software in the second operating system to check and kill malicious codes in the terminal.
本发明实施例中,所述添加模块,包括:写入子模块,用于在终端的系统盘中写入引导文件,所述引导文件指向所述第二操作系统;添加子模块,用于在终端的启动项中添加一个启动选项,将所述启动选项指向所述引导文件。In the embodiment of the present invention, the adding module includes: a writing submodule, used to write a boot file in the system disk of the terminal, and the boot file points to the second operating system; A startup option is added to the startup item of the terminal, and the startup option is pointed to the boot file.
本发明实施例中,所述启动模块,包括:触发模块,用于通过选择所述第二操作系统的启动选项,触发所述引导文件;查找子模块,用于采用所述引导文件查找所述外置存储设备;读取子模块,用于读取所述外置存储设备中的数据或配置文件,启动所述第二操作系统。In the embodiment of the present invention, the startup module includes: a trigger module, configured to trigger the boot file by selecting a startup option of the second operating system; a search submodule, configured to use the boot file to search for the boot file. An external storage device; a reading submodule, configured to read data or configuration files in the external storage device, and start the second operating system.
本发明实施例中,所述外置存储设备具备若干设备类型;所述查找子模块,具体用于所述引导文件触发系统引导文件,获取终端的硬件设备;依据所述设备类型参数从所述硬件设备中查找所述外置存储设备。In the embodiment of the present invention, the external storage device has several device types; the search submodule is specifically used for the boot file to trigger the system boot file to obtain the hardware device of the terminal; according to the device type parameter, the Find the external storage device in the hardware device.
本发明实施例中,所述外置存储设备为可引导存储设备,则所述可引导存储设备中存在主引导记录,则所述外置存储设备还包括:引导模块;所述引导模块,用于依据所述主引导记录进入所述第二操作系统;则所述读取子模块,具体用于读取所述外置存储设备的数据或配置文件,查找是否存在所述主引导记录;若存在所述主引导记录,则启动所述主引导记录。In the embodiment of the present invention, the external storage device is a bootable storage device, and there is a master boot record in the bootable storage device, then the external storage device further includes: a boot module; the boot module uses Entering the second operating system according to the master boot record; the reading submodule is specifically used to read the data or configuration file of the external storage device, and find out whether the master boot record exists; if If the master boot record exists, start the master boot record.
本发明实施例中,所述读取子模块,具体用于读取所述外置存储设备中任一扇区的数据或配置文件;根据所述扇区中各分区表的类型,确定是否存在所述主引导记录。In the embodiment of the present invention, the reading submodule is specifically used to read the data or configuration file of any sector in the external storage device; according to the type of each partition table in the sector, determine whether there is The Master Boot Record.
本发明实施例中,所述外置存储设备为可移动磁盘,包括:闪存盘、移动硬盘、手机、无线上网终端和存储卡。In the embodiment of the present invention, the external storage device is a removable disk, including: a flash disk, a mobile hard disk, a mobile phone, a wireless Internet access terminal, and a memory card.
本发明实施例终端中配置有第一操作系统,外置存储设备中配置有第二操作系统,所述第二操作系统中安装有安全软件。因此可以在终端的启动项中添加所述第二操作系统的启动选项,从而在启动终端时进入所述第二操作系统,采用第二操作系统中的安全软件,对所述终端进行扫描以查杀恶意代码。在使用终端的第一操作系统时,第二操作系统的数据适于终端隔离的,因此即使终端被恶意代码侵入,第二操作系统中的数据是安全的,因此其中的安全软件可以保护终端中数据的安全。In the embodiment of the present invention, the terminal is configured with a first operating system, the external storage device is configured with a second operating system, and security software is installed in the second operating system. Therefore, the startup option of the second operating system can be added to the startup item of the terminal, so as to enter the second operating system when starting the terminal, and use the security software in the second operating system to scan the terminal to check Kill malicious code. When using the first operating system of the terminal, the data of the second operating system is suitable for terminal isolation, so even if the terminal is invaded by malicious code, the data in the second operating system is safe, so the security software in it can protect the data in the terminal Data Security.
上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solution of the present invention. In order to better understand the technical means of the present invention, it can be implemented according to the contents of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and understandable , the specific embodiments of the present invention are enumerated below.
附图说明Description of drawings
通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiment. The drawings are only for the purpose of illustrating a preferred embodiment and are not to be considered as limiting the invention. Also throughout the drawings, the same reference numerals are used to designate the same parts. In the attached picture:
图1示出了根据本发明一个实施例所述恶意代码的查杀方法流程图;Fig. 1 shows a flowchart of a method for checking and killing malicious codes according to an embodiment of the present invention;
图2示出了根据本发明一个实施例的所述进入第二操作系统方法流程图;FIG. 2 shows a flow chart of the method for entering a second operating system according to an embodiment of the present invention;
图3示出了本发明实施例所述引导文件操作流程图;Fig. 3 shows the operation flowchart of the boot file described in the embodiment of the present invention;
图4示出了根据本发明一个实施例所述恶意代码的查杀系统结构图;FIG. 4 shows a structural diagram of a malicious code checking and killing system according to an embodiment of the present invention;
图5示出了根据本发明一个实施例所述终端结构图。Fig. 5 shows a structural diagram of the terminal according to an embodiment of the present invention.
具体实施方式detailed description
下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.
当终端被病毒、木马等恶意代码感染后,恶意代码会侵入该终端的操作系统,破坏硬盘上的数据,窃取用户信息等。因此为了保护数据的安全,用户的隐私,可以采用安全软件对病毒进行查杀。其中,所述安全软件是一种可以对病毒、木马等一切已知的对计算机有危害的恶意代码进行清除的程序工具。如杀毒软件,系统工具和反流氓软件等。When a terminal is infected by viruses, Trojan horses and other malicious codes, the malicious codes will invade the terminal's operating system, destroy data on the hard disk, and steal user information. Therefore, in order to protect the security of data and the privacy of users, security software can be used to scan and kill viruses. Wherein, the security software is a program tool that can remove all known malicious codes that are harmful to computers, such as viruses and Trojan horses. Such as anti-virus software, system tools and anti-rogue software.
但是,恶意代码为了避免自己被查杀,通常会改变该终端的操作系统的启动序列,使得恶意进程位于启动序列的前面,从而导致安全软件的进程位于恶意代码的进程之后,使得恶意代码的进程可以优先于安全软件的进程来执行驱动。However, in order to avoid being detected and killed by the malicious code, the startup sequence of the operating system of the terminal is usually changed, so that the malicious process is positioned in front of the startup sequence, thereby causing the process of the security software to be positioned after the malicious code process, making the malicious code process The driver may be executed prior to the process of the security software.
恶意代码的进程优先执行驱动,因此可以在系统中执行一些操作以避免其被查杀。例如,恶意代码可以隐藏自身的文件、进程、模块等数据,从而使得安全软件在扫描系统时,无法扫描到恶意代码的数据。又如,恶意代码可以攻击操作系统,修改安全软件的信任区,阻止安全软件连网、修改安全软件的查杀结果等,从而使得安全软件出现加载失败或查杀失败等状况,进而使得恶意代码达到避免被查杀的目的。The process of malicious code executes the driver first, so it can perform some operations in the system to avoid being detected and killed. For example, malicious code can hide data such as its own files, processes, and modules, so that the security software cannot scan the data of malicious code when scanning the system. For another example, malicious code can attack the operating system, modify the trust zone of the security software, prevent the security software from connecting to the network, modify the antivirus results of the security software, etc., so that the security software fails to load or the antivirus fails, and the malicious code To achieve the purpose of avoiding being checked and killed.
因此,当终端被恶意代码感染后,就会出现安全软件失去作用的情况,使得安全软件无法确保终端的安全。Therefore, when the terminal is infected by malicious codes, the security software will lose its function, so that the security software cannot ensure the security of the terminal.
本发明实施例针对上述的情况,提供了一种恶意代码的查杀方法,可以为终端引入外置存储设备中的操作系统,从而采用该操作系统中的安全软件对终端进行扫描,以对终端中的恶意代码进行查杀。In view of the above situation, the embodiment of the present invention provides a malicious code detection and killing method, which can introduce an operating system in an external storage device for the terminal, so that the security software in the operating system is used to scan the terminal to The malicious code in the file is scanned and killed.
本发明实施例中,终端中的操作系统称为第一操作系统,将外置存储设备中的操作系统称为第二操作系统,并且在第二操作系统中安装安全软件,从而可以采用所述安全软件保护数据的安全。当然,第一操作系统中也可以安装杀毒软件,从而在使用第一操作系统时,可以对终端中的数据安全进行维护。In the embodiment of the present invention, the operating system in the terminal is called the first operating system, and the operating system in the external storage device is called the second operating system, and security software is installed in the second operating system, so that the described Security software keeps data safe. Certainly, antivirus software may also be installed in the first operating system, so that data security in the terminal can be maintained when the first operating system is used.
因此,所述终端中配置有第一操作系统,外置存储设备中配置有第二操作系统,并且在所述第二操作系统中安装安全软件。其中,所述第一操作系统和第二操作系统可以是Windows、Linux等,本发明实施例对此不做限定。Therefore, the first operating system is configured in the terminal, the second operating system is configured in the external storage device, and security software is installed in the second operating system. Wherein, the first operating system and the second operating system may be Windows, Linux, etc., which are not limited in this embodiment of the present invention.
图1示出了根据本发明一个实施例所述恶意代码的查杀方法流程图。Fig. 1 shows a flowchart of a method for checking and killing malicious codes according to an embodiment of the present invention.
步骤101,预先在终端的启动项中添加所述第二操作系统的启动选项。Step 101, pre-adding the startup option of the second operating system in the startup item of the terminal.
由于感染病毒后,终端的第一操作系统中的安全软件可以无法继续保护系统的安全,因此为了确保终端中数据的安全,可以引入外置的第二操作系统。所述第二操作系统配置于外置存储设备中,从而第二操作系统中的数据本身是独立于终端的,因此如果终端在感染恶意代码时没有连接外置存储设备,则第二操作系统不会感染病毒,即第二操作系统中的数据是安全的。After being infected with a virus, the security software in the first operating system of the terminal may not be able to continue to protect the security of the system, so in order to ensure the security of data in the terminal, an external second operating system may be introduced. The second operating system is configured in the external storage device, so that the data in the second operating system itself is independent of the terminal, so if the terminal is not connected to the external storage device when it is infected with malicious code, the second operating system will not Can be infected with viruses, that is, the data in the second operating system is safe.
此后若终端调用该第二操作系统,就可以使用第二操作系统中的安全软件,对终端以及外置存储设备中的数据进行扫描,从而保护终端及外置存储设备中数据的安全。其中,所述终端调用第二操作系统,可以理解为在终端中启动并进入第二操作系统。Afterwards, if the terminal invokes the second operating system, the security software in the second operating system can be used to scan the data in the terminal and the external storage device, thereby protecting the security of the data in the terminal and the external storage device. Wherein, the terminal calling the second operating system can be understood as starting and entering the second operating system in the terminal.
终端启动时会先进入启动项,在启动项中可以通过启动选项选择进入的位置,如安全模式、第一操作系统或第二操作系统等。因此,要预先在终端的启动项中添加所述第二操作系统的启动选项,即在终端的启动项中添加一个启动选项,采用该启动选项指向外置存储设备的第二操作系统。When the terminal is started, it will first enter the startup item. In the startup item, you can select the location to enter through the startup option, such as safe mode, the first operating system or the second operating system. Therefore, the startup option of the second operating system should be added to the startup item of the terminal in advance, that is, a startup option is added to the startup item of the terminal, and the startup option is used to point to the second operating system of the external storage device.
则本发明实施例中,所述预先在终端的启动项中添加所述第二操作系统的启动选项,包括:Then in the embodiment of the present invention, the pre-adding the startup option of the second operating system in the startup item of the terminal includes:
在终端的系统盘中写入引导文件,所述引导文件指向所述第二操作系统;在终端的启动项中添加一个启动选项,将所述启动选项指向所述引导文件。Writing a boot file in the system disk of the terminal, the boot file pointing to the second operating system; adding a startup option in the startup item of the terminal, and pointing the startup option to the boot file.
首先可以在终端的系统盘中写入引导文件,例如采用WriteFile将引导文件放到系统盘中。其中,系统盘是终端的硬盘中的一个,主要用于对终端中操作系统等的数据进行存储,如C盘。所述引导文件用于引导进入相应的操作系统,是一种可执行文件。First, the boot file can be written in the system disk of the terminal, for example, using WriteFile to put the boot file in the system disk. Wherein, the system disk is one of the hard disks of the terminal, and is mainly used to store data such as the operating system in the terminal, such as the C disk. The boot file is used to boot into the corresponding operating system and is an executable file.
本申请实施例中所述引导文件指向外置存储设备中的第二操作系统,即在调用该引导文件后,可以采用该引导文件引导到第二操作系统。The boot file in the embodiment of the present application points to the second operating system in the external storage device, that is, after calling the boot file, the boot file can be used to boot to the second operating system.
然后,可以在终端的启动项中添加一个启动选项,将所述启动选项指向所述引导文件,从而后续通过所述启动选项可以将所述启动选项指向所述引导文件中。具体的,由于第一操作系统的不同,在启动项中添加启动选项的操作也各不相同。Then, a startup option can be added to the startup item of the terminal, and the startup option can be pointed to the boot file, so that the startup option can be used to point the startup option to the boot file later. Specifically, due to the difference of the first operating system, the operation of adding the startup option in the startup item is also different.
以在Windows系统为例,若所述第一操作系统是WindowsXP或Windows2003,则可以采用系统文件boot.ini在系统中添加启动选项。具体的,使用boot.ini时可以调用系统的应用程序编程接口(ApplicationProgrammingInterface,API)添加启动项,其中API具体可以包括:GetPrivateProfileInt、WritePrivateProfileString、GetPrivateProfileString和WritePrivateProfileTnt。Taking the Windows system as an example, if the first operating system is Windows XP or Windows 2003, the system file boot.ini can be used to add startup options in the system. Specifically, when using boot.ini, the application programming interface (Application Programming Interface, API) of the system may be called to add startup items, wherein the API may specifically include: GetPrivateProfileInt, WritePrivateProfileString, GetPrivateProfileString and WritePrivateProfileTnt.
又如,在vista、win7和win8系统中,可以采用bcdedit.exe这个系统工具。来完成启动选项的添加,其中bcdedit.exe使用到的功能可以包括:1、copy{current};2、displayorder;3、addlast。For another example, in vista, win7 and win8 systems, the system tool bcdedit.exe can be used. To complete the addition of startup options, the functions used by bcdedit.exe may include: 1. copy{current}; 2. displayorder; 3. addlast.
步骤102,进入所述终端的启动项后,选择所述第二操作系统的启动选项,以进入配置于存储设备中第二操作系统。Step 102, after entering the startup item of the terminal, select the startup option of the second operating system to enter the second operating system configured in the storage device.
在所述终端的启动项中添加了第二操作系统的启动选项后,可以在启动终端并进入所述终端的启动项后,选择所述第二操作系统的启动选项,从而触发所述启动选项指向的引导文件,进而通过引导文件进入外置存储设备中的第二操作系统。After the startup option of the second operating system is added to the startup item of the terminal, after starting the terminal and entering the startup item of the terminal, the startup option of the second operating system can be selected, thereby triggering the startup option The boot file pointed to, and then enter the second operating system in the external storage device through the boot file.
图2示出了根据本发明一个实施例所述进入第二操作系统方法流程图。Fig. 2 shows a flowchart of a method for entering a second operating system according to an embodiment of the present invention.
其中,所述选择所述第二操作系统的启动选项,以进入配置于存储设备中第二操作系统,包括:Wherein, the selection of the startup option of the second operating system to enter the second operating system configured in the storage device includes:
步骤201,通过选择所述第二操作系统的启动选项,触发所述引导文件。Step 201, triggering the boot file by selecting the startup option of the second operating system.
在启动终端并进入启动项后,可以选择所述第二操作系统的启动选项,所述第二操作系统的启动选项指向所述引导文件,从而可以触发所述引导文件。After starting the terminal and entering the startup item, the startup option of the second operating system can be selected, and the startup option of the second operating system points to the boot file, so that the boot file can be triggered.
步骤202,采用所述引导文件查找所述外置存储设备。Step 202, using the boot file to search for the external storage device.
引导文件被触发后,就可以依据所述引导文件中的配置执行相关操作,具体的首先所述引导文件会查找所述外置存储设备。After the boot file is triggered, related operations can be performed according to the configuration in the boot file. Specifically, first, the boot file will search for the external storage device.
其中,不同的文件可以采用文件的后缀进行区分,如.exe,.ini等,因此本发明实施例中配置的引导文件可以通过名称、后缀等查找。Wherein, different files can be distinguished by file suffixes, such as .exe, .ini, etc. Therefore, the boot files configured in the embodiment of the present invention can be searched by name, suffix, etc.
实际处理中,硬件设备往往包含多种类型,如硬盘、外置存储设备、显卡、声卡、网卡、显示器、键盘、鼠标和打印机等,或者是闪存盘、移动硬盘、手机、无线上网终端、和存储卡等。In actual processing, hardware devices often include multiple types, such as hard disks, external storage devices, graphics cards, sound cards, network cards, monitors, keyboards, mice, and printers, or flash drives, mobile hard drives, mobile phones, wireless Internet terminals, and memory card, etc.
因此,在终端中可以采用设备类型参数来对各硬件设备进行区分。Therefore, the device type parameter may be used in the terminal to distinguish each hardware device.
随着技术的发展,外置存储设备也变得也来越多样,如磁盘、硬盘等,又如闪存盘、DVD光盘等,因此可以采用设备类型对不同的外置存储设备进行区分,即所述外置存储设备具备若干设备类型,则在终端中可以采用设备类型参数来标记各外置存储设备的设备类型。With the development of technology, external storage devices have become more and more diverse, such as magnetic disks, hard disks, etc., and flash disks, DVD discs, etc. Therefore, different external storage devices can be distinguished by device type, that is, the If the above-mentioned external storage device has several device types, the device type of each external storage device may be marked with a device type parameter in the terminal.
所述采用所述引导文件查找所述外置存储设备,包括:The searching for the external storage device by using the boot file includes:
所述引导文件触发系统引导文件,获取终端的硬件设备;依据所述设备类型参数从所述硬件设备中查找所述外置存储设备。The boot file triggers the system boot file to obtain the hardware device of the terminal; and searches for the external storage device from the hardware device according to the device type parameter.
其中,所述系统引导文件可以为NTDETECT.COM,用于收集终端中各硬件设备的信息,从而对终端中的硬件设备进行枚举。Wherein, the system boot file may be NTDETECT.COM, which is used to collect information of each hardware device in the terminal, so as to enumerate the hardware devices in the terminal.
例如:通过NTDETECT.COM会收集包括如下类型的硬件信息:系统固件信息,例如时间和日期等,总线适配器的类型,显卡适配器的类型,键盘,通信端口,磁盘,软盘,输入设备,例如鼠标,并口,安装在ISA槽中的ISA设备,并且操作系统例如WindowsXP可以在屏幕上提示用户Windows的启动进程等。For example: NTDETECT.COM will collect hardware information including the following types: system firmware information, such as time and date, type of bus adapter, type of graphics card adapter, keyboard, communication port, disk, floppy disk, input device, such as mouse, Parallel port, the ISA device installed in the ISA slot, and the operating system such as WindowsXP can prompt the user on the screen to start the process of Windows.
本发明实施例中,所述引导文件会触发系统引导文件,所述系统引导文件可以依据各设备类型参数枚举终端中的硬件设备,即可以获取终端中各种类型的硬件设备,当然也可以依据设备类型参数,从所述硬件设备中查找到各设备类型的外置存储设备,如查找磁盘或硬盘,甚至查找更细节的USB类型的闪存盘。In the embodiment of the present invention, the boot file will trigger the system boot file, and the system boot file can enumerate the hardware devices in the terminal according to the parameters of each device type, that is, it can obtain various types of hardware devices in the terminal, and of course it can also According to the device type parameter, the external storage device of each device type is found from the hardware device, such as a disk or a hard disk, or even a more detailed USB flash drive.
步骤203,读取所述外置存储设备中的数据,启动所述第二操作系统。Step 203, read data in the external storage device, and start the second operating system.
然后可以读取所述外置存储设备中的数据,从而获取到与启动相关的数据,启动第二操作系统。Then the data in the external storage device can be read, so as to obtain the data related to startup, and start the second operating system.
本发明实施例中,所述外置存储设备为可引导存储设备,则所述可引导存储设备中存在主引导记录。In the embodiment of the present invention, the external storage device is a bootable storage device, and a master boot record exists in the bootable storage device.
所述可引导存储设备是一种可以通过引导进行启动等操作的存储设备。则可引导存储设备中存在主引导记录(MasterBootRecord,MBR),也称为主引导程序,所述主引导记录一般将MBR分为广义和狭义两种:广义的MBR包含整个扇区(引导程序、分区表及分隔标识);而狭义的MBR仅指引导程序。The bootable storage device is a storage device that can be booted to perform operations such as startup. Then there is a master boot record (MasterBootRecord, MBR) in the bootable storage device, also known as the master boot program. The master boot record generally divides the MBR into two types: broad sense and narrow sense: the broad sense MBR includes the entire sector (boot program, Partition table and separate logo); while the narrow MBR only refers to the boot program.
终端通电开机,主板自检完成后,MBR位于被第一个读取到的位置。即位于硬盘的0磁头0磁道1扇区,它的大小是512字节,不属于任何一个操作系统,也不能用操作系统提供的磁盘操作命令来读取。DOS时代泛滥成灾的引导区病毒多寄生于此。After the terminal is powered on and the motherboard self-test is completed, the MBR is located at the first read position. That is, it is located at head 0, track 1 and sector 1 of the hard disk, its size is 512 bytes, it does not belong to any operating system, and it cannot be read by the disk operation command provided by the operating system. Most of the boot sector viruses that were rampant in the DOS era were parasitic here.
则所述读取所述外置存储设备中的数据或配置文件,启动所述第二操作系统,包括:Then the reading of data or configuration files in the external storage device, and starting the second operating system include:
读取所述外置存储设备的数据或配置文件,查找是否存在所述主引导记录;若存在所述主引导记录,则启动所述主引导记录进入所述第二操作系统。Reading the data or configuration file of the external storage device to find whether the master boot record exists; if the master boot record exists, start the master boot record to enter the second operating system.
终端中可能插入了若干个外置存储设备,因此可以逐个查找外置存储设备,并依次读取每个外置存储设备的数据或配置文件,查找是否存在所述MBR,若不存在所述MBR,则继续读取下一个外置存储设备并查找。若存在所述MBR,则启动所述MBR,通过所述MBR可以进入所述第二操作系统。There may be several external storage devices inserted into the terminal, so you can search for the external storage devices one by one, and read the data or configuration files of each external storage device in turn to find out whether the MBR exists. If the MBR does not exist, , continue to read and search for the next external storage device. If the MBR exists, the MBR is started, and the second operating system can be entered through the MBR.
进一步,所述读取所述外置存储设备的数据或配置文件,查找是否存在所述主引导记录,包括:Further, the reading of the data or configuration file of the external storage device to find whether the master boot record exists includes:
读取所述外置存储设备中任一扇区的数据或配置文件;根据所述扇区中各分区表的类型,确定是否存在所述主引导记录。Read the data or configuration file of any sector in the external storage device; determine whether the master boot record exists according to the type of each partition table in the sector.
以第一扇区为例,所述第一扇区是存储设备的第一个扇区,它通常是512个字节最后2个字节是55AA。本发明实施例中,在向终端的系统盘中写入引导文件时,也可以插入外置存储设备,向所述外置存储设备写入引导相关的数据,如第一个扇区可以在倒数第3和第4个字节写入自定义的标记,比如360F。因此,当引导文件查找到外置存储设备,并读取第一个扇区中数据或配置文件时,可以判断倒数第3和第4个字节中的数据是否是360F。若是就认为存在完整的引导程序,即存在主引导记录。并且可以将所述外置存储设备配置成可启动的外置存储设备,即可以自行启动的外置存储设备。Taking the first sector as an example, the first sector is the first sector of the storage device, which is usually 512 bytes and the last 2 bytes are 55AA. In the embodiment of the present invention, when writing the boot file to the system disk of the terminal, an external storage device can also be inserted, and boot-related data can be written to the external storage device. For example, the first sector can be The 3rd and 4th bytes are written into custom tags, such as 360F. Therefore, when the boot file finds the external storage device and reads the data or configuration file in the first sector, it can be judged whether the data in the penultimate 3rd and 4th bytes is 360F. If so, it is considered that there is a complete boot program, that is, there is a master boot record. And the external storage device can be configured as a bootable external storage device, that is, an external storage device that can be started by itself.
假设主引导记录配置于存储设备的第一扇区内,则可以查找所述外置存储设备中的第一扇区,然后读取所述第一扇区中的数据或配置文件,然后根据第一扇区中各分区表的类型,具体的,可以根据预先写入外置存储器中的自定义的标记,确定该分区表的类型,从而查找是否存在可引导数据,即确定是否存在所述主引导记录。Assuming that the master boot record is configured in the first sector of the storage device, you can search for the first sector in the external storage device, then read the data or configuration files in the first sector, and then according to the first sector The type of each partition table in a sector, specifically, the type of the partition table can be determined according to the self-defined mark written in the external memory in advance, so as to find whether there is bootable data, that is, to determine whether there is the main boot record.
当然,所述自定义的标记也可以写入外置存储设备的其他扇区中,如第二个扇区或第三个扇区中的某个位置。因此,若查找第一扇区中没有主引导记录后,还可以查找其他扇区。若将所述自定义的标记写入其他扇区,则相关查找主引导记录的操作同在第一扇区进行查找基本一致,对于在第一扇区中查找主引导记录的相关操作仅由于举例论述,不应理解为是对本发明实施例的限制。Certainly, the self-defined mark can also be written into other sectors of the external storage device, such as a certain position in the second sector or the third sector. Therefore, if there is no master boot record in the first sector, you can also search for other sectors. If the self-defined mark is written into other sectors, then the operation of searching for the master boot record is basically the same as searching in the first sector, and the related operations of searching for the master boot record in the first sector are only for example The discussion should not be construed as limiting the embodiments of the present invention.
例如,外置存储设备是闪存盘,是USB类型的磁盘中的一种,可以读取所述闪存盘的数据,具体的会读取所述闪存盘的任一扇区,根据所述扇区中各分区表的类型查找是否存在可引导数据即MBR,在找到MBR后,可以由MBR引导进入第二操作系统。For example, the external storage device is a flash disk, which is one of the USB disks, and can read the data of the flash disk, specifically any sector of the flash disk, according to the sector The type of each partition table in the search is whether there is bootable data, that is, MBR. After finding the MBR, the MBR can be used to boot into the second operating system.
实际处理中,通常终端启动的过程是:In actual processing, the process usually started by the terminal is:
1.终端通电开机,主板自检;1. The terminal is powered on, and the main board self-checks;
2.主板BIOS根据终端中指定的启动顺序从软盘、硬盘或光驱进行启动;2. The motherboard BIOS starts from the floppy disk, hard disk or CD-ROM according to the startup sequence specified in the terminal;
3.BIOS将主引导记录(MBR)读入内存;3. BIOS reads the master boot record (MBR) into memory;
4.BIOS将控制权交给MBR;4. BIOS transfers control to MBR;
5.MBR可以检查分区表状态,寻找活动的分区;5. MBR can check the status of the partition table to find active partitions;
6.主引导程序将控制权交给活动分区的引导记录,由所述引导记录加载操作系统的启动文件,启动对应的操作系统。6. The main boot program transfers the control right to the boot record of the active partition, and the boot record loads the startup file of the operating system to start the corresponding operating system.
本发明实施例中,由于终端中选定的是第二操作系统的启动选项,因此,在第3步中,BIOS会将引导文件读入内存,然后将控制权交给所述引导文件。In the embodiment of the present invention, since the startup option of the second operating system is selected in the terminal, in step 3, the BIOS will read the boot file into the memory, and then hand over the control right to the boot file.
图3示出了本发明实施例所述引导文件操作流程图。Fig. 3 shows a flow chart of the operation of the boot file according to the embodiment of the present invention.
步骤301,打开外置存储设备。Step 301, open the external storage device.
步骤302,读取外置存储设备前n个引导区的数据或配置文件到内存的地址X中。Step 302, read the data or configuration files of the first n boot areas of the external storage device into the address X of the internal memory.
其中,所述引导区可以理解为外置存储设备的扇区,由于每一个扇区可以存储512字节的数据,因此读取到内存中的数据就有n*512字节。Wherein, the boot area can be understood as a sector of an external storage device. Since each sector can store 512 bytes of data, there are n*512 bytes of data read into the memory.
步骤303,跳转到外置存储设备中数据或配置文件在内存中的地址X。Step 303, jumping to the address X in memory of the data or configuration file in the external storage device.
即主引导程序后续可以将控制权交给所述前n个引导区中的引导记录。That is, the master boot program may hand over the control rights to the boot records in the first n boot areas subsequently.
步骤304,将地址X的数据或配置文件等运行后,加载第二操作系统。Step 304, after running the data or configuration file at address X, load the second operating system.
即引导记录运行后,由所述引导记录加载第二操作系统的启动文件,启动所述第二操作系统。That is, after the boot record runs, the boot record loads the startup file of the second operating system to start the second operating system.
步骤103,启动所述第二操作系统中的安全软件,对所述终端进行扫描以查杀恶意代码。Step 103, start the security software in the second operating system, and scan the terminal to check and kill malicious codes.
进入第二操作系统后,可以启动所述第二操作系统中的安全软件,使用所述安全软件对终端和外置存储设备中个存储空间的数据进行扫描,从而检测是否存在病毒等恶意代码。After entering the second operating system, the security software in the second operating system can be started, and the security software is used to scan the data in the storage space of the terminal and the external storage device, so as to detect whether malicious codes such as viruses exist.
本发明实施例中可以在终端的第一操作系统感染恶意代码后,第一操作系统的安全软件无法保护系统安全的情况下,重新启动所述终端并插入外置存储设备,从而进入第二操作系统,使用安全软件进行恶意代码的查杀。In the embodiment of the present invention, after the first operating system of the terminal is infected with malicious codes and the security software of the first operating system cannot protect the system security, restart the terminal and insert an external storage device to enter the second operation System, use security software to scan and kill malicious codes.
也可以在每次启动所述终端时都先插入外置存储设备,并进入终端的启动项后,选择进入第二操作系统的启动项,从而进入第二操作系统,使用安全软件进行恶意代码的查杀。在确认没有问题后,再进入第一操作系统。It is also possible to insert an external storage device every time the terminal is started, and after entering the startup item of the terminal, choose to enter the startup item of the second operating system, thereby entering the second operating system, and using security software to detect malicious codes. kill. After confirming that there is no problem, enter the first operating system.
在上述的过程中为了保证第二操作系统中数据的安全,从而使得第二操作系统中的安全软件可以保护终端中数据的安全,还可以在进入第二操作系统之前,将配置有第二操作系统的外置存储设备和所述终端隔离,从而使得终端中运行第一操作系统时,配置有第二操作系统的外置存储设备不会与终端进行连接,从而保证外置存储设备中数据的安全。In the above process, in order to ensure the security of data in the second operating system, so that the security software in the second operating system can protect the security of data in the terminal, it is also possible to configure the second operating system before entering the second operating system. The external storage device of the system is isolated from the terminal, so that when the first operating system is running in the terminal, the external storage device configured with the second operating system will not be connected to the terminal, thereby ensuring data security in the external storage device Safety.
本发明实施例中,外置存储设备为可移动磁盘,包括:闪存盘、移动硬盘、手机、无线上网终端和存储卡。In the embodiment of the present invention, the external storage device is a removable disk, including: a flash disk, a mobile hard disk, a mobile phone, a wireless Internet access terminal, and a memory card.
例如,一种恶意代码是淘宝客驱动木马,终端感染所述淘宝客驱动木马后,会断开终端的网络,同时木马的驱动可以隐藏自身文件和进程。从而使得安全软件由于断网无法连接到云端的杀毒引擎,从而无法查杀该木马。For example, one kind of malicious code is a Taobaoke driver Trojan horse. After the terminal is infected with the Taobaoke driver Trojan horse, it will disconnect the network of the terminal, and the driver of the Trojan horse can hide its own files and processes. As a result, the security software cannot connect to the antivirus engine in the cloud due to the disconnection of the network, so that the Trojan cannot be checked and killed.
本发明实施例中,假设所述第二操作系统为WinPE系统。在终端感染恶意代码如淘宝客驱动木马后,可以重新启动所述终端并插入外置存储设备,然后进入所述WinPE系统,从而在WinPE系统中对启动安全软件,对恶意代码进行查杀。本发明实施例无需用户手工配置BIOS,操作非常简单方便。In this embodiment of the present invention, it is assumed that the second operating system is a WinPE system. After the terminal is infected with malicious codes, such as the Trojan driven by Taobao, the terminal can be restarted and inserted into an external storage device, and then enter the WinPE system, thereby starting the security software in the WinPE system to check and kill the malicious codes. In the embodiment of the present invention, the user does not need to manually configure the BIOS, and the operation is very simple and convenient.
其中,WinPE指的是WindowsPreinstallEnvironment,即Windows预安装环境,是带有限服务的最小Win32子系统,基于以保护模式运行的WindowsXPProfessional内核。它包括运行Windows安装程序及脚本、连接网络共享、自动化基本过程以及执行硬件验证所需的最小功能。Among them, WinPE refers to WindowsPreinstallEnvironment, that is, Windows Preinstallation Environment, which is a minimal Win32 subsystem with limited services, based on the WindowsXP Professional kernel running in protected mode. It includes the minimum functionality needed to run Windows Setup and scripts, connect to network shares, automate basic processes, and perform hardware validation.
综上所述,本发明实施例终端中配置有第一操作系统,外置存储设备中配置有第二操作系统,所述第二操作系统中安装有安全软件。因此可以在终端的启动项中添加所述第二操作系统的启动选项,从而在启动终端时进入所述第二操作系统,采用第二操作系统中的安全软件,对所述终端进行扫描以查杀恶意代码。在使用终端的第一操作系统时,第二操作系统的数据适于终端隔离的,因此即使终端被恶意代码侵入,第二操作系统中的数据是安全的,因此其中的安全软件可以保护终端中数据的安全。To sum up, in the embodiment of the present invention, the terminal is configured with a first operating system, the external storage device is configured with a second operating system, and security software is installed in the second operating system. Therefore, the startup option of the second operating system can be added to the startup item of the terminal, so as to enter the second operating system when starting the terminal, and use the security software in the second operating system to scan the terminal to check Kill malicious code. When using the first operating system of the terminal, the data of the second operating system is suitable for terminal isolation, so even if the terminal is invaded by malicious code, the data in the second operating system is safe, so the security software in it can protect the terminal Data Security.
其次,本发明实施例可以在终端的系统盘中写入引导文件,将终端中添加的启动选项指向所述引导文件,从而采用引导文件引导进入第二操作系统。该方法操作简单,可以自动完成启动项的修改。Secondly, in the embodiment of the present invention, a boot file can be written in the system disk of the terminal, and the startup option added in the terminal can be pointed to the boot file, so that the boot file can be used to boot into the second operating system. This method is easy to operate and can automatically complete the modification of the startup item.
再次,本发明实施例中可以采用引导文件触发系统引导文件,如NTDETECT.COM,收集终端中各硬件设备的信息,从而对终端中的硬件设备进行枚举以获取终端的硬件设备,从而依据设备类型查找外置存储设备,查找方法简单。Again, in the embodiment of the present invention, a boot file can be used to trigger a system boot file, such as NTDETECT.COM, to collect information on each hardware device in the terminal, so as to enumerate the hardware devices in the terminal to obtain the hardware device of the terminal, so that according to the Type to find external storage devices, the search method is simple.
再次,本发明实施例中所述外置存储设备为可移动磁盘,包括:闪存盘、移动硬盘和存储卡。种类多样,满足各类用户的需求。Again, the external storage device in the embodiment of the present invention is a removable disk, including: a flash disk, a removable hard disk, and a memory card. There are various types to meet the needs of various users.
图4示出了根据本发明一个实施例所述恶意代码的查杀系统结构图。Fig. 4 shows a structural diagram of the malicious code checking and killing system according to an embodiment of the present invention.
本发明实施例还提供了以中国恶意代码的查杀系统,包括:终端1和外置存储设备2,其中,终端1中配置有第一操作系统,外置存储设备2中配置有第二操作系统,所述第二操作系统中配置有安全软件。The embodiment of the present invention also provides a system for checking and killing malicious codes in China, including: a terminal 1 and an external storage device 2, wherein the terminal 1 is configured with a first operating system, and the external storage device 2 is configured with a second operating system system, security software is configured in the second operating system.
所述终端1包括:The terminal 1 includes:
添加模块11,用于预先在启动项中添加所述第二操作系统的启动选项;The adding module 11 is used to pre-add the startup option of the second operating system in the startup item;
启动模块12,用于进入所述终端的启动项后,选择所述第二操作系统的启动选项,以进入配置于存储设备中第二操作系统;The startup module 12 is configured to select the startup option of the second operating system after entering the startup item of the terminal, so as to enter the second operating system configured in the storage device;
所述外置存储设备2包括:The external storage device 2 includes:
查杀模块22,用于启动所述第二操作系统中的安全软件,对所述终端中的恶意代码进行查杀。The checking and killing module 22 is configured to start the security software in the second operating system to check and kill the malicious codes in the terminal.
图5示出了根据本发明一个实施例所述终端结构图。Fig. 5 shows a structural diagram of the terminal according to an embodiment of the present invention.
本发明实施例中,所述添加模块11,包括:In the embodiment of the present invention, the adding module 11 includes:
写入子模块111,用于在终端的系统盘中写入引导文件,所述引导文件指向所述第二操作系统;A write submodule 111, configured to write a boot file in the system disk of the terminal, where the boot file points to the second operating system;
添加子模块112,用于在终端的启动项中添加一个启动选项,将所述启动选项指向所述引导文件。The adding submodule 112 is configured to add a startup option in the startup item of the terminal, and point the startup option to the boot file.
本发明实施例中,所述启动模块12,包括:In the embodiment of the present invention, the startup module 12 includes:
触发子模块121,用于通过选择所述第二操作系统的启动选项,触发所述引导文件;The triggering submodule 121 is configured to trigger the boot file by selecting the startup option of the second operating system;
查找子模块122,用于采用所述引导文件查找所述外置存储设备;A search submodule 122, configured to use the boot file to search for the external storage device;
读取子模块123,用于读取所述外置存储设备中的数据或配置文件,启动所述第二操作系统。The reading sub-module 123 is configured to read data or configuration files in the external storage device, and start the second operating system.
本发明实施例中,所述外置存储设备具备若干设备类型;所述查找子模块122,具体用于所述引导文件触发系统引导文件,获取终端的硬件设备;依据所述设备类型参数从所述硬件设备中查找所述外置存储设备。In the embodiment of the present invention, the external storage device has several device types; the search submodule 122 is specifically used for the boot file to trigger the system boot file to obtain the hardware device of the terminal; according to the device type parameter, the Find the external storage device in the above hardware device.
本发明实施例中,所述外置存储设备为可引导存储设备,则所述可引导存储设备中存在主引导记录,则所述外置存储设备2还包括:引导模块21;In the embodiment of the present invention, the external storage device is a bootable storage device, and there is a master boot record in the bootable storage device, then the external storage device 2 further includes: a boot module 21;
所述引导模块21,用于依据所述主引导记录进入所述第二操作系统;The boot module 21 is configured to enter the second operating system according to the master boot record;
则所述读取子模块122,具体用于读取所述外置存储设备的数据或配置文件,查找是否存在所述主引导记录;若存在所述主引导记录,则启动所述主引导记录。Then the reading submodule 122 is specifically used to read the data or configuration file of the external storage device, and find out whether there is the master boot record; if there is the master boot record, then start the master boot record .
本发明实施例中,所述读取子模块122,具体用于读取所述外置存储设备中任一扇区的数据或配置文件;根据所述扇区中各分区表的类型,确定是否存在所述主引导记录。In the embodiment of the present invention, the reading submodule 122 is specifically used to read the data or configuration file of any sector in the external storage device; according to the type of each partition table in the sector, determine whether The master boot record exists.
本发明实施例中,所述外置存储设备为可移动磁盘,包括:闪存盘、移动硬盘、手机、无线上网终端和存储卡In the embodiment of the present invention, the external storage device is a removable disk, including: a flash drive, a mobile hard disk, a mobile phone, a wireless Internet access terminal, and a memory card
综上所述,本发明实施例终端中配置有第一操作系统,外置存储设备中配置有第二操作系统,所述第二操作系统中安装有安全软件。因此可以在终端的启动项中添加所述第二操作系统的启动选项,从而在启动终端时进入所述第二操作系统,采用第二操作系统中的安全软件,对所述终端进行扫描以查杀恶意代码。在使用终端的第一操作系统时,第二操作系统的数据适于终端隔离的,因此即使终端被恶意代码侵入,第二操作系统中的数据是安全的,因此其中的安全软件可以保护终端中数据的安全。To sum up, in the embodiment of the present invention, the terminal is configured with a first operating system, the external storage device is configured with a second operating system, and security software is installed in the second operating system. Therefore, the startup option of the second operating system can be added to the startup item of the terminal, so as to enter the second operating system when starting the terminal, and use the security software in the second operating system to scan the terminal to check Kill malicious code. When using the first operating system of the terminal, the data of the second operating system is suitable for terminal isolation, so even if the terminal is invaded by malicious code, the data in the second operating system is safe, so the security software in it can protect the data in the terminal Data Security.
其次,本发明实施例可以在终端的系统盘中写入引导文件,将终端中添加的启动选项指向所述引导文件,从而采用引导文件引导进入第二操作系统。方操作简单,可以自动完成启动项的修改。Secondly, in the embodiment of the present invention, a boot file can be written in the system disk of the terminal, and the startup option added in the terminal can be pointed to the boot file, so that the boot file can be used to boot into the second operating system. The operation is simple, and the modification of startup items can be completed automatically.
再次,本发明实施例中可以采用引导文件触发系统引导文件,如NTDETECT.COM,收集终端中各硬件设备的信息,从而对终端中的硬件设备进行枚举以获取终端的硬件设备,从而依据设备类型查找外置存储设备,查找方法简单。Again, in the embodiment of the present invention, a boot file can be used to trigger a system boot file, such as NTDETECT.COM, to collect information on each hardware device in the terminal, so as to enumerate the hardware devices in the terminal to obtain the hardware device of the terminal, so that according to the Type to find external storage devices, the search method is simple.
再次,本发明实施例中所述外置存储设备为可移动磁盘,包括:闪存盘、移动硬盘和存储卡。种类多样,满足各类用户的需求。Again, the external storage device in the embodiment of the present invention is a removable disk, including: a flash disk, a removable hard disk, and a memory card. There are various types to meet the needs of various users.
在此提供的算法和显示不与任何特定计算机、虚拟系统或者其它设备固有相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述,构造这类系统所要求的结构是显而易见的。此外,本发明也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本发明的内容,并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。The algorithms and displays presented herein are not inherently related to any particular computer, virtual system, or other device. Various generic systems can also be used with the teachings based on this. The structure required to construct such a system is apparent from the above description. Furthermore, the present invention is not specific to any particular programming language. It should be understood that various programming languages can be used to implement the content of the present invention described herein, and the above description of specific languages is for disclosing the best mode of the present invention.
在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure the understanding of this description.
类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, in order to streamline this disclosure and to facilitate an understanding of one or more of the various inventive aspects, various features of the invention are sometimes grouped together in a single embodiment, figure, or its description. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.
本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art can understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. Modules or units or components in the embodiments may be combined into one module or unit or component, and furthermore may be divided into a plurality of sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings), as well as any method or method so disclosed, may be used in any combination, except that at least some of such features and/or processes or units are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, those skilled in the art will understand that although some embodiments described herein include some features included in other embodiments but not others, combinations of features from different embodiments are meant to be within the scope of the invention. and form different embodiments. For example, in the following claims, any one of the claimed embodiments may be used in any combination.
本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的终端和外置存储设备中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。The various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) may be used in practice to implement some or all functions of some or all components in the terminal and the external storage device according to the embodiments of the present invention. The present invention can also be implemented as an apparatus or an apparatus program (for example, a computer program and a computer program product) for performing a part or all of the methods described herein. Such a program for realizing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such a signal may be downloaded from an Internet site, or provided on a carrier signal, or provided in any other form.
应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. does not indicate any order. These words can be interpreted as names.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210540056.7ACN103077350B (en) | 2012-12-13 | 2012-12-13 | A kind of checking and killing method of malicious code and system |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210540056.7ACN103077350B (en) | 2012-12-13 | 2012-12-13 | A kind of checking and killing method of malicious code and system |
| Publication Number | Publication Date |
|---|---|
| CN103077350A CN103077350A (en) | 2013-05-01 |
| CN103077350Btrue CN103077350B (en) | 2016-04-20 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210540056.7AActiveCN103077350B (en) | 2012-12-13 | 2012-12-13 | A kind of checking and killing method of malicious code and system |
| Country | Link |
|---|---|
| CN (1) | CN103077350B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104217161B (en)* | 2013-05-30 | 2016-08-17 | 腾讯科技(深圳)有限公司 | A kind of virus scan method and system, terminal unit |
| CN103514015B (en)* | 2013-09-16 | 2017-12-12 | 广东福能大数据产业园建设有限公司 | A kind of method and apparatus of the start-up operation system from storage medium |
| CN106203142A (en)* | 2016-07-20 | 2016-12-07 | 杭州华澜微电子股份有限公司 | A kind of method and device of the Primary Hard Drive data protecting computer |
| CN114138343A (en)* | 2020-09-04 | 2022-03-04 | 青岛海信移动通信技术股份有限公司 | Terminal and terminal starting method |
| CN114138344B (en)* | 2020-09-04 | 2024-06-04 | 青岛海信移动通信技术有限公司 | System verification method and terminal |
| CN112651020A (en)* | 2020-12-15 | 2021-04-13 | 网神信息技术(北京)股份有限公司 | Threat detection method, apparatus, external device, electronic device, medium, and program |
| CN114036579B (en)* | 2021-11-26 | 2024-09-24 | 安天科技集团股份有限公司 | Terminal detection method and device, external storage device and computer storage medium |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1648814A (en)* | 2005-03-25 | 2005-08-03 | 张�林 | Method for checking and killing new computer virus using independent operation system |
| CN1743990A (en)* | 2005-08-12 | 2006-03-08 | 珠海金山软件股份有限公司 | Transplatform virus detecting and killing method |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100552630C (en)* | 2006-10-25 | 2009-10-21 | 深圳市研祥智能科技股份有限公司 | A booting method and device for an embedded operating system image file |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1648814A (en)* | 2005-03-25 | 2005-08-03 | 张�林 | Method for checking and killing new computer virus using independent operation system |
| CN1743990A (en)* | 2005-08-12 | 2006-03-08 | 珠海金山软件股份有限公司 | Transplatform virus detecting and killing method |
| Publication number | Publication date |
|---|---|
| CN103077350A (en) | 2013-05-01 |
| Publication | Publication Date | Title |
|---|---|---|
| CN103077350B (en) | A kind of checking and killing method of malicious code and system | |
| CN102999725B (en) | Malevolence code processing method and system | |
| US9710647B2 (en) | Pre-boot firmware based virus scanner | |
| EP3123311B1 (en) | Malicious code protection for computer systems based on process modification | |
| RU2589862C1 (en) | Method of detecting malicious code in random-access memory | |
| US9355246B1 (en) | Tuning sandbox behavior based on static characteristics of malware | |
| US7665123B1 (en) | Method and apparatus for detecting hidden rootkits | |
| CN102339371B (en) | A method, device and virtual machine for detecting malicious programs | |
| EP3627368B1 (en) | Auxiliary memory having independent recovery area, and device applied with same | |
| WO2014071867A1 (en) | Program processing method and system, and client and server for program processing | |
| US8918879B1 (en) | Operating system bootstrap failure detection | |
| EP3029564B1 (en) | System and method for providing access to original routines of boot drivers | |
| US8572742B1 (en) | Detecting and repairing master boot record infections | |
| CN102902925B (en) | The processing method of a kind of file of contaminating and system | |
| US10776490B1 (en) | Verifying an operating system during a boot process using a loader | |
| CN114254331B (en) | Security protection method and device for terminal equipment, electronic equipment and storage medium | |
| US9342694B2 (en) | Security method and apparatus | |
| RU2592383C1 (en) | Method of creating antivirus record when detecting malicious code in random-access memory | |
| CN103632086B (en) | The method and apparatus for repairing basic input-output system BIOS rogue program | |
| CN102930208B (en) | A kind of disposal route of file of contaminating and system | |
| CN103617069A (en) | Malware detecting method and virtual machine | |
| CN103617391A (en) | Method, device and virtual machine for detecting malicious programs | |
| US7917952B1 (en) | Replace malicious driver at boot time | |
| CN106971112B (en) | File read/write method and device | |
| RU2538287C2 (en) | Method of checking computer with antivirus in uefi at early stage of booting computer |
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right | Effective date of registration:20220728 Address after:Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after:BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before:100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before:BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before:Qizhi software (Beijing) Co.,Ltd. |