CN1743990A - Transplatform virus detecting and killing method - Google Patents
Transplatform virus detecting and killing methodDownload PDFInfo
- Publication number
- CN1743990A CN1743990ACN 200510036510CN200510036510ACN1743990ACN 1743990 ACN1743990 ACN 1743990ACN 200510036510CN200510036510CN 200510036510CN 200510036510 ACN200510036510 ACN 200510036510ACN 1743990 ACN1743990 ACN 1743990A
- Authority
- CN
- China
- Prior art keywords
- killing
- virus
- operating system
- platform
- cross
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 241000700605VirusesSpecies0.000titleclaimsabstractdescription81
- 238000000034methodMethods0.000titleclaimsabstractdescription26
- 230000002155anti-virotic effectEffects0.000claimsdescription12
- 230000001524infective effectEffects0.000claimsdescription3
- 238000005192partitionMethods0.000abstractdescription2
- 208000015181infectious diseaseDiseases0.000abstract1
- 231100000252nontoxicToxicity0.000description3
- 230000003000nontoxic effectEffects0.000description3
- 231100000614poisonToxicity0.000description3
- 230000006835compressionEffects0.000description2
- 238000007906compressionMethods0.000description2
- 230000002950deficientEffects0.000description1
- 238000010586diagramMethods0.000description1
- 239000002574poisonSubstances0.000description1
- 230000009385viral infectionEffects0.000description1
- 230000003612virological effectEffects0.000description1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
Description
Technical field
The present invention relates to computer realm, particularly a kind of killing virus method of computing machine.
Background technology
At present the antivirus applet of windows platform can't guarantee the pure nontoxic of running environment fully in the process of killing virus, because antivirus applet itself also might be by virus infections, and the interior virus of scavenge system at all so just.In order to carry out the killing Virus in a pure virus-free system environments, at present, the scheme that the floppy disk guiding of generally adopting is carried out adopts the DOS bootable floppy disk, enters pure DOS environment and carries out killing poison program.This scheme has following defective: 1. killer is a DOS executable program, will copy to from system in the floppy disk when making the viral promoter dish, and before this process, the Dos executable program might be infected by the Dos File Infector Virus; 2.DOS bootable floppy disk might be infected by the DOS leading viruses.
Summary of the invention
Technical matters to be solved by this invention is, a kind of cross-platform killing virus method is provided, and this method effectively killing is treated the intrasystem virus of killing.
Technical matters to be solved by this invention is achieved by the following technical solution:
A kind of cross-platform killing virus method is characterized in that, comprises the steps:
A) install one and differ from second operating system for the treatment of killing virus place first operating system;
B) start this second operating system;
C) the killing subregion is treated in loading;
D) load virus base;
E) killing virus.
In said method, the interior executable file file layout of executable file in this first operating system and second operating system is different, and the executable file on second operating system can't be carried out on first operating system, therefore, the interior executable file of the executable file in first operating system and second operating system infective virus mutually.Second operating system can be called the readable virus killing master routine of one second operating system, and this virus killing master routine separates with virus base with antivirus engine, and this virus killing master routine, antivirus engine and virus base can be stored in respectively in the computer-readable storage medium.
The present invention is because the virus killing master routine is second platform program, and they are different with the first operating system form, so can not infect the first operating system inner virus, have guaranteed that antivirus applet itself is nontoxic, and then reach the purpose of effective killing first operating system inner virus.In addition, the present invention adopts antivirus engine to separate with master routine with virus base, and the technology of dynamic load during execution has realized the transplanting of first platform program to second platform.The present invention also allows two platforms public overlap engine and virus bases, only writes again and looks into malicious master routine, has guaranteed the synchronism of upgrading like this, has reduced the transplanting cost.
Description of drawings
Fig. 1 is the cross-platform killing virus of the present invention method flow diagram;
Embodiment
Referring to Fig. 1, a kind of cross-platform killing virus method comprises the steps:
1. install one and differ from second operating system for the treatment of killing virus place first operating system;
2. start this second operating system;
3. load and treat the killing subregion;
4. loading virus base;
5. killing virus.
In said method, the interior executable file file layout of executable file in this first operating system and second operating system is different, and the executable file on second operating system can't be carried out on first operating system, therefore, the interior executable file of the executable file in first operating system and second operating system infective virus mutually.Second operating system can be called the readable virus killing master routine of one second operating system, and this virus killing master routine separates with virus base with antivirus engine, and this virus killing master routine, antivirus engine and virus base can be stored in respectively in the computer-readable storage medium.
Below in conjunction with the method for killing Windows system inner virus under linux system, introduce cross-platform killing virus method of the present invention:
I. make the linux system dish
A bootable Linux bootable floppy disk comprises three partial contents: boot, system kernel, basic file system.Bootable floppy disk is exploitation and composition under the Linux environment, uses following steps to obtain a floppy disk that can start under the basic Linux environment:
A) use Syslinux program creation boot;
B) reduce and recompilate the linux kernel source code, modules such as unwanted network, multimedia are removed, simplify volume.Through the bzip compression, the system kernel that obtains simplifying is the bzImage file;
C) after the system start-up, an image file through overcompression is called in calculator memory by system kernel, compression obtains the image.gz file through gzip again, finishes the making of basic file system.
With bzImage, the image.gz document copying just obtains the bootable floppy disk that can start in floppy disk.Obtain this floppy disk image file then.Can in the Windows environment, make bootable floppy disk later on by this image file.
II. make virus killing master routine dish
This dish is a FreeDos form floppy disk, and this floppy disk of format in the Windows environment duplicates the required file of killing poison program in this floppy disk.
III. make the virus base dish
This floppy disk is a FreeDos form floppy disk, comprises current virus characteristic library file.When virus base size during greater than the capacity of a floppy disk, will be divided into a plurality of parts and be placed on respectively on many floppy disks, start the back and merge automatically.
IV. start (SuSE) Linux OS
Above-mentioned linux system boot disk is inserted computing machine, floppy disk as boot disk, just can be started (SuSE) Linux OS.
V. load and treat killing virus subregion
Selected disk partition or the catalogue of preparing killing virus.
VI. load virus base
The above-mentioned virus base dish of making is inserted floppy drive, call in the virus killing master routine.
VII. begin virus killing
The present invention is because the virus killing master routine is second platform program, and they are different with the first operating system form, so can not infect the first operating system inner virus, have guaranteed that antivirus applet itself is nontoxic, and then reach the purpose of effective killing first operating system inner virus.In addition, cross-platform killing virus method adopts antivirus engine to separate with master routine, and the technology of dynamic load during execution is achieved cross-platform virus killing, has also realized the transplanting of first platform program to second platform.Can also allow two platforms public overlap engine and virus bases in the present invention, only write again and look into malicious master routine, guarantee the synchronism of upgrading like this, reduce the transplanting cost.
The present invention also has some other distortion or improvement.First operating system and second operating system can be FreeBSD, Unix etc. as described; And described virus killing master routine, antivirus engine and virus base also can be stored in the hard disc of computer or other computer-readable recording mediums such as floppy disk, CD or USB memory device etc.If those skilled in the art are subjected to the change or the improvement of the conspicuous unsubstantiality that inspiration of the present invention makes, all belong to the protection domain of claims of the present invention.
Claims (10)
1, a kind of cross-platform killing virus method is characterized in that, comprises the steps:
A. install one and differ from second operating system for the treatment of killing virus place first operating system;
B. start this second operating system;
C. load and treat the killing subregion;
D. load virus base;
E. killing virus.
2, cross-platform killing virus method according to claim 1 is characterized in that, this first operating system is Windows operating system, and this second operating system is (SuSE) Linux OS.
3, cross-platform killing virus method according to claim 1 is characterized in that, the executable file on this second operating system can't be carried out on first operating system.
4, according to claim 1 or 2 or 3 described cross-platform killing virus methods, it is characterized in that the readable virus killing master routine of this second operating system is stored in the computer-readable medium.
5, cross-platform killing virus method according to claim 4 is characterized in that, this computer-readable medium is floppy disk, CD or USB memory device.
6, cross-platform killing virus method according to claim 4 is characterized in that, an antivirus engine and a virus base are stored in the computer-readable medium, and can be called by described virus killing master routine.
7, according to claim 1 or 2 or 3 described cross-platform killing virus methods, it is characterized in that this second operating system is stored in the computer-readable medium.
8, cross-platform killing virus method according to claim 7 is characterized in that, is floppy disk, CD or USB memory device in this computer-readable medium.
9, cross-platform killing virus method according to claim 1 is characterized in that, file layout is different with first operating system in this second operating system.
10, cross-platform killing virus method according to claim 1 is characterized in that, executable file in this first operating system and the executable file in second operating system be infective virus mutually.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510036510CN1743990A (en) | 2005-08-12 | 2005-08-12 | Transplatform virus detecting and killing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510036510CN1743990A (en) | 2005-08-12 | 2005-08-12 | Transplatform virus detecting and killing method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1743990Atrue CN1743990A (en) | 2006-03-08 |
Family
ID=36139396
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200510036510PendingCN1743990A (en) | 2005-08-12 | 2005-08-12 | Transplatform virus detecting and killing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1743990A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102023857A (en)* | 2010-12-02 | 2011-04-20 | 清华大学 | ServiceOS-based multi-platform application program service management method and system |
| CN102999725A (en)* | 2012-12-13 | 2013-03-27 | 北京奇虎科技有限公司 | Malicious code processing method and malicious code processing system |
| CN103077350A (en)* | 2012-12-13 | 2013-05-01 | 北京奇虎科技有限公司 | Searching and killing method and system for malicious code |
| CN103902902A (en)* | 2013-10-24 | 2014-07-02 | 哈尔滨安天科技股份有限公司 | Rootkit detection method and system based on embedded system |
| CN104134039A (en)* | 2014-07-24 | 2014-11-05 | 北京奇虎科技有限公司 | Virus checking and killing method, virus checking and killing client, virus checking and killing server and virus checking and killing system |
| CN110197071B (en)* | 2018-04-25 | 2023-05-16 | 腾讯科技(深圳)有限公司 | Boot sector data processing method and device, computer storage medium and electronic equipment |
- 2005
- 2005-08-12CNCN 200510036510patent/CN1743990A/enactivePending
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102023857A (en)* | 2010-12-02 | 2011-04-20 | 清华大学 | ServiceOS-based multi-platform application program service management method and system |
| CN102023857B (en)* | 2010-12-02 | 2012-10-10 | 清华大学 | ServiceOS-based multi-platform application program service management method and system |
| CN102999725A (en)* | 2012-12-13 | 2013-03-27 | 北京奇虎科技有限公司 | Malicious code processing method and malicious code processing system |
| CN103077350A (en)* | 2012-12-13 | 2013-05-01 | 北京奇虎科技有限公司 | Searching and killing method and system for malicious code |
| CN102999725B (en)* | 2012-12-13 | 2016-01-06 | 北京奇虎科技有限公司 | Malevolence code processing method and system |
| CN103077350B (en)* | 2012-12-13 | 2016-04-20 | 北京奇虎科技有限公司 | A kind of checking and killing method of malicious code and system |
| CN103902902A (en)* | 2013-10-24 | 2014-07-02 | 哈尔滨安天科技股份有限公司 | Rootkit detection method and system based on embedded system |
| CN104134039A (en)* | 2014-07-24 | 2014-11-05 | 北京奇虎科技有限公司 | Virus checking and killing method, virus checking and killing client, virus checking and killing server and virus checking and killing system |
| CN110197071B (en)* | 2018-04-25 | 2023-05-16 | 腾讯科技(深圳)有限公司 | Boot sector data processing method and device, computer storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7802300B1 (en) | Method and apparatus for detecting and removing kernel rootkits | |
| RU2607231C2 (en) | Fuzzy whitelisting anti-malware systems and methods | |
| US8424093B2 (en) | System and method for updating antivirus cache | |
| US6029256A (en) | Method and system for allowing computer programs easy access to features of a virus scanning engine | |
| US7620990B2 (en) | System and method for unpacking packed executables for malware evaluation | |
| US7917481B1 (en) | File-system-independent malicious content detection | |
| US7971258B1 (en) | Methods and arrangement for efficiently detecting and removing malware | |
| US8146162B1 (en) | System and method for acceleration of malware detection using antivirus cache | |
| JP4768784B2 (en) | Method and system for removing or isolating computer viruses | |
| US8079032B2 (en) | Method and system for rendering harmless a locked pestware executable object | |
| CN1197006C (en) | A method for generating self-testing and self-healing applications | |
| US9003533B1 (en) | Systems and methods for detecting malware | |
| US8418245B2 (en) | Method and system for detecting obfuscatory pestware in a computer memory | |
| WO2014044187A2 (en) | A method and device for checking and removing computer viruses | |
| CN1743990A (en) | Transplatform virus detecting and killing method | |
| EP2958045B1 (en) | System and method for treatment of malware using antivirus driver | |
| WO2022149729A1 (en) | Executable file unpacking system and method for static analysis of malicious code | |
| EP1999597A2 (en) | Method and system for detecting dependent pestware objects on a computer | |
| EP2729893B1 (en) | Security method and apparatus | |
| Muttik | Stripping down an AV engine | |
| RU2665910C1 (en) | System and method of detecting the harmful code in the address process space | |
| CN103617391B (en) | Method, device and virtual machine for detecting malicious programs | |
| RU85249U1 (en) | HARDWARE ANTI-VIRUS | |
| RU2592383C1 (en) | Method of creating antivirus record when detecting malicious code in random-access memory | |
| CN103617069A (en) | Malware detecting method and virtual machine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |