CN100374969C - Method for searching and killing virus and computer therefor - Google Patents
Method for searching and killing virus and computer therefor Download PDFInfo
- Publication number
- CN100374969C CN100374969C CNB2004100904568A CN200410090456A CN100374969C CN 100374969 C CN100374969 C CN 100374969C CN B2004100904568 A CNB2004100904568 A CN B2004100904568A CN 200410090456 A CN200410090456 A CN 200410090456A CN 100374969 C CN100374969 C CN 100374969C
- Authority
- CN
- China
- Prior art keywords
- virus
- killing
- module
- hpa
- district
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Stored Programmes (AREA)
Abstract
The present invention provides a method for searching and killing viruses, the key point of which comprises that when the self checking of a BIOS is finished, after a signal of executing the operation of virus killing is detected, an embedded system in an HPA is started up and invokes a virus killing module to execute the operation of virus searching and killing, and then an operating system is loaded to start a computer. By using the present invention, even when the computer can not be started normally, the system can still execute the operation of virus searching and killing. Because the virus killing method of the present invention does not depend upon the operating system, the viruses which can not be searched and killed in the operating system can be searched and killed, and meanwhile, the possibility of certain viruses closing virus killing software can be avoided. The present invention also provides the computer for searching and killing the viruses. The computer is provided with a function key specially used for starting the virus searching and killing function, when a user needs to search and kill the viruses on the computer, the user can directly press the key, which provides a clear operating prompt for the user and furthest facilitates the application of the user.
Description
Technical field
The present invention relates to killing computer virus technical field, be meant a kind of computing machine of realizing the method for killing virus and realizing this method especially.
Background technology
Computing power and the lasting raising of storage capacity along with computing machine, the raising of network transfer speeds, the variation of information exchange system between computing machine and the peripheral equipment, the becoming increasingly abundant of network application, people constantly strengthen the dependence of computing machine, and are also more and more higher to the demand of information security.Meanwhile, hacker's attack means is also in continuous variation, and the lethality of various computer viruses is also more and more stronger.
Existing anti-virus software operates on the original system mostly, the fragility of system itself can weaken the actual effect of these schemes greatly, a most typical example be exactly anti-virus software on the Windows be helpless to some boot-type virus, because this virus can be shown effect before the antivirus engine operation, even may close anti-virus software; When Windows runs into shock wave, this class new virus attack of Sasser, can restart repeatedly in addition, cause anti-virus software can't normally be upgraded to up-to-date viral rule base at all, thereby can't effectively kill virus operation; Have, some virus can be fought for system resource in operating system (OS), influence the normal operation of antivirus software again.
Summary of the invention
In view of this, one object of the present invention is to provide a kind of method that realizes killing virus, when computing machine can not normally enter operating system, also can realize the operation of killing virus.
Another object of the present invention provides a kind of computing machine of realizing killing virus, and this computing machine can be given the clear and definite operation indicating of user.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of method that realizes killing virus is provided with embedded system and virus killing module in the HPA district, main protection zone of hard disk, and this method is further comprising the steps of:
The basic input-output system BIOS self check finishes, detect the signal of carrying out the virus killing operation after, start the embedded system in the HPA district, call the virus killing module by this embedded system and carry out that killing is viral to be operated, and then loading operation system start-up computing machine.
Preferably, preset system safety check module in the HPA district of hard disk;
Be finished in the operation of killing virus, and killing is not under the situation of virus, further comprise: by embedded system calling system safety check module, whether check system exists security breaches, if exist, then carry out refilling after security is reinforced and carry the os starting computing machine according to check result, otherwise direct loading operation system start-up computing machine.
Preferably, preset system is repaired module in the HPA district of hard disk;
Check system does not exist under the situation of security breaches, further comprises: repair module by the embedded system calling system, operating system is repaired, and then start computing machine.
Preferably, the operation of described killing virus may further comprise the steps: killing virus; And judge whether that killing arrives virus, and if there is not killing to arrive virus, new virus rule base more then, and then carry out the operation of killing virus.
Preferably, the method of described more new virus rule base is: by network new virus rule base more, or use more new virus rule base of floppy disk or portable hard drive, or according to the new virus rule base more of the assigned catalogue in the hard disk, or the mode that adopts above three kinds of combination in any new virus rule base more.
Preferably, described BIOS starts the method for the embedded system in the HPA district and is:
Preparatory function calling module in the HPA district of hard disk;
The BIOS self check finishes, detect the signal of carrying out the virus killing operation after, assigned address is provided for starting the parameter of embedded system in internal memory, then the calling function calling module; This function allocating module starts the embedded system in the HPA district after detecting the parameter of assigned address existence startup embedded system in the internal memory.
Preferably, assigned address is a F000 section in the internal memory in the described internal memory.
Preferably, after the normal startup of computing machine, when needing to carry out the virus killing operation, this method further comprises: after operating system detected the signal of execution virus killing operation, the virus killing module in starting the operating system was carried out the viral operation of killing.
The present invention is provided with embedded system and virus killing module in the HPA district of hard disk, when the BIOS self check finishes, after detecting the signal of carrying out the virus killing operation, start the embedded system in the HPA district, call the virus killing module by this embedded system and carry out the operation of killing virus, and then loading operation system start-up computing machine.Use the present invention, before operating system is loaded, can carry out the operation of killing virus, even thereby after being made the virus infections that computing machine can't normally start by " wave of oscillation " this class, system still can carry out the operation of killing virus.Owing to use virus method of the present invention and do not rely on operating system, thereby, can killing go out under operating system the virus that can't killing arrives, and killing goes out system bootstrap type virus, thereby realize thoroughly virus killing, avoided some virus to close the possibility of antivirus software simultaneously.In addition, use the present invention and also can carry out the security of system inspection, operating system such as is repaired at operation, further guaranteed the safety of computing machine.
The present invention also provides a kind of computing machine of realizing killing virus, on this computing machine, there is one to be specifically designed to the function key that starts the killing viral function, when the user need carry out killing virus to computing machine, directly pressing this key gets final product, provide clear and definite operation indicating to the user, made things convenient for user's application to greatest extent.
Description of drawings
Figure 1 shows that the principle schematic of an embodiment of the computing machine of realizing killing virus;
Figure 2 shows that and use the schematic flow sheet that BIOS of the present invention starts computing machine;
Figure 3 shows that the process flow diagram that the embedded system in the HPA district is carried out killing virus and repaired operation.
Embodiment
Again the present invention is done detailed description further below in conjunction with accompanying drawing.
Figure 1 shows that the principle schematic of an embodiment of the computing machine of realizing killing virus.In the present embodiment, on the keyboard 110 of computing machine, set up a function key 111 that is used for directly starting the virus killing function, the module 121 that being used in this function key 111 and the main frame 120 are discerned key information directly links to each other, makes the interior original module 121 that is used to discern key information of main frame can discern the function key 111 that is used for directly starting the virus killing function that this is set up.Wherein, function key 111 can pass through the PS2 interface with the module 121 that is used to discern key information, or USB interface, or wave point, or 1394 interfaces, or other interface is continuous, connected mode is not limited at this.The module 121 of above-mentioned identification key information comprises the module of identification key information in the BIOS and the module of the interior identification of operating system key information.
Like this, no matter whether can normal load operating system behind the computer booting, it can both discern the key information from this function key 111.That is to say, when the user needs computing machine to carry out the operation of killing virus, only need directly press this key and get final product, made things convenient for user's application.
Certainly, the function key 111 that is used for directly starting the virus killing function in the foregoing description can not be arranged on the keyboard yet, and is arranged on main frame, or mouse, or on the display.I.e. physical location the present invention for this function key 111 does not limit, as long as be user-friendly to.
After computer booting startup and normal load operating system, if the module of the identification key information in the operating system detects the signal promptly behind the signal from the function key that is used for directly starting the virus killing function of carrying out the virus killing operation, operating system is directly called the virus killing module of self having loaded, carries out the virus killing operation.Its specific implementation process and existing by keyboard or mouse activation virus killing module, the process of carrying out the virus killing operation is basic identical, so difference is only directly activating the virus killing module by the function key that has been provided with, rather than activates the virus killing module by keyboard or mouse.
Specify below after computer booting starts can not normal load operating system the time, realize the method for killing virus.
At first, on hard disk, create a HPA (Host Protected Area) space in advance, hard disk is divided into common hard disk district and the HPA district that uses for the user, generally, only under Basic Input or Output System (BIOS) (BIOS) and DOS environment, could visit the data in this HPA district, and general program can't be visited this zone, so the data in the HPA zone are safe.Secondly, to be divided into C dish, D dish for the common hard disk zoning that the user uses ... be divided into three zones in the HPA district with hard disk, be respectively the system backup district that is used for the Load System backup file, be used to load the virus killing reparation district of the embedded system of carrying out the killing viral function, and the funcall district that is used for the load function calling module, referring to table 1.
C:\ ? | D:\ ? | ... ? | The system backup district | The district is repaired in virus killing | The funcall district |
← user hard drive space-→ | ←--HPA subregion hard drive space----→ |
Table 1
Wherein, the embedded system of above-mentioned execution killing viral function is Embedded linux system, and it possesses the most basic operation system function, can call virus killing module default in the one's respective area, and security of system is checked functional modules such as module, system's reparation module.
When computing machine runs into similar " wave of oscillation " such virus, when causing computing machine ceaselessly to be restarted automatically, the user only needs after computing machine is restarted, and presses the function key that being used for of being provided with directly start the virus killing function in the stage at POST and gets final product.Concrete virus killing process is as follows:
Figure 2 shows that and use the schematic flow sheet that BIOS of the present invention starts computing machine.
Embedded system in the HPA district is carried out operations such as killing virus and reparation as shown in Figure 3.
Use floppy disk or the portable hard drive more implementation method of new virus rule base are: embedded system reads the viral rule base in floppy disk or the portable hard drive, realize the renewal of viral rule base, the viral rule base in this floppy disk or the portable hard drive is that the user downloads from an intact computing machine.This update method is applicable to various types of computing machines, but needs user's participation.
By the hard disk assigned catalogue more the implementation method of new virus rule base be: assigned catalogue in the direct read operation of the embedded system system, realize more new virus rule base.This update method does not need user's participation, if but intrasystem assigned catalogue is not in time stored up-to-date viral rule base down, and then use this method and can not realize more new virus rule base.
By network more the implementation method of new virus rule base be: embedded system directly online is searched the most current virus rule base, downloads and new virus rule base more.This update method does not need user's participation, do not need to worry to upgrade in the process of viral rule base by virus attack yet, because in this embedded system, there is not the inlet of poisoning intrusion, but use the globally unique IPv6 address that this method must preset this machine, and the IPv6 address of virus rule upgrading storehouse, producer backstage server.
Above-mentioned realization calling system safety check module, operating system is carried out security inspection and to the concrete grammar that system vulnerability is repaired is: the difference of the patch release of safeguarding on the patch of checked operation system and crucial application software and the background server, if the patch release on finding in this computing machine is not a latest edition, then up-to-date patch installation procedure is copied under the predetermined directories of the common subregion of hard disk, and shortcut of copy under the startup group catalogue of operating system place fdisk, make this shortcut point to the patch installation procedure, automatically restart computing machine then and enter into operating system, this moment, system can automatically perform this shortcut, group's user installation patch.Wherein, for method from HPA district install software to operating system, the denomination of invention that proposes the applicant is " method of automatic software installation in the os starting process ", application number is for providing detailed description in the Chinese patent application of " 200410081162.9 ", at this repeated description no longer.
Certainly, the mode of carrying out the security of system inspection is not limited to this, reinforces operation as long as can carry out security, and the leak of repairing operating system gets final product.
The above-mentioned method that the whole operation system is repaired is: repairs module by the embedded system calling system, and repairs module by this system and cover file in the current system with the system backup file in the HPA district, thus the reparation of realization operating system.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (8)
1. a method that realizes killing virus is characterized in that, in the HPA district, main protection zone of hard disk embedded system and virus killing module is set, and this method is further comprising the steps of:
The basic input-output system BIOS self check finishes, detect the signal of carrying out the virus killing operation after, start the embedded system in the HPA district, call the virus killing module by this embedded system and carry out that killing is viral to be operated, and then loading operation system start-up computing machine.
2. method according to claim 1 is characterized in that,
Preset system safety check module in the HPA district of hard disk;
Be finished in the operation of killing virus, and killing is not under the situation of virus, further comprise: by embedded system calling system safety check module, whether check system exists security breaches, if exist, then carry out refilling after security is reinforced and carry the os starting computing machine according to check result, otherwise direct loading operation system start-up computing machine.
3. method according to claim 1 and 2 is characterized in that,
Preset system is repaired module in the HPA district of hard disk;
Check system does not exist under the situation of security breaches, further comprises: repair module by the embedded system calling system, operating system is repaired, and then start computing machine.
4. method according to claim 3 is characterized in that, the operation of described killing virus may further comprise the steps: killing virus; And judge whether that killing arrives virus, and if there is not killing to arrive virus, new virus rule base more then, and then carry out the operation of killing virus.
5. method according to claim 4, it is characterized in that, the method of described more new virus rule base is: by network new virus rule base more, or use more new virus rule base of floppy disk or portable hard drive, or according to the new virus rule base more of the assigned catalogue in the hard disk, or the mode that adopts above three kinds of combination in any new virus rule base more.
6. method according to claim 1 is characterized in that, the method that described BIOS starts the embedded system in the HPA district is:
Preparatory function calling module in the HPA district of hard disk;
The BIOS self check finishes, detect the signal of carrying out the virus killing operation after, assigned address is provided for starting the parameter of embedded system in internal memory, then the calling function calling module; This function allocating module starts the embedded system in the HPA district after detecting the parameter of assigned address existence startup embedded system in the internal memory.
7. method according to claim 6 is characterized in that, assigned address is the F000 section in the internal memory in the described internal memory.
8. method according to claim 1 is characterized in that, after the normal startup of computing machine, when needing to carry out the virus killing operation, this method further comprises: after operating system detected the signal of carrying out the virus killing operation, the virus killing module in starting the operating system was carried out the operation of killing virus.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2004100904568A CN100374969C (en) | 2004-11-18 | 2004-11-18 | Method for searching and killing virus and computer therefor |
PCT/CN2005/001922 WO2006053488A1 (en) | 2004-11-18 | 2005-11-15 | A method for realizing anti-virus and a computer thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2004100904568A CN100374969C (en) | 2004-11-18 | 2004-11-18 | Method for searching and killing virus and computer therefor |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1779594A CN1779594A (en) | 2006-05-31 |
CN100374969C true CN100374969C (en) | 2008-03-12 |
Family
ID=36406825
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB2004100904568A Expired - Fee Related CN100374969C (en) | 2004-11-18 | 2004-11-18 | Method for searching and killing virus and computer therefor |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN100374969C (en) |
WO (1) | WO2006053488A1 (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101359356B (en) * | 2007-08-03 | 2010-08-25 | 联想(北京)有限公司 | Method and system for deleting or isolating computer virus |
CN100541509C (en) * | 2007-12-10 | 2009-09-16 | 上海北大方正科技电脑系统有限公司 | A kind of method of scanning and killing computer virus |
CN102902921B (en) * | 2012-09-18 | 2015-11-25 | 北京奇虎科技有限公司 | The method and apparatus of a kind of detection and dump virus |
CN106980786A (en) * | 2017-02-25 | 2017-07-25 | 深圳市赛亿科技开发有限公司 | It is a kind of to prevent virus and the computer system of defense of wooden horse |
CN110197071B (en) * | 2018-04-25 | 2023-05-16 | 腾讯科技(深圳)有限公司 | Boot sector data processing method and device, computer storage medium and electronic equipment |
CN111030981B (en) * | 2019-08-13 | 2023-04-28 | 北京安天网络安全技术有限公司 | Method, system and storage device for blocking continuous attack of malicious file |
CN110532768A (en) * | 2019-08-21 | 2019-12-03 | 东软医疗系统股份有限公司 | System safety encryption and device |
CN112364350A (en) * | 2020-12-07 | 2021-02-12 | 河北建筑工程学院 | Information processing program and recording device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5826012A (en) * | 1995-04-21 | 1998-10-20 | Lettvin; Jonathan D. | Boot-time anti-virus and maintenance facility |
CN1403915A (en) * | 2001-09-10 | 2003-03-19 | 英业达股份有限公司 | Computer antiviral method and computer adopting the method |
CN1508697A (en) * | 2002-12-16 | 2004-06-30 | 联想(北京)有限公司 | Method and apparatus for realizing protection of computer operation system in hard disk |
CN1173266C (en) * | 2000-01-11 | 2004-10-27 | 神达电脑股份有限公司 | Starting-up type virus detection method |
-
2004
- 2004-11-18 CN CNB2004100904568A patent/CN100374969C/en not_active Expired - Fee Related
-
2005
- 2005-11-15 WO PCT/CN2005/001922 patent/WO2006053488A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5826012A (en) * | 1995-04-21 | 1998-10-20 | Lettvin; Jonathan D. | Boot-time anti-virus and maintenance facility |
CN1173266C (en) * | 2000-01-11 | 2004-10-27 | 神达电脑股份有限公司 | Starting-up type virus detection method |
CN1403915A (en) * | 2001-09-10 | 2003-03-19 | 英业达股份有限公司 | Computer antiviral method and computer adopting the method |
CN1508697A (en) * | 2002-12-16 | 2004-06-30 | 联想(北京)有限公司 | Method and apparatus for realizing protection of computer operation system in hard disk |
Also Published As
Publication number | Publication date |
---|---|
CN1779594A (en) | 2006-05-31 |
WO2006053488A1 (en) | 2006-05-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11221838B2 (en) | Hot update method, operating system, terminal device, system, and computer-readable storage medium for a system process | |
US6925557B2 (en) | Method and system for a clean system booting process | |
US20040255106A1 (en) | Recovery of operating system configuration data by firmware of computer system | |
US20070113062A1 (en) | Bootable computer system circumventing compromised instructions | |
CN102024114B (en) | Malicious code prevention method based on unified extensible fixed interface | |
EP3314514B1 (en) | Protecting basic input/output (bios) code | |
US9684518B2 (en) | Option read-only memory use | |
CN101359356B (en) | Method and system for deleting or isolating computer virus | |
CN104008340A (en) | Virus scanning and killing method and device | |
CN102184111B (en) | The equipment of operating system online upgrading method and tape operation system | |
EP3682332B1 (en) | Method and apparatus for erasing or writing flash data | |
CN104573529A (en) | BIOS firmware dividing and updating method and system | |
CN100374969C (en) | Method for searching and killing virus and computer therefor | |
CN103064705B (en) | Computer system starting processing method and device | |
CN105677409A (en) | System upgrading method and device | |
CN103455750A (en) | High-security verification method and high-security verification system for embedded devices | |
CN113032183A (en) | System management method, device, computer equipment and storage medium | |
CN110363011B (en) | Method and apparatus for verifying security of UEFI-based BIOS | |
CN103019790B (en) | Computer system power-on Acceleration of starting method and apparatus | |
CN105787359A (en) | Course guarding method and device | |
CN100362471C (en) | Harddisk main bootsector program virus defense method | |
RU2628920C2 (en) | Method for detecting harmful assemblies | |
CN102831002A (en) | Patch unloading method and device | |
CN1797337B (en) | Method for installing software of computer automatically | |
CN105740697A (en) | Address space layout randomization method and device in XP |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080312 Termination date: 20201118 |