CN100541509C - A kind of method of scanning and killing computer virus - Google Patents
A kind of method of scanning and killing computer virus Download PDFInfo
- Publication number
- CN100541509C CN100541509C CNB2007101720029A CN200710172002A CN100541509C CN 100541509 C CN100541509 C CN 100541509C CN B2007101720029 A CNB2007101720029 A CN B2007101720029A CN 200710172002 A CN200710172002 A CN 200710172002A CN 100541509 C CN100541509 C CN 100541509C
- Authority
- CN
- China
- Prior art keywords
- subregion
- hpa
- virus
- killing
- real pattern
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Stored Programmes (AREA)
Abstract
The invention discloses a kind of computer virus method.This method may further comprise the steps: 1. at first hard disk partition is become ordinary magnetic disc subregion and the hidden partition HPA of system subregion, the HPA subregion comprises: remain with basic operating system backup system HPA subregion, store the function HPA subregion of antivirus software and be positioned at the real pattern system of HPA first address; 0 track system boot sector at hard disk writes the real pattern boot, and read path is pointed to HPA subregion first address; 2. launch computer enters the real pattern system under the guide of real pattern boot; 3. the real pattern system loads the operating system of backup and starts the antivirus software of storing in the function HPA subregion, to computer killing virus according to the difference of user's trigger pip.Method of the present invention because the operating system mirror image and the antivirus software of backup are stored in the HPA subregion, can't be accessed under the normal operations system, can not write, and avoids virus infections.
Description
Technical field:
The present invention relates to a kind of method of new scanning and killing computer virus, and be particularly related to a kind ofly based on windows platform, the virus base of sharing by a kind of independently kill virus platform and system carries out the method for checking and killing virus to the computer of infective virus.
Technical background:
In existing computer, no matter be notebook or desktop computer, the ability that a lot of virus killing platforms that all possessed under the situation of system's infective virus by special use are killed virus to the system of infective virus, at present known virus killing platform or be based on the linux system exploitation, be based on the Dos system development, do not see the Windows system that the user generally is familiar with as yet.Therefore the Dos system is unfavorable for that the user uses owing to be to adopt the character command mode; Linux system has problems on hardware compatibility a lot, is unfavorable for that the user safeguards system.Simultaneously, this operating system still might be caused system crash or antivirus software to move by virus infections.
In addition, in the known method that the system at infective virus kills virus, its antivirus applet can not carry out synchronously with existing up-to-date virus base, and the user must be with manual mode, by network or the virus base AKU is first could carry out killing to system's virus after virus base is upgraded.
In addition, in the existing method, special-purpose virus killing platform all is to be stored in CD or the floppy disk medium, and the user enters the virus killing platform by CD or floppy disk, and these media are easy to lose, thereby causes the user can't continue to use this function.
Summary of the invention:
Defective in view of the prior art existence, the purpose of this invention is to provide a kind of new computer virus method, virus killing platform of this method call based on normal operations system (as windows), and can load the virus base of antivirus software automatically based on this normal operations system, system is carried out checking and killing virus, thereby reach quick virus killing, easy-to-use purpose.
For reaching above-mentioned purpose, the present invention adopts following technical scheme:
A kind of method of scanning and killing computer virus may further comprise the steps:
1. computer hard disc information is provided with, comprises:
A. system disk is divided into ordinary magnetic disc subregion and the user can't have access under the normal operations system the hidden partition HPA of system subregion two parts, described HPA subregion comprises:
System HPA subregion: remain with a basic operating system backup;
Function HPA subregion: store the antivirus software that is used for killing virus;
Real pattern system: be positioned at the first address of HPA, be used for whole HPA subregion is defined and implement to load;
B. 0 track system boot sector at hard disk writes the real pattern boot, and read path is pointed to HPA subregion first address;
2. host computer starts, and enters the real pattern system under the guide of described real pattern boot;
3. the real pattern system is according to the trigger pip of user's startup, and the operating system that backs up in the loading system HPA subregion, and the functional software of storing in the startup function HPA subregion that is used for killing virus are carried out the operation of killing virus to computer.
Further, the method for above-mentioned scanning and killing computer virus, described HPA subregion is divided into a plurality of, and each function HPA subregion stores the functional software of using corresponding to concrete, and described antivirus software is one of them feature capability software.
Further, the method for above-mentioned scanning and killing computer virus, size, number of partitions and each section post of the described real pattern system definition HPA subregion size that takes up space.
Further, the method for above-mentioned scanning and killing computer virus, in the described step 3, the operating system that described real pattern system backs up in the loading system HPA subregion as follows:
(1) described trigger pip is that the user passes through the startup of a startup module, and this trigger pip forms after a reception and parsing module identification and triggers code;
(2) establish triggering code-jump address corresponding tables in the described real pattern system, the real pattern system obtains triggering code and carries out redirect according to the jump address that triggers the code correspondence from described reception and parsing module, start the backup operation system in the HPA subregion.
Further, the method of above-mentioned scanning and killing computer virus, described real pattern system adopts following method to start antivirus software in the function HPA subregion: described real pattern system with the mirror image of system backup in the HPA subregion virtual in the Mount mode be the C of system drive, be other drives of system with the function HPA subregion that stores antivirus software is virtual, and operating system image file that backs up in the reading system HPA subregion and the function HPA subregion that stores antivirus software, enter system and start antivirus software.
Further, the method of above-mentioned scanning and killing computer virus, in the described step (3), described real pattern system is when load store has the function HPA subregion of antivirus software, with this function HPA definition space is read-write, when needs were upgraded, antivirus software was sought the virus base file and the virus base of upgrading according to default virus server address.
Advantage of the present invention and good effect:
Computer virus method of the present invention, what call during virus killing is a virus killing platform based on normal operations system (as windows) of HPA subregion backup, can load the virus base of antivirus software automatically based on this normal operations system, system is carried out checking and killing virus, thereby reach quick virus killing, easy-to-use purpose.Because the operating system mirror image and the antivirus software of backup are stored in the HPA subregion, can't be accessed under the normal operations system, can not write, and avoid virus infections.In addition, the operating system of backup is normal operations system (such as Windows operating system), meets user's use habit; Simultaneously, the virus base of antivirus software can be synchronous with the virus base under the conventional system, avoided the trouble of manually upgrading in the prior art.
Description of drawings:
Fig. 1 is the process flow diagram of the embodiment of the invention;
Fig. 2 is to the structural representation after the hard disk partition in the method for the present invention;
Fig. 3 is the process flow diagram of method of the present invention when loading startup virus killing platform.
Embodiment:
Below in conjunction with accompanying drawing, the specific embodiment of the present invention is described in detail.
As shown in Figure 2, be for the subregion synoptic diagram of computer hard disc among the present invention.
System disk is divided into HPA subregion and ordinary magnetic disc subregion two parts.HPA (Hidden Protected Area) is after the ATA-5 agreement is established; introduced " main protection zone " notion; realize by directly a zone at hard disk rear portion being protected with ata command; not only operating system can't be seen this zone, even mainboard BIOS all can't read " the main protection zone " that is under the guard mode.The HPA subregion belongs to system's hidden partition, and the user can't have access under the normal operations system.In the HPA subregion, be divided into following three parts:
(1) HPA of system subregion: for the user keeps a complete basic operating system backup (WINDOWS operating system).
(2) function HPA subregion: be assigned to concrete functional module as the functional module district, comprised the functional software of each required function.Comprise the virus killing platform that is specifically designed to virus killing in this embodiment, be specifically designed to the rescue platform of system's rescue, be specifically designed to a plurality of concrete application platforms such as amusement platform of amusement.
(3) real pattern system: whole HPA subregion is defined and implement to load, and the real pattern system is positioned at the first address of HPA.The real pattern system can define the size of the whole subregions of HPA, number of partitions and each section post size that takes up space.
Secondly, write the real pattern boot at 0 track system boot sector of hard disk, it is the real pattern system that read path is pointed to HPA subregion first address.
In this embodiment,, created the HPA subregion in new MBR the inside by the mode of revising hard disk information, and set up the boot of real pattern by revising the disk MBR information of acquiescence.Boot is directed to system's progress in the HPA subregion.
As shown in Figure 1, be method particular flow sheet of the present invention.
1. the user starts module by one and starts a trigger pip, and this trigger pip produces 2 responses.First is a power-on command, and this signal can be Windows key value under Window operating system, also can be the high-low level signal, directly is transferred to the mainboard starting module, makes host-initiated.Another response is this trigger pip through receiving and parsing module identification back forms one and triggers code in order to the startup purpose that the expression user selects, and promptly enters the normal running system or enters the specific function system and enter which concrete function system (platform of killing virus, give first aid to platform or other platforms).This triggers code storage in the register of reception and parsing module.Described startup module can be arranged on the shortcut on the keyboard, the button on cabinet surface, perhaps other enabling signal devices that can trigger; Reception and parsing module can be a specific circuit board or one section program.
2. system start-up, the reading of data in proper order since 0 sector jumps to the first address of HPA, i.e. real pattern system according to the address jump instruction in the real pattern boot.
3. the real pattern system reads the triggering code, carries out the address redirect and loads to select the normal running system according to triggering code, and perhaps the backup operation system in the selective system HPA subregion loads and starts functional software in the corresponding function HPA subregion.Specific as follows:
Set up to trigger code-jump address corresponding tables in the real pattern system, will trigger code and jump address and carry out correspondingly, the real pattern system jumps to corresponding address according to triggering code judgement user's operation, starts corresponding system or function platform.Following table is an object lesson that triggers code-jump address corresponding tables:
If the user does not carry out function selecting, promptly trigger the code representative and directly enter the normal running system, then jump to normal running system start-up address, for example point to the address that normal Windows begins, to load normal operating system.
If the user carries out function selecting, promptly trigger code and represent certain certain functional modules, then real pattern is pointed to system backup mirror image among the HPA with the address.Real pattern with the mirror image of system backup in the HPA of the system subregion virtual in the Mount mode be the C of system drive, with the function HPA subregion of incident correspondence virtual be other drives of system, and system image file that prestores in the read functions HPA subregion and function HPA subregion, enter the application software in system and the operation function HPA subregion, realize the loading of the system of band concrete function.
Adopt above method, the mirror image load mode that the real pattern system is different according to different event definitions, by loading function corresponding HPA subregion, and the software that makes this function HPA subregion is given the different application scenarios of user along with system loads is moved.
In this embodiment, function HPA subregion comprises the virus killing function platform that stores antivirus software, and antivirus software comprises master routine and virus base file.The antivirus software interface can customize, and also can be the conventional software of antivirus software provider.Consider user experience and avoid misoperation of users, software interface is redesigned, and Windows system registry list item is revised, make the user under the virus killing platform, can't call the shortcut of other Windows acquiescences.Specify the process that starts the virus killing platform below in conjunction with accompanying drawing 3:
When the user need start the system of band virus killing function, at first press the trigger button that starts module, after receiving and parsing module receive the relative trigger signal, host-initiated, and generate a triggering code, and be temporarily stored in the register of reception and parsing module.
System loads is at first moved the real pattern boot from disk 0 magnetic track, and the address jumps to the first address of HPA subregion.Real mode programs brings into operation, and program at first reads the triggering code from receive the parsing module register, judge according to the incident address corresponding tables that writes in advance in the HPA real pattern subregion.Code representative virus killing function, then the HPA function division address of virus killing function correspondence under the real pattern system log (SYSLOG).
The real pattern system utilizes the Mount mode that the C that the system backup mirror image invents disk is coiled, and load images.According to the address of virus killing function HPA subregion the virtual D of being of this function HPA subregion is coiled simultaneously.
Move the antivirus software of installing in this function HPA subregion, just can call its virus database after the antivirus software operation, the user can kill virus under the virus killing platform of this special use.
If virus base is not up-to-date, can upgrade by the online upgrading function that antivirus software carries, the function HPA subregion at virus base place is defined as read-write when loading, and software is sought virus base file and auto-update virus base according to default virus server address automatically.Virus base in the HPA subregion has just obtained upgrading like this.
In addition, when the user normally starts the normal operations system, since user installation antivirus software, the virus base that is stored in the antivirus software in the function HPA subregion also can be called when system loads, for reaching the purpose of the virus base of can upgrading, when loading virus base subregion HPA, the real pattern system is read-write with this function HPA definition space.When the user upgrades virus base by Internet new virus base file is write in the HPA subregion, also be loaded when the user selects to enter the virus killing platform owing to store the function HPA subregion of virus base, so two virus bases are actually synchronous.
In this embodiment, function HPA subregion also comprises the rescue platform that is specifically designed to system rescue, in the normal operations system because virus infections or other reasons when causing paralysing, can be given first aid to the method for recovery to computer system.That is:
When the operating system that is stored in the ordinary magnetic disc subregion is paralysed because of infective virus or other reasons, the trigger pip that the real pattern system starts based on system's rescue purpose according to the user, the operating system that backs up in the loading system HPA subregion, and the operating system of storing in the ordinary magnetic disc subregion replaced with the operating system that backs up in the HPA subregion.Thereby reach the purpose of system's rescue.
Claims (9)
1. the method for a scanning and killing computer virus is characterized in that may further comprise the steps:
1) computer hard disc information is provided with, comprises:
A. system disk is divided into ordinary magnetic disc subregion and the user can't have access under the normal operations system the hidden partition HPA of system subregion two parts, described HPA subregion comprises:
System HPA subregion: remain with a basic operating system backup;
Function HPA subregion: store the antivirus software that is used for killing virus;
Real pattern system: be positioned at the first address of HPA subregion, be used for whole HPA subregion is defined and implement to load;
B. 0 track system boot sector at hard disk writes the real pattern boot, and read path is pointed to HPA subregion first address;
2) host computer starts, and enters the real pattern system under the guide of described real pattern boot;
3) the real pattern system is according to the trigger pip of user's startup, judge the implication that triggers code, select the virus killing function, the operating system that backs up in the loading system HPA subregion, and start the antivirus software of storing in the function HPA subregion that is used for killing virus, computer is carried out the operation of killing virus.
2. the method for scanning and killing computer virus as claimed in claim 1 is characterized in that, described function HPA subregion stores the functional software of using corresponding to concrete, and described antivirus software is one of them functional software.
3. the method for scanning and killing computer virus as claimed in claim 1 or 2 is characterized in that, size, number of partitions and each section post of the described real pattern system definition HPA subregion size that takes up space.
4. the method for scanning and killing computer virus as claimed in claim 1 is characterized in that, in the described step 3), and the operating system that described real pattern system backs up in the loading system HPA subregion as follows:
(1) described trigger pip is that the user passes through the startup of a startup module, and this trigger pip forms after a reception and parsing module identification and triggers code;
(2) establish triggering code-jump address corresponding tables in the described real pattern system, the real pattern system obtains triggering code from described reception and parsing module, select the virus killing function, and carry out redirect, start the backup operation system in the HPA subregion according to the jump address that triggers the code correspondence.
5. as the method for claim 1 or 4 described scanning and killing computer virus, it is characterized in that in the described step 3), described real pattern system adopts following method to start antivirus software in the function HPA subregion:
Described real pattern system with the mirror image of system backup in the HPA subregion virtual in the Mount mode be the C of system drive, be other drives of system with the function HPA subregion that stores antivirus software is virtual, and the antivirus software of storing in operating system image file that backs up in the reading system HPA subregion and the function HPA subregion, enter the operating system that backs up in the HPA subregion and start antivirus software.
6. the method for scanning and killing computer virus as claimed in claim 4 is characterized in that, described startup module is the shortcut that is provided with on the keyboard, the button on cabinet surface, perhaps other enabling signal devices that can trigger.
7. the method for scanning and killing computer virus as claimed in claim 4 is characterized in that, described reception and parsing module are a circuit board or one section program.
8. the method for scanning and killing computer virus as claimed in claim 1 is characterized in that, the interface of described antivirus software covers whole screen, and has masked all shortcuts under the operating system.
9. the method for scanning and killing computer virus as claimed in claim 1, it is characterized in that, in the described step 3), described real pattern system is when load store has the function HPA subregion of antivirus software, with the definition space of this function HPA subregion is read-write, when needs were upgraded, antivirus software was sought the virus base file and the virus base of upgrading according to default virus server address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2007101720029A CN100541509C (en) | 2007-12-10 | 2007-12-10 | A kind of method of scanning and killing computer virus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2007101720029A CN100541509C (en) | 2007-12-10 | 2007-12-10 | A kind of method of scanning and killing computer virus |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101183411A CN101183411A (en) | 2008-05-21 |
| CN100541509C true CN100541509C (en) | 2009-09-16 |
Family
ID=39448683
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2007101720029A Expired - Fee Related CN100541509C (en) | 2007-12-10 | 2007-12-10 | A kind of method of scanning and killing computer virus |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100541509C (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110674500A (en) * | 2019-09-04 | 2020-01-10 | 南方电网数字电网研究院有限公司 | Storage medium virus searching and killing method and device, computer equipment and storage medium |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI546690B (en) * | 2011-04-21 | 2016-08-21 | hong-jian Zhou | Antivirus system |
| CN102594863B (en) * | 2011-12-19 | 2014-08-13 | 余姚市供电局 | Synchronous maintenance method and system for multi-terminal virus database |
| US8776223B2 (en) * | 2012-01-16 | 2014-07-08 | Qualcomm Incorporated | Dynamic execution prevention to inhibit return-oriented programming |
| CN110197071B (en) * | 2018-04-25 | 2023-05-16 | 腾讯科技(深圳)有限公司 | Boot sector data processing method and device, computer storage medium and electronic equipment |
| CN110197067B (en) * | 2018-06-21 | 2023-08-04 | 腾讯科技(深圳)有限公司 | File searching and killing method, device and storage medium |
| CN109144779A (en) * | 2018-08-01 | 2019-01-04 | 中影环球(北京)科技有限公司 | The backup and restoration methods of TMS server, (SuSE) Linux OS |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1755628A (en) * | 2004-09-30 | 2006-04-05 | 联想(北京)有限公司 | Method of automatically installing software during operation system startup |
| CN1779594A (en) * | 2004-11-18 | 2006-05-31 | 联想(北京)有限公司 | Method for searching and killing virus and computer therefor |
-
2007
- 2007-12-10 CN CNB2007101720029A patent/CN100541509C/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1755628A (en) * | 2004-09-30 | 2006-04-05 | 联想(北京)有限公司 | Method of automatically installing software during operation system startup |
| CN1779594A (en) * | 2004-11-18 | 2006-05-31 | 联想(北京)有限公司 | Method for searching and killing virus and computer therefor |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110674500A (en) * | 2019-09-04 | 2020-01-10 | 南方电网数字电网研究院有限公司 | Storage medium virus searching and killing method and device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101183411A (en) | 2008-05-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101183324B (en) | Recovery method of computer system | |
| CN100541509C (en) | A kind of method of scanning and killing computer virus | |
| US8751783B2 (en) | Booting computing devices with EFI aware operating systems | |
| US7555568B2 (en) | Method and apparatus for operating a host computer from a portable apparatus | |
| US9430250B2 (en) | Bootability with multiple logical unit numbers | |
| US8954805B2 (en) | Computer booting method and computer system | |
| US5732266A (en) | Storage medium storing application programs and application initialization files and automatic launching of computer applications stored on the storage medium | |
| US9239725B2 (en) | System and method for installing an OS via a network card supporting PXE | |
| EP3518099B1 (en) | Installation of operating system | |
| US7395420B2 (en) | Using protected/hidden region of a magnetic media under firmware control | |
| US20060224794A1 (en) | Using USB memory device to recover operating system | |
| US20080098381A1 (en) | Systems and methods for firmware update in a data processing device | |
| CN101014034A (en) | U disk server-based cluster solving method | |
| US20060036832A1 (en) | Virtual computer system and firmware updating method in virtual computer system | |
| CN100353320C (en) | Boot process | |
| US20040088697A1 (en) | Software loading system and method | |
| CN101751263A (en) | Method for testing dynamic custom starting core | |
| JP4759941B2 (en) | Boot image providing system and method, boot node device, boot server device, and program | |
| CN100541432C (en) | A kind of loading method of computer system | |
| US20060080540A1 (en) | Removable/detachable operating system | |
| CN102135923A (en) | Method for integrating operating system into BIOS (Basic Input/Output System) chip and method for starting operating system | |
| US20040243385A1 (en) | Emulation of hardware devices in a pre-boot environment | |
| CN102110060A (en) | Method and terminal for managing and accessing multiple storage areas | |
| CN109086085B (en) | Operating system start management method and device | |
| CN112231704B (en) | Trusted network environment protection method, device and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: YIWU WADOU PICTURE CO., LTD. Free format text: FORMER OWNER: WANG AIXIANG Effective date: 20101102 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 322000 NO.398, CHOUZHOU WEST ROAD, YIWU CITY, ZHEJIANG PROVINCE TO: 322000 NO.136, QIJIGUANG, ECONOMIC DEVELOPMENT ZONE, CHOUJIANG, YIWU CITY, ZHEJIANG PROVINCE |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20101108 Address after: 3, No. 168 middle Tibet Road, No. 200001, Shanghai, Huangpu District Patentee after: Acer Computer (Shanghai) Co., Ltd. Address before: 200120, 36 building, International Building, 360 South Road, Pudong New Area, Pudong, Shanghai, Shanghai Patentee before: Beida Fangzheng Science & Technology Computer System Co., Ltd., Shanghai |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090916 Termination date: 20201210 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |