CN102902922A - File repair method and system - Google Patents

File repair method and system Download PDF

Info

Publication number
CN102902922A
CN102902922A CN2012103754497A CN201210375449A CN102902922A CN 102902922 A CN102902922 A CN 102902922A CN 2012103754497 A CN2012103754497 A CN 2012103754497A CN 201210375449 A CN201210375449 A CN 201210375449A CN 102902922 A CN102902922 A CN 102902922A
Authority
CN
China
Prior art keywords
file
backup file
infected
backup
attribute information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2012103754497A
Other languages
Chinese (zh)
Other versions
CN102902922B (en
Inventor
蒙杭州
刘绪平
江爱军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qizhi Business Consulting Co ltd
Beijing Qihoo Technology Co Ltd
360 Digital Security Technology Group Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Qizhi Software Beijing Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201210375449.7A priority Critical patent/CN102902922B/en
Publication of CN102902922A publication Critical patent/CN102902922A/en
Application granted granted Critical
Publication of CN102902922B publication Critical patent/CN102902922B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The application discloses a file repair method and a file repair system. The file repair method comprises the steps of: a client determining an infected file infected by a malicious code, and acquiring the attribute information of the infected file; the client transmitting the attribute information of the infected file to a server for querying and obtaining a query result including the attribute information of at least one associated backup file collected by the server; and the client hitting the associated backup file matched with the infected file from the query result according to the attribute information of the infected file, determining the matched backup file packet, and extracting and downloading the backup file from the matched backup file packet from the server, wherein the associated backup file and the backup file are stored in the same backup file packet. The method provided by the application can find the backup file packet containing the backup file and accordingly can download the backup file to substitute for the infected file.

Description

Ile repair method and system
Technical field
The invention belongs to information security field, specifically, relate to a kind of Ile repair method and system.
Background technology
" infected file " is a kind of conventional means that virus and wooden horse destroy and steal user data.So-called " infected file " can refer to: malicious code is added in the code of normal procedure, make normal procedure become the infected file that has been infected by malicious code, when this infected file operation, malicious code is also with normal code synchronous operation, and then user's data are destroyed, malicious code is broadcast in not dig, forms more infected files, destroys more normal procedure.Further, steal user's data such as a series of malicious acts such as user's secret data, password or fictious assets by moving these " infected programs ", especially, by infecting the system file relevant with operating system, realize kidnapping network, brush flow, fishing payment, steal-number etc.
Therefore, in order to ensure data security, the user need to repair infected file usually, regains normal procedure.
In the prior art, but the process brief overview of reparation is: carry out sample analysis, collect the malicious code storehouse, coding is made fail-safe software, uses fail-safe software to remove malicious code from infected file.Using fail-safe software to remove the process of malicious code can be as follows:
Malicious code position in code corresponding to scanning document on client-〉 discovery infected file-〉 localized infection file-〉 according to malicious code such as virus or the wooden horse position of location, only malicious code is partly deleted.
But, malicious code with the process of fail-safe software antagonism in, forms very various mutation, above-mentioned existing method processing infected file can't realize effectively repairing file usually, specifically has following shortcoming:
(1) almost do not accomplish to repair fully, after a lot of file reparations, also may remaining malicious code; Perhaps, after a lot of file reparations, can not normally carry out, individual other also may cause system crash or application software normally to use;
(2) in the time of can't repairing file, surpass 80% such as the infected degree of file, then substantially malicious code can't be deleted from former normal file code, be forced to isolation or deletion infected file; Especially, in the time of can't the repair system critical file, be forced to keep the infected file relevant with system.
As the above analysis, the repair process of prior art need to be made fail-safe software, only has the client operation of fail-safe software the user just can be realized repairing; In addition, the reparation of prior art can't be repaired infected file thoroughly.
Summary of the invention
In view of this, the application's technical matters to be solved has provided a kind of Ile repair method and system, can find the backup file bag at backup file place, can download accordingly backup file to replace infected file.
In order to solve the problems of the technologies described above, the application provides a kind of Ile repair method, comprising: client is determined to be infected the infected file that forms by malicious code, and obtains the attribute information of described infected file; Described client sends the attribute information of described infected file and inquires about and obtain Query Result to server, and described Query Result comprises the attribute information of at least one association backup file that described server is collected; Described client is according to the attribute information of described infected file, from described Query Result, hit the association backup file with described infected file coupling, and the backup file bag of definite coupling, extract and download backup file in the backup file bag that mates to substitute described infected file from described server, described association backup file and described backup file are stored in the same backup file bag.
Further, the attribute information of described infected file comprises: the storing directory attribute information of the correspondence of described infected file and the basic operating system attribute information of described infected file operation, the file name information that described infected file is corresponding, the browser attribute information that described infected file is corresponding, the service packs information that described infected file is corresponding, the timestamp of described infected file.
Further, the attribute information that described client sends described infected file to inquire about and to obtain Query Result, further comprises in the server: the query interface that the attribute information that sends described infected file configures in the server; By the query interface that configures in the described server, inquire about and obtain Query Result in the backup file information bank in described server, store the tabulation of service packs information list and browser data packet information in the described backup file information bank.
Further, described client sends the attribute information of described infected file and inquires about and obtain Query Result to server, comprise: judge according to the attribute information of described infected file whether described infected file is the executable file relevant with operating system, if so, then inquire about the Query Result that obtains correspondence in the backup file information bank in described server; Otherwise, return the failed result of inquiry.
Further, judge according to the attribute information of described infected file whether described infected file is the executable file relevant with operating system, comprise: determine whether the executable file relevant with operating system according to the signing messages in the basic operating system attribute information of storing directory attribute information corresponding to described infected file and the operation of described infected file, the attribute information of described infected file comprises the storing directory attribute information of correspondence of described infected file and the basic operating system attribute information that described infected file moves.
Further, if described infected file is the executable file relevant with operating system, then Query Result is inquired about and obtained to the described client attribute information that sends described infected file to server, comprise: according to the attribute information of described infected file, from the backup file information bank of described server, inquire about respectively service packs information list and the tabulation of browser data package informatin of corresponding described association backup file; Wherein, the tabulation of the service packs information list of described association backup file and browser data package informatin includes: the basic operating system attribute information of the file name information that described association backup file is corresponding, the storing directory attribute information that described association backup file is corresponding, described association backup running paper, the browser attribute information that described association backup file is corresponding, the service packs information that described association backup file is corresponding; Wherein, the attribute information of described infected file comprises: the service packs information corresponding to browser attribute information, described infected file corresponding to basic operating system attribute information, described infected file of the file name information that described infected file is corresponding, the storing directory attribute information that described infected file is corresponding, the operation of described infected file.
Further, if in the backup file information bank of described server, only inquire the service packs information list of corresponding described association backup file, then Query Result is inquired about and obtained to the described client attribute information that sends described infected file to server, comprise: according to the timestamp of described infected file and the timestamp of the corresponding described association backup file of described service packs information list, generate the first catalogue relevance weight of list directory in the described service packs information list, generate the correspondence of the corresponding described association backup file of described service packs information list and described infected file according to described the first catalogue relevance weight, in order to inquire about and obtain and download corresponding described backup file at described server, the attribute information of described infected file comprises the timestamp of described infected file.
Further, described client is according to the attribute information of described infected file, from described Query Result, hit the association backup file with described infected file coupling, and the backup file bag of definite coupling, download backup file in the backup file bag that from described server, mates to substitute described infected file, comprise: select candidate list catalogue corresponding in the described service packs information list to generate download address according to described the first catalogue relevance weight, download corresponding described backup file according to this download address client from described server, wherein, in corresponding described association backup file and the related same backup service packs of described backup file association store in described server.
Further, if in the backup file information bank of described server, only inquire the browser data package informatin tabulation of corresponding described association backup file, then Query Result is inquired about and obtained to the described client attribute information that sends described infected file to server, comprise: according to the tabulate timestamp of corresponding described association backup file of timestamp and the described browser data package informatin of described infected file, generate the second catalogue relevance weight of list directory in the described browser data package informatin tabulation, determine the tabulate correlativity of corresponding described backup file and described infected file of described browser data package informatin according to the second catalogue relevance weight, in order to inquire about and obtain and download corresponding described backup file at described server.
Further, described client is according to the attribute information of described infected file, from described Query Result, hit the backup file that is complementary with self, and from described server, download backup file to substitute described infected file, comprise: select candidate list catalogue generation download address corresponding in the described browser data package informatin tabulation according to described the second catalogue relevance weight, client is downloaded corresponding described backup file according to this download address from described server, and corresponding described association backup file and corresponding described backup file leave in the same backup browser packet in the described server.
Further, if in the backup file information bank of described server, all inquire service packs information list and the tabulation of browser data package informatin of corresponding described association backup file, then Query Result is inquired about and obtained to the described client attribute information that sends described infected file to server, comprise: according to the timestamp of described infected file and the timestamp of the corresponding described association backup file of described service packs information list, generate the first catalogue relevance weight of list directory in the described service packs information list and calculate described service packs information list first the tabulation relevance weight; According to the tabulate timestamp of corresponding described association backup file of the timestamp of described infected file and described browser data package informatin, generate the second catalogue relevance weight of list directory in the described browser data package informatin tabulation and calculate the second tabulation relevance weight of described browser data package informatin tabulation; According to the first tabulation relevance weight of described service packs information list and the second tabulation relevance weight of described browser data package informatin tabulation, select candidate's download list as Query Result.
Further, described client is according to the attribute information of described infected file, from described Query Result, hit the association backup file with described infected file coupling, and the backup file bag of definite coupling, download backup file in the backup file bag that from described server, mates to substitute described infected file, described association backup file and described backup file are stored in the same backup file bag, comprise: select candidate list catalogue in described candidate's download list, download described association backup file corresponding to candidate list catalogue from described server, the described association backup file that described backup file is corresponding with the candidate list catalogue leaves in same backup service packs and the same backup browser packet, and described backup service packs and backup browser packet are stored in the backup file storehouse of described server.
Further, described candidate list catalogue is: in described candidate's download list, the timestamp of corresponding described association backup file is in the equal list directory of the timestamp of described infected file; Perhaps, the candidate list catalogue of described correspondence is: in described candidate's download list, the timestamp of described association backup file is greater than the list directory of the timestamp of described infected file.
Further, described candidate list catalogue is: in described candidate's download list, the timestamp of corresponding described association backup file equals the list directory of the timestamp of described infected file, and judges that according to the version number of file described backup file corresponding to described candidate list catalogue is formal version.
Further, if in the backup file information bank of described server, all do not inquire service packs information list and the tabulation of browser data package informatin of corresponding described association backup file, then Query Result is inquired about and obtained to the described client attribute information that sends described infected file to server, comprising:
Obtain the raw data packets of depositing the corresponding raw data of described backup file;
With the timestamp of the file of association backup described in the server early than the raw data packets of the timestamp of described infected file as Query Result, described raw data packets is stored in the backup file storehouse of described server.
Further, state client according to the attribute information of described infected file, from described Query Result, hit the association backup file with described infected file coupling, and the backup file bag of definite coupling, download backup file in the backup file bag that from described server, mates to substitute described infected file, comprise: according to the raw data packets generation download address of the timestamp of association backup file described in the raw data packets in the described server early than the timestamp of described infected file, according to this download address client, download with described association backup file from described server and to be stored in described backup file the same backup file bag, to replace described infected file.
In order to solve the problems of the technologies described above, the application also provides a kind of file repair system, comprise: client and server, described client is used for determining to be infected the infected file that forms by malicious code, and obtain the attribute information of described infected file, and the attribute information that sends described infected file inquires about and obtains Query Result to server, and described Query Result comprises the attribute information of at least one association backup file that described server is collected; Described client is according to the attribute information of described infected file, from described Query Result, hit the association backup file with described infected file coupling, and the backup file bag of definite coupling, download backup file in the backup file bag that mates to substitute described infected file from described server, described association backup file and described backup file are stored in the same backup file bag.
Further, described server comprises: query interface, for the attribute information that receives the described infected file that sends; The backup file information bank, the information that is used for preserving backup file is with the backup file of determining self to adapt with described infected file.
Further, described server comprises: download interface, and that be used for hitting from described Query Result and association backup file described infected file coupling, and the backup file bag of the coupling of determining generates the chained address of downloading; Download unit is used for downloading backup file to substitute described infected file from the backup file bag that described server mates according to described chained address, and described association backup file and described backup file are stored in the same backup file bag of described server.
Compare with existing scheme, the technique effect that the application obtains: the attribute information according to infected file is directly inquired about corresponding association backup file from the backup file storehouse, since exist between association backup file and the backup file directly related and both be present in same backup file bag such as backup browser packet or back up service packs, therefore, when finding the packet of association backup file, can find the backup file bag at backup file place, can download accordingly backup file to replace infected file, thereby avoided file reparation of the prior art need to make fail-safe software, and the defective that can't thoroughly repair infected file.
Description of drawings
Accompanying drawing described herein is used to provide the further understanding to the application, consists of the application's a part, and the application's illustrative examples and explanation thereof are used for explaining the application, do not consist of the improper restriction to the application.In the accompanying drawings:
Fig. 1 is the Ile repair method schematic flow sheet of the embodiment of the invention one;
Fig. 2 is the Ile repair method schematic flow sheet of the embodiment of the invention two;
Fig. 3 is the Ile repair method schematic flow sheet of the embodiment of the invention three;
Fig. 4 is the Ile repair method schematic flow sheet of the embodiment of the invention four.
Fig. 5 is the structural representation of embodiment of the invention file repair system.
Embodiment
Below will cooperate graphic and embodiment to describe the application's embodiment in detail, by this to the application how the application technology means implementation procedure that solves technical matters and reach the technology effect can fully understand and implement according to this.
Among the following embodiment of the present invention, attribute information according to infected file is directly inquired about corresponding association backup file from the backup file storehouse, since exist between association backup file and the backup file directly related and both be present in same backup file bag such as backup browser packet or back up service packs, therefore, when finding the packet of association backup file, can find the backup file bag at backup file place, can download accordingly backup file to replace infected file, thereby avoided file reparation of the prior art need to make fail-safe software, and the defective that can't thoroughly repair infected file.
As shown in Figure 1, Ile repair method schematic flow sheet for the embodiment of the invention one, the present embodiment is that particularly, this document restorative procedure comprises for the situation that only inquires the service packs information list of corresponding described backup file in the backup file information bank of described server:
Step 101, client are determined to be infected the infected file that forms by malicious code, and obtain the attribute information of described infected file;
Described infected file comprises executable file, can be the undefined executable file of windows vista system such as this executable file.Described executable file comprises Portable executable file (Portable Executable, PE), new executable file (New Executable, NE) or linear executable file (Linear Executable, LE).Wherein, Portable executable file PE comprises DLL, EXE, FON, OCX, LIB and part sys file, and new executable file NE type has comprised the file of .exe .dll .drv and .fon Four types, and linear executable file LE comprises the vxd file.
The query interface that the attribute information that step 102, described client send described infected file configures in the server, server judges according to the attribute information of described infected file whether described infected file is the executable file relevant with operating system; If so, execution in step 103 then; Otherwise, return the failed result of inquiry;
In the present embodiment, determine whether in the step 102 that system's executable file can specifically realize in this way: determine whether the executable file relevant with operating system according to the signing messages in the basic operating system attribute information of storing directory attribute information corresponding to described infected file and the operation of described infected file, the attribute information of described infected file comprises the storing directory attribute information of correspondence of described infected file and the basic operating system attribute information that described infected file moves.
Step 103, by in the backup file information bank of query interface in described server that configures in the described server, from the backup file information bank of described server, inquire about respectively the service packs information list of corresponding described association backup file and the tabulation of browser data package informatin according to the attribute information of described infected file;
Wherein, because infected file may be the file in the backup service packs, it also may be the file in the backup browser data, therefore, in order to improve the efficient of inquiry, store the tabulation of backup service packs information list and backup browser packet information in the described backup file information bank, like this, when inquiry, at first can in these packet information tabulations, inquire about the attribute information whether the association backup file that mates with infected file is arranged, all clear and definite such as service packs and each version of browser data bag for windows vista system, therefore, also be convenient to set up the information list of these packets.If find the attribute information of association backup file, because association backup file and backup file are arranged in same backup file bag such as the backup service packs, as long as found the association backup file, can determine this association backup file in that packet, also just can find accordingly corresponding backup file.
Wherein, the tabulation of the service packs information list of described association backup file and browser data package informatin comprises: the basic operating system attribute information of the file name information that described association backup file is corresponding, the storing directory attribute information that described association backup file is corresponding, described association backup running paper, the browser attribute information that described association backup file is corresponding, the service packs information that described association backup file is corresponding, and these information can be referred to as the attribute information of described association backup file;
Wherein, the attribute information of described infected file comprises: the service packs information corresponding to browser attribute information, described infected file corresponding to basic operating system attribute information, described infected file of the file name information that described infected file is corresponding, the storing directory attribute information that described infected file is corresponding, the operation of described infected file.
Step 104, if in the backup file information bank of described server, only inquire the service packs information list of corresponding described association backup file, with this service packs information list as Query Result, according to the timestamp of described infected file and the timestamp of the corresponding described association backup file of described service packs information list, generate the first catalogue relevance weight of each bar list directory in the described service packs information list, to reflect the correspondence of the corresponding described association backup file of described service packs information list and described infected file, the attribute information of described infected file comprises the timestamp of described infected file;
In the present embodiment, because only inquired the service packs information list, so just directly with this service packs information list as Query Result, comprise the attribute information of at least one association backup file that described service is collected in this Query Result, such as the file name information of association backup file.
In the present embodiment, with the judgment standard of timestamp as infected file and described association backup correlation of files, such as, if in full accord with the timestamp of described infected file, then can compose with the first the highest catalogue relevance weight to this list directory in the described service packs information list, and the timestamp of other and described infected file is inconsistent, and visual timestamp is successively composed with other the first less catalogue relevance weight.
Step 105, select in the described service packs information list corresponding candidate list catalogue to generate download address according to described the first catalogue relevance weight, download corresponding described backup file according to this download address client from described server, corresponding described association backup file and corresponding described backup file leave in the same backup service packs in the described server.
Association backup file corresponding to corresponding candidate list catalogue as a reference in the described service packs information list, because association backup file and backup file are stored in the same backup service packs, so by finding the association backup file, can find the backup service packs at backup file place, based on this, also just can generate the download address of backup file.
As previously mentioned, in full accord with the timestamp of described infected file, then can compose with the first the highest catalogue relevance weight to this list directory in the described service packs information list, the first catalogue relevance weight that this is the highest is as the list directory of correlativity maximum, i.e. corresponding candidate list catalogue generates corresponding download address according to the list directory of correlativity maximum.
In the present embodiment, if the identical backup file of life period stamp only has one, then the candidate list catalogue of described correspondence is: in described candidate's download list, the timestamp of corresponding described association backup file is in the equal list directory of the timestamp of described infected file, and this list directory has the first the highest catalogue relevance weight.If there is no timestamp situation about equating, then the candidate list catalogue of described correspondence is: in described candidate's download list, the timestamp of described association backup file is greater than the list directory of the timestamp of described infected file, this list directory has the first the highest catalogue relevance weight, this situation may be owing to having beaten up-to-date service packs in client, and this latest patch bag and relevant information thereof are not collected on the server.
In an other embodiment, if two backup files that the life period stamp is identical, then the list directory of described correlativity maximum is: in described candidate's download list, the timestamp of corresponding described association backup file equals the list directory of the timestamp of described infected file, and judges that according to the version number of file described backup file corresponding to described candidate list catalogue is formal version.Why to use the version number of backup file, reason is that the beta version of backup file also may be collected in the server, and just can judge beta version or formal version by the version number of file, thereby only the backup file of the formal version of download is to substitute infected file.
As shown in Figure 2, be the Ile repair method schematic flow sheet of the embodiment of the invention two, the present embodiment is for only in the backup file information bank of described server, inquires the situation of the browser data package informatin tabulation of corresponding described backup file, particularly, this document restorative procedure comprises:
Step 201, client are determined to be infected the infected file that forms by malicious code, and obtain the attribute information of described infected file;
This step is similar to the step 101 in above-described embodiment one, does not repeat them here.
The query interface that the attribute information that step 202, described client send described infected file configures in the server judges according to the attribute information of described infected file whether described infected file is the executable file relevant with operating system; If so, execution in step 203 then; Otherwise, return the failed result of inquiry;
This step is similar to the step 102 in above-described embodiment one, does not repeat them here.
Step 203, by in the backup file information bank of query interface in described server that configures in the described server, from the backup file information bank of described server, inquire about respectively the service packs information list of corresponding association backup file and the tabulation of browser data package informatin according to the attribute information of described infected file;
This step is similar to the step 103 in above-described embodiment one, does not repeat them here.
Step 204, if in the backup file information bank of described server, only inquire the browser data package informatin tabulation of corresponding described association backup file, according to the tabulate timestamp of corresponding described association backup file of the timestamp of described infected file and described browser data package informatin, generate the second catalogue relevance weight of each bar list directory in the described browser data package informatin tabulation, to reflect the tabulate correlativity of corresponding described backup file and described infected file of described browser data package informatin, the attribute information of described infected file comprises the timestamp of described infected file;
In the present embodiment, because only inquired the tabulation of browser data package informatin, so just directly this browser data package informatin is tabulated as Query Result, the attribute information that comprises at least one association backup file that described service is collected in this Query Result is such as the file name information of association backup file.
The determination methods of step 104 in similar above-described embodiment one, in the present embodiment, with the judgment standard of timestamp as infected file and described backup file correlativity, such as, if in the browser data package informatin that the inquires tabulation, in full accord with the timestamp of described infected file, then can compose with the second the highest catalogue relevance weight to this list directory in the described browser data information list, and the timestamp of other and described infected file is inconsistent, and visual timestamp is successively composed with other the second less catalogue relevance weight.
Step 205, select candidate list catalogue corresponding in the tabulation of described browser data package informatin to generate download address according to described the second catalogue relevance weight, download described backup file corresponding to candidate list catalogue according to this download address client from described server, described association backup file corresponding to candidate list catalogue and corresponding described backup file leave in the same backup browser packet in the described server.
As previously mentioned, in full accord with the timestamp of described infected file, then can compose with the second the highest catalogue relevance weight to this list directory in the described browser data package informatin tabulation, the second catalogue relevance weight that this is the highest is as the list directory of correlativity maximum, be the candidate list catalogue, generate the download address of correspondence according to the list directory of correlativity maximum.
In the present embodiment, in the described service packs information list, if the identical backup file of life period stamp only has one, then described candidate list catalogue is in described candidate's download list, the timestamp of corresponding described association backup file is in the equal list directory of the timestamp of described infected file, and this list directory has the second the highest catalogue relevance weight.If there is no timestamp situation about equating, then described candidate list catalogue is: in described candidate's download list, the timestamp of described association backup file is greater than the list directory of the timestamp of described infected file, this list directory has the second the highest catalogue relevance weight, this situation may be owing to having beaten up-to-date service packs in client, and this latest patch bag and relevant information thereof are not collected on the server.
In an other embodiment, if two backup files that the life period stamp is identical, then the candidate list catalogue of described correspondence is: in described candidate's download list, the timestamp of corresponding described association backup file equals the list directory of the timestamp of described infected file, and judges that according to the version number of file described backup file corresponding to described candidate list catalogue is formal version.Why to use the version number of backup file, reason is that the beta version of backup file also may be collected in the server, and just can judge beta version or formal version by the version number of file, thereby only the described backup file of the formal version of download is to substitute infected file.
As shown in Figure 3, Ile repair method schematic flow sheet for the embodiment of the invention three, the present embodiment is in the backup file information bank of described server, all inquire the browser data package informatin tabulation of corresponding described backup file and the situation of service packs information list, Ile repair method comprises:
Step 301, client are determined to be infected the infected file that forms by malicious code, and obtain the attribute information of described infected file;
This step is similar to the step 101 in above-described embodiment one, does not repeat them here.
The query interface that the attribute information that step 302, described client send described infected file configures in the server judges according to the attribute information of described infected file whether described infected file is the executable file relevant with operating system; If so, execution in step 303 then; Otherwise, return the failed result of inquiry;
This step is similar to the step 102 in above-described embodiment one, does not repeat them here.
In the present embodiment, determine whether in the step 302 that system's executable file can specifically realize in this way: determine whether the executable file relevant with operating system according to the signing messages in the basic operating system attribute information of storing directory attribute information corresponding to described infected file and the operation of described infected file, the attribute information of described infected file comprises the storing directory attribute information of correspondence of described infected file and the basic operating system attribute information that described infected file moves.
Step 303, by in the backup file information bank of query interface in described server that configures in the described server, from the backup file information bank of described server, inquire about respectively the service packs information list of corresponding described association backup file and the tabulation of browser data package informatin according to the attribute information of described infected file;
This step is similar to the step 103 in above-described embodiment one, does not repeat them here.
If step 304 all inquires service packs information list and the tabulation of browser data package informatin of corresponding described association backup file in the backup file information bank of described server, then according to the timestamp of described infected file and the timestamp of the corresponding described association backup file of described service packs information list, generate the first catalogue relevance weight of described each bar list directory of service packs information list and calculate the first tabulation relevance weight of described service packs information list;
Step 305, according to the tabulate timestamp of corresponding described association backup file of timestamp and the described browser data package informatin of described infected file, generate the second catalogue relevance weight of each bar list directory in the described browser data package informatin tabulation and calculate the second tabulation relevance weight of described browser data package informatin tabulation;
Do not have absolute sequential relationship between step 304 and the step 305, these two steps can any one formerly carry out and another one in rear execution, perhaps carry out simultaneously and get final product for two.
Step 306, according to the second tabulation relevance weight of the first tabulation relevance weight and described browser data package informatin tabulation of described service packs information list, select candidate's download list as Query Result.
By step 304 and 305 as can be known, in the service packs information list and in the tabulation of browser data package informatin, inquire simultaneously the attribute information that has the association backup file, because the association backup file is directly relevant with backup file, namely can determine to have simultaneously in backup file is corresponding in the backup file storehouse on the server backup service packs and the backup browser packet backup file of replaceable infected file.For this kind situation, in order from server, to download the backup file that mates the most with infected file, then need the relevance weight according to each backup file the package list, the the second tabulation relevance weight that is the first tabulation relevance weight and browser data package informatin tabulation of service packs information list comprehensively judges, downloads to determine from the backup file storehouse of server the backup file in the selection service packs or the backup file in the browser information bag.
For example, if the first tabulation associated weight show that then service packs information list and infected file correlativity are larger, and browser data package informatin and infected file correlativity is less greater than the second tabulation associated weight.At this moment, take the service packs information list as candidate's download list, this candidate's download list is as Query Result.Otherwise then take the tabulation of browser data package informatin as candidate's download list, this candidate's download list is as Query Result.
Candidate list catalogue in step 307, the described candidate's selective listing of selection, download corresponding described backup file from described server, the described association backup file that described backup file is corresponding with the candidate list catalogue leaves in same backup service packs and the same backup browser packet, and described backup service packs and backup browser packet are stored in the backup file storehouse of described server.
In the present embodiment, for with candidate's download list as Query Result, it may comprise a plurality of list directories, and each list directory can both correspond to a backup file, therefore, if the identical backup file of life period stamp only has one, then described candidate list catalogue is: in described candidate's download list, the timestamp of corresponding described association backup file is in the equal list directory of the timestamp of described infected file; Perhaps, such as the identical backup file of the stamp of life period not, then described candidate's list directory is: in described candidate's download list, the timestamp of described association backup file is greater than the list directory of the timestamp of described infected file.
In an other embodiment, if two backup files that the life period stamp is identical, then described candidate list catalogue is: in described candidate's download list, the timestamp of corresponding described association backup file equals the list directory of the timestamp of described infected file, and judges that according to the version number of file described backup file corresponding to described candidate list catalogue is formal version.By version number distinguishing beta version file or formal version file, thereby guarantee that the backup file of downloading is formal version file.
As shown in Figure 4, press process flow diagram for the Ile repair method of the embodiment of the invention four.The present embodiment is in the backup file information bank of described server, does not all inquire the browser data package informatin tabulation of corresponding described backup file and the situation of service packs information list, and particularly, this document restorative procedure comprises:
Step 401, client are determined to be infected the infected file that forms by malicious code, and obtain the attribute information of described infected file;
This step is similar to the step 101 in above-described embodiment one, does not repeat them here.
The query interface that the attribute information that step 402, described client send described infected file configures in the server judges according to the attribute information of described infected file whether described infected file is the executable file relevant with operating system; If so, execution in step 403 then; Otherwise, return the failed result of inquiry;
This step is similar to the step 101 in above-described embodiment one, does not repeat them here.
In the present embodiment, determine whether in the step 402 that system's executable file can specifically realize in this way: determine whether the executable file relevant with operating system according to the signing messages in the basic operating system attribute information of storing directory attribute information corresponding to described infected file and the operation of described infected file, the attribute information of described infected file comprises the storing directory attribute information of correspondence of described infected file and the basic operating system attribute information that described infected file moves.
Step 403, by in the backup file information bank of query interface in described server that configures in the described server, from the backup file information bank of described server, inquire about respectively the service packs information list of corresponding association backup file and the tabulation of browser data package informatin according to the attribute information of described infected file;
This step is similar to the step 103 in above-described embodiment one, does not repeat them here.
If step 404 does not all inquire service packs information list and the tabulation of browser data package informatin of corresponding described backup file in the backup file information bank of described server, then obtain the raw data packets of depositing the corresponding raw data of described backup file, and will comprise raw data packets early than the described association backup file of the timestamp of described infected file as Query Result, described raw data packets is stored in the backup file storehouse of described server;
In the present embodiment, the attribute information of raw data packets is as Query Result.
Step 405, generate download address according to the timestamp of association backup file described in the raw data packets in the described server early than the raw data packets of the timestamp of described infected file, download with described association backup file from described server according to this download address client and to be stored in described backup file the same backup file bag, to replace described infected file.
In the present embodiment, for raw data packets, if the identical backup file of life period stamp only has one, then described candidate list catalogue is: in described candidate's download list, the timestamp of corresponding described association backup file is in the equal list directory of the timestamp of described infected file; Perhaps, the if there is no identical backup file of timestamp, the candidate list catalogue of described correspondence is: in described candidate's download list, the timestamp of described association backup file is greater than the list directory of the timestamp of described infected file.
In an other embodiment, for raw data packets, if two backup files that the life period stamp is identical, then described candidate list catalogue is: in described candidate's download list, the timestamp of corresponding described association backup file equals the list directory of the timestamp of described infected file, and judges that according to the version number of file described backup file corresponding to described candidate list catalogue is formal version.
This sentences and inquire backup file from the backup service packs is that example describes.There is infected file urlmon.dll below the client system storing directory, in order in server, to inquire the alternate file that can replace this infected file, client is collected the relevant attribute information of this infected file urlmon.dll, such as the basic operating system Information page osver=5.1.2600.256.1.2 of this shop, browser IE information such as browser version iever=7, storing directory information such as path=system32, according to inquiring about in the backup file information bank of these attribute informations in server, obtain following Query Result, these filenames in this Query Result are the association backup file with infected file urlmon.dll direct correlation:
SHLWAPI.dll iertutil.dll danim.dll dxtrans.dll extmgr.dll
inseng.dll mstime.dll ieakeng.dll ieaksie.dll iedkcs32.dll
iexplore.exe inetcpl.cpl tdc.ocx vgx.dll winfxdocobj.exe
The timestamp information of above-mentioned association backup file is as follows:
SHLWAPI.dll 20080623233829 iertutil.dll 20070814093358
danim.dll 20080623233822 dxtrans.dll 20070814093534
extmgr.dll 20070814095409 inseng.dll 20070814093900
mstime.dll 20070814095049 ieakeng.dll 20070814093924
ieaksie.dll 20070814093951 iedkcs32.dll 20070814093945
iexplore.exe 20040804140033 inetcpl.cpl 20070814094504
tdc.ocx 20070814093213 vgx.dll 20070626215541
winfxdocobj.exe 20070814094514
And in server, learn through inquiry, comprise that the backup service packs information list of above-mentioned association backup file is as follows:
patch/winxp/20090211/ie7-windowsxp-kb961260-x86-chs/sp2gdr
patch/winxp/20081210/windowsxp-kb958215-x86-chs/sp2gdr
patch/winxp/20081210/ie7-windowsxp-kb958215-x86-chs/sp2gdr
patch/winxp/20061212/windowsxp-kb925454-x86-chs/sp2gdr
patch/winxp/20090102/ie7/system32
But the method for relevance weight is determined in elapsed time stamp comparison, only have above-mentioned association backup file under the list directory patch/winxp/20090102/ie7/system32 timestamp " 20090102 " corresponding with infected file urlmon.dll on timestamp consistent, namely this list directory is the catalogue of correlativity maximum, has the first the highest catalogue relevance weight, therefore, also generating accordingly download address according to hit list catalogue patch/winxp/20090102/ie7/system32 can get final product the patch/winxp/20090102/ie7/system32/urlmon.dll download.
As shown in Figure 5, structural representation for embodiment of the invention file repair system, this system comprises: client 501 and server 502, described client 501 is used for determining to be infected the infected file that forms by malicious code, and obtain the attribute information of described infected file, and the attribute information that sends described infected file inquires about and obtains Query Result to server 502, and described Query Result comprises the attribute information of at least one association backup file that described server 502 is collected; Described client 501 is according to the attribute information of described infected file, from described Query Result, hit the association backup file with described infected file coupling, and the backup file bag of definite coupling, download backup file in the backup file bag of coupling to substitute described infected file from described server 502, described association backup file and described backup file are stored in the same backup file bag.
In this enforcement, described server 502 comprises:
Query interface 512 is for the attribute information that receives the described infected file that sends;
Backup file information bank 522, the information that is used for preserving backup file is with the backup file of determining self to be complementary with described infected file.
In the present embodiment, described server can also comprise:
Download interface 532, that be used for hitting from described Query Result and association backup file described infected file coupling, and the backup file bag of the coupling of determining generates the chained address of downloading;
Download unit 542, be used for downloading backup file to substitute described infected file from the backup file bag that described server mates according to described chained address, described association backup file and described backup file are stored in the same backup file bag of described server.
Those skilled in the art should understand, the application's embodiment can be provided as method, system or computer program.Therefore, the application can adopt complete hardware implementation example, complete implement software example or in conjunction with the form of the embodiment of software and hardware aspect.And the application can adopt the form of the computer program of implementing in one or more computer-usable storage medium (including but not limited to magnetic disk memory, CD-ROM, optical memory etc.) that wherein include computer usable program code.
Above-mentioned explanation has illustrated and has described some preferred embodiments of the application, but as previously mentioned, be to be understood that the application is not limited to the disclosed form of this paper, should not regard the eliminating to other embodiment as, and can be used for various other combinations, modification and environment, and can in invention contemplated scope described herein, change by technology or the knowledge of above-mentioned instruction or association area.And the spirit and scope that the change that those skilled in the art carry out and variation do not break away from the application, then all should be in the protection domain of the application's claims.

Claims (19)

1. an Ile repair method is characterized in that,
Client is determined to be infected the infected file that forms by malicious code, and obtains the attribute information of described infected file;
Described client sends the attribute information of described infected file and inquires about and obtain Query Result to server, and described Query Result comprises the attribute information of at least one association backup file that described server is collected;
Described client is according to the attribute information of described infected file, from described Query Result, hit the association backup file with described infected file coupling, and the backup file bag of definite coupling, extract and download backup file in the backup file bag that mates to substitute described infected file from described server, described association backup file and described backup file are stored in the same backup file bag.
2. method according to claim 1, it is characterized in that, the attribute information of described infected file comprises: the storing directory attribute information of the correspondence of described infected file and the basic operating system attribute information of described infected file operation, the file name information that described infected file is corresponding, the browser attribute information that described infected file is corresponding, the service packs information that described infected file is corresponding, the timestamp of described infected file.
3. method according to claim 1 and 2 is characterized in that, the attribute information that described client sends described infected file to inquire about and to obtain Query Result, further comprises in the server:
The query interface that the attribute information that sends described infected file configures in the server;
By the query interface that configures in the described server, inquire about and obtain Query Result in the backup file information bank in described server, store the tabulation of service packs information list and browser data packet information in the described backup file information bank.
4. each described method is characterized in that according to claim 1-3, and described client sends the attribute information of described infected file and inquires about and obtain Query Result to server, further comprises:
Judge according to the attribute information of described infected file whether described infected file is the executable file relevant with operating system, if so, then inquire about in the backup file information bank in described server and obtain corresponding Query Result; Otherwise, return the failed result of inquiry.
5. each described method is characterized in that according to claim 1-4, judges that according to the attribute information of described infected file whether described infected file is the executable file relevant with operating system, further comprises:
Determine whether the executable file relevant with operating system according to the signing messages in the basic operating system attribute information of storing directory attribute information corresponding to described infected file and the operation of described infected file, the attribute information of described infected file comprises the storing directory attribute information of correspondence of described infected file and the basic operating system attribute information that described infected file moves.
6. each described method according to claim 1-5, it is characterized in that, if described infected file is the executable file relevant with operating system, then Query Result is inquired about and obtained to the described client attribute information that sends described infected file to server, further comprises:
According to the attribute information of described infected file, from the backup file information bank of described server, inquire about respectively service packs information list and the tabulation of browser data package informatin of corresponding described association backup file;
Wherein, the tabulation of the service packs information list of described association backup file and browser data package informatin includes: the basic operating system attribute information of the file name information that described association backup file is corresponding, the storing directory attribute information that described association backup file is corresponding, described association backup running paper, the browser attribute information that described association backup file is corresponding, the service packs information that described association backup file is corresponding;
Wherein, the attribute information of described infected file comprises: the service packs information corresponding to browser attribute information, described infected file corresponding to basic operating system attribute information, described infected file of the file name information that described infected file is corresponding, the storing directory attribute information that described infected file is corresponding, the operation of described infected file.
7. each described method according to claim 1-6, it is characterized in that, if in the backup file information bank of described server, only inquire the service packs information list of corresponding described association backup file, then Query Result is inquired about and obtained to the described client attribute information that sends described infected file to server, further comprises:
According to the timestamp of described infected file and the timestamp of the corresponding described association backup file of described service packs information list, generate the first catalogue relevance weight of list directory in the described service packs information list, generate the correspondence of corresponding described association backup file and described infected file in the described service packs information list according to described the first catalogue relevance weight, in order to inquire about and obtain and download corresponding described backup file at described server, the attribute information of described infected file comprises the timestamp of described infected file.
8. each described method according to claim 1-7, it is characterized in that, described client is according to the attribute information of described infected file, from described Query Result, hit the association backup file with described infected file coupling, and the backup file bag of definite coupling, download backup file in the backup file bag that from described server, mates to substitute described infected file, further comprise:
Select candidate list catalogue corresponding in the described service packs information list to generate download address according to described the first catalogue relevance weight, download corresponding described backup file according to this download address client from described server, wherein, in corresponding described association backup file and the related same backup service packs of described backup file association store in described server.
9. each described method according to claim 1-8, it is characterized in that, if in the backup file information bank of described server, only inquire the browser data package informatin tabulation of corresponding described association backup file, then Query Result is inquired about and obtained to the described client attribute information that sends described infected file to server, further comprises:
According to the tabulate timestamp of corresponding described association backup file of the timestamp of described infected file and described browser data package informatin, generate the second catalogue relevance weight of list directory in the described browser data package informatin tabulation, determine the tabulate correlativity of corresponding described backup file and described infected file of described browser data package informatin according to the second catalogue relevance weight, in order to inquire about and obtain and download corresponding described backup file at described server.
10. each described method according to claim 1-9, it is characterized in that, described client is according to the attribute information of described infected file, from described Query Result, hit the backup file that is complementary with self, and from described server, download backup file to substitute described infected file, further comprise:
Select candidate list catalogue generation download address corresponding in the described browser data package informatin tabulation according to described the second catalogue relevance weight, client is downloaded corresponding described backup file according to this download address from described server, and corresponding described association backup file and corresponding described backup file leave in the same backup browser packet in the described server.
11. each described method according to claim 1-10, it is characterized in that, if in the backup file information bank of described server, all inquire service packs information list and the tabulation of browser data package informatin of corresponding described association backup file, then Query Result is inquired about and obtained to the described client attribute information that sends described infected file to server, further comprises:
According to the timestamp of described infected file and the timestamp of the corresponding described association backup file of described service packs information list, generate the first catalogue relevance weight of list directory in the described service packs information list and calculate described service packs information list first the tabulation relevance weight;
According to the tabulate timestamp of corresponding described association backup file of the timestamp of described infected file and described browser data package informatin, generate the second catalogue relevance weight of list directory in the described browser data package informatin tabulation and calculate the second tabulation relevance weight of described browser data package informatin tabulation;
According to the first tabulation relevance weight of described service packs information list and the second tabulation relevance weight of described browser data package informatin tabulation, select candidate's download list as Query Result.
12. each described method according to claim 1-11, it is characterized in that, described client is according to the attribute information of described infected file, from described Query Result, hit the association backup file with described infected file coupling, and the backup file bag of definite coupling, download backup file in the backup file bag that mates to substitute described infected file from described server, described association backup file and described backup file are stored in the same backup file bag, further comprise:
Select candidate list catalogue in described candidate's download list, download described association backup file corresponding to candidate list catalogue from described server, the described association backup file that described backup file is corresponding with the candidate list catalogue leaves in same backup service packs and the same backup browser packet, and described backup service packs and backup browser packet are stored in the backup file storehouse of described server.
13. each described method is characterized in that according to claim 1-12, described candidate list catalogue is: in described candidate's download list, the timestamp of corresponding described association backup file is in the equal list directory of the timestamp of described infected file; Perhaps, the candidate list catalogue of described correspondence is: in described candidate's download list, the timestamp of described association backup file is greater than the list directory of the timestamp of described infected file.
14. each described method according to claim 1-13, it is characterized in that, described candidate list catalogue is: in described candidate's download list, the timestamp of corresponding described association backup file equals the list directory of the timestamp of described infected file, and judges that according to the version number of file described backup file corresponding to described candidate list catalogue is formal version.
15. each described method according to claim 1-14, it is characterized in that, if in the backup file information bank of described server, all do not inquire service packs information list and the tabulation of browser data package informatin of corresponding described association backup file, then Query Result is inquired about and obtained to the described client attribute information that sends described infected file to server, further comprises:
Obtain the raw data packets of depositing the corresponding raw data of described backup file;
With the timestamp of the file of association backup described in the raw data packets early than the raw data packets of the timestamp of described infected file as Query Result, described raw data packets is stored in the backup file storehouse of described server.
16. each described method according to claim 1-15, it is characterized in that, state client according to the attribute information of described infected file, from described Query Result, hit the association backup file with described infected file coupling, and the backup file bag of definite coupling, download backup file in the backup file bag that from described server, mates to substitute described infected file, further comprise:
According to the raw data packets generation download address of the timestamp of association backup file described in the raw data packets in the described server early than the timestamp of described infected file, according to this download address client, download with described association backup file from described server and to be stored in described backup file the same backup file bag, to replace described infected file.
17. file repair system, it is characterized in that, comprise: client and server, described client is used for determining to be infected the infected file that forms by malicious code, and obtain the attribute information of described infected file, and the attribute information that sends described infected file inquires about and obtains Query Result to server, and described Query Result comprises the attribute information of at least one association backup file that described server is collected; Described client is according to the attribute information of described infected file, from described Query Result, hit the association backup file with described infected file coupling, and the backup file bag of definite coupling, download backup file in the backup file bag that mates to substitute described infected file from described server, described association backup file and described backup file are stored in the same backup file bag.
18. system according to claim 17 is characterized in that, described server comprises:
Query interface is for the attribute information that receives the described infected file that sends;
The backup file information bank, the information that is used for preserving backup file is with the backup file of determining self to adapt with described infected file.
19. according to claim 17 or 18 described systems, it is characterized in that, described server comprises:
Download interface, that be used for hitting from described Query Result and association backup file described infected file coupling, and the backup file bag of the coupling of determining generates the chained address of downloading;
Download unit is used for downloading backup file to substitute described infected file from the backup file bag that described server mates according to described chained address, and described association backup file and described backup file are stored in the same backup file bag of described server.
CN201210375449.7A 2012-09-29 2012-09-29 Ile repair method and system Active CN102902922B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210375449.7A CN102902922B (en) 2012-09-29 2012-09-29 Ile repair method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210375449.7A CN102902922B (en) 2012-09-29 2012-09-29 Ile repair method and system

Publications (2)

Publication Number Publication Date
CN102902922A true CN102902922A (en) 2013-01-30
CN102902922B CN102902922B (en) 2016-04-20

Family

ID=47575149

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210375449.7A Active CN102902922B (en) 2012-09-29 2012-09-29 Ile repair method and system

Country Status (1)

Country Link
CN (1) CN102902922B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103310154A (en) * 2013-06-04 2013-09-18 腾讯科技(深圳)有限公司 Information security processing method, equipment and system
CN104331660A (en) * 2014-10-31 2015-02-04 北京奇虎科技有限公司 Method, device and system for repairing system file
CN105224572A (en) * 2014-06-30 2016-01-06 北京金山安全软件有限公司 Method and device for identifying garbage catalogue
CN105354341A (en) * 2015-12-18 2016-02-24 北京奇虎科技有限公司 File updating method and device
CN106408544A (en) * 2016-11-11 2017-02-15 暴风集团股份有限公司 Method and system for repairing damaged video
CN103914357B (en) * 2014-04-11 2017-04-26 珠海市君天电子科技有限公司 IE (internet explorer) repair method and IE repair device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101246535A (en) * 2008-03-25 2008-08-20 深圳市迅雷网络技术有限公司 Method, system and device for renovating abnormal document
CN101950336A (en) * 2010-08-18 2011-01-19 奇智软件(北京)有限公司 Method and device for removing malicious programs

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101246535A (en) * 2008-03-25 2008-08-20 深圳市迅雷网络技术有限公司 Method, system and device for renovating abnormal document
CN101950336A (en) * 2010-08-18 2011-01-19 奇智软件(北京)有限公司 Method and device for removing malicious programs

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103310154A (en) * 2013-06-04 2013-09-18 腾讯科技(深圳)有限公司 Information security processing method, equipment and system
CN103310154B (en) * 2013-06-04 2016-12-28 腾讯科技(深圳)有限公司 The method, apparatus and system that information security processes
CN103914357B (en) * 2014-04-11 2017-04-26 珠海市君天电子科技有限公司 IE (internet explorer) repair method and IE repair device
CN105224572A (en) * 2014-06-30 2016-01-06 北京金山安全软件有限公司 Method and device for identifying garbage catalogue
CN105224572B (en) * 2014-06-30 2019-11-15 北京金山安全软件有限公司 Method and device for identifying garbage catalogue
CN104331660A (en) * 2014-10-31 2015-02-04 北京奇虎科技有限公司 Method, device and system for repairing system file
CN105354341A (en) * 2015-12-18 2016-02-24 北京奇虎科技有限公司 File updating method and device
CN105354341B (en) * 2015-12-18 2019-03-01 北京奇虎科技有限公司 The update method and device of file
CN106408544A (en) * 2016-11-11 2017-02-15 暴风集团股份有限公司 Method and system for repairing damaged video

Also Published As

Publication number Publication date
CN102902922B (en) 2016-04-20

Similar Documents

Publication Publication Date Title
CN102810138B (en) A kind of restorative procedure of user side file and system
CN102902922B (en) Ile repair method and system
US20160134422A1 (en) System and method for identifying software changes
WO2017162032A1 (en) Method and device for executing data recovery operation
US20150106652A1 (en) System repair method and device, and storage medium
CN102592103B (en) Secure file processing method, equipment and system
CN101217571B (en) Write/read document operation method applied in multi-copy data grid system
US20100169415A1 (en) Systems, methods, and apparatus for identifying accessible dispersed digital storage vaults utilizing a centralized registry
US20150212900A1 (en) Storage system and method of controlling storage system
WO2021226905A1 (en) Data storage method and system, and storage medium
CN103678337B (en) Data clearing method, apparatus and system
CA2546182A1 (en) Apparatus, system, and method for grid based data storage
CN111262822B (en) File storage method, device, block link point and system
CN104866394A (en) Distributed file backup method and system
CN110990335B (en) Log archiving method, device, equipment and computer readable storage medium
CN103177022A (en) Method and device of malicious file search
US7801859B1 (en) Tracking filesystem backups
CN104023070B (en) file compression method based on cloud storage
CN109299116B (en) Data synchronization method, device, equipment and readable storage medium
CN111432041A (en) Domain name acquisition method, system, terminal and computer readable storage medium
CN111339551A (en) Data verification method and related device and equipment
CN101924794B (en) Internet based method for monitoring total software operation quantity in real time
CN104424316A (en) Data storage method, data searching method, related device and system
CN102902923A (en) File repair method and system
CN116894013A (en) File processing method and device, storage medium and electronic equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee after: Beijing Qizhi Business Consulting Co.,Ltd.

Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee before: Qizhi software (Beijing) Co.,Ltd.

CP01 Change in the name or title of a patent holder
TR01 Transfer of patent right

Effective date of registration: 20220329

Address after: 100016 1773, 15 / F, 17 / F, building 3, No.10, Jiuxianqiao Road, Chaoyang District, Beijing

Patentee after: Sanliu0 Digital Security Technology Group Co.,Ltd.

Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee before: Beijing Qizhi Business Consulting Co.,Ltd.

TR01 Transfer of patent right