CN102902923B - Ile repair method and system - Google Patents
Ile repair method and system Download PDFInfo
- Publication number
- CN102902923B CN102902923B CN201210375522.0A CN201210375522A CN102902923B CN 102902923 B CN102902923 B CN 102902923B CN 201210375522 A CN201210375522 A CN 201210375522A CN 102902923 B CN102902923 B CN 102902923B
- Authority
- CN
- China
- Prior art keywords
- file
- list
- infected
- backup
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The application discloses a kind of Ile repair method and system, and the method comprises: a kind of Ile repair method, comprising: client is determined the infected file that is infected formation by malicious code, and obtains the attribute information of described infected file; Described client sends the attribute information of described infected file and inquires about and obtain Query Result to server, and described Query Result comprises the attribute information of at least one backup file of described server collection, and described backup file is corresponding with described infected file; Described client, according to the attribute information of described infected file, is hit the backup file of coupling from described Query Result, and from described server, extracts and download described backup file to substitute described infected file. The present invention can inquire about corresponding backup file from backup file storehouse according to the attribute information of infected file, directly replace infected file.
Description
Technical field
The invention belongs to data security field, specifically, relate to a kind of Ile repair method and system.
Background technology
" infected file " is a kind of conventional means that virus and wooden horse destroy and steal user data.So-called " infected file " can refer to: malicious code is added in the code of normal procedure, make normal procedureBecome the infected file having been infected by malicious code, in the time of this infected file operation, malicious code is also with normallyCode synchronisation operation, and then user's data are destroyed, malicious code is broadcast in not dig, forms moreInfected file, destroys more normal procedure. Further, steal by moving these " infected programs "Take the data at family as a series of malicious acts such as user's secret data, password or fictitious assetss, especially,By infecting the system file relevant with operating system, realization abduction network, brush flow, fishing pay, robberNumber etc.
Therefore,, in order to ensure data security, user need to repair infected file conventionally, regainsNormal procedure.
In prior art, the process of reparation can brief overview be: carry out sample analysis, collect malicious code storehouse,Coding is made fail-safe software, uses fail-safe software from infected file, to remove malicious code. Use safetyThe process of software removing malicious code can be as follows:
Malice generation in code corresponding to scanning document in client-> discovery infected file-> localized infection fileCode position-> according to location malicious code as virus or wooden horse position, only malicious code part is deleted.
But, malicious code with the process of fail-safe software antagonism in, form very various mutation, above-mentionedExisting method processing infected file conventionally cannot be realized and effectively repair file, specifically has following shortcoming:
(1) almost do not accomplish to repair completely, after a lot of file reparations, the also remaining malicious code of possibility; OrPerson, after a lot of file reparations, can not normally carry out, and individual other also may cause system crash or applicationSoftware cannot normally use;
(2) cannot repair file time, such as the infected degree of file exceedes 80%, substantially cannot be by malice generationCode is deleted from former normal file code, is forced to isolation or deletes infected file; Especially, cannot repair systemWhen system critical file, be forced to retain the infected file relevant with system.
As the above analysis, the repair process of prior art need to be made fail-safe software, only has safety softPart moves in user's client just can realize reparation; In addition, the reparation of prior art cannot be thoroughlyRepair infected file.
Summary of the invention
In view of this, technical problems to be solved in this application have been to provide a kind of Ile repair method and system,Can from backup file storehouse, inquire about according to the attribute information of infected file corresponding backup file, directly replaceInfected file.
In order to solve the problems of the technologies described above, the application provides a kind of Ile repair method, comprising: clientDetermine by malicious code and infect the infected file forming, and obtain the attribute information of described infected file; DescribedClient sends the attribute information of described infected file and inquires about and obtain Query Result to server, described inQuery Result comprises the attribute information of at least one backup file of described server collection, described backup fileCorresponding with described infected file; Described client is according to the attribute information of described infected file, from described inquiryIn result, hit the backup file of coupling, and from described server, extract and download described backup file to replaceFor described infected file.
Further, the attribute information of described infected file comprises: the corresponding order of depositing of described infected fileBasic operating system attribute information, the described infected file correspondence of record attribute information and the operation of described infected fileBrowser attribute information corresponding to file name information, described infected file, the benefit that described infected file is correspondingThe timestamp of fourth package informatin, described infected file.
Further, the attribute information that described client sends described infected file in server to look intoAsk and obtain Query Result, comprising: the attribute information that sends described infected file is to looking into of configuring in serverAsk interface; By the query interface configuring in described server, the backup file information in described serverIn storehouse, inquire about and obtain Query Result, in described backup file information bank, store service packs information listWith the list of browser data packet information.
Further, the attribute information that described client sends described infected file is inquired about also to serverObtain Query Result, comprising: judge that according to the attribute information of described infected file whether described infected file isThe executable file relevant to operating system, if so, the backup file information bank in described serverIn inquire about and obtain corresponding Query Result; Otherwise, return to the result that inquiry is failed.
Further, judge that according to the attribute information of described infected file whether described infected file is and operationThe executable file that system is relevant, comprising: according to storing directory attribute information corresponding to described infected file andSigning messages in the basic operating system attribute information of described infected file operation determines whether and operatesThe executable file that system is relevant, the attribute information of described infected file comprises the corresponding of described infected fileThe basic operating system attribute information of storing directory attribute information and the operation of described infected file.
Further, if described infected file is the executable file relevant to operating system, described visitorFamily end sends the attribute information of described infected file and inquires about and obtain Query Result to server, comprising:According to the attribute information of described infected file, it is right from the backup file information bank of described server, to inquire about respectivelyAnswer service packs information list and the list of browser data package informatin of described backup file; Wherein, described backupThe service packs information list of file and the list of browser data package informatin comprise: the literary composition that described backup file is correspondingIt is basic that part name information, the storing directory attribute information that described backup file is corresponding, described backup file moveOperating system attribute information, the browser attribute information that described backup file is corresponding, described backup file correspondenceService packs information; Wherein, the attribute information of described infected file comprises: the literary composition that described infected file is correspondingIt is basic that part name information, the storing directory attribute information that described infected file is corresponding, described infected file moveOperating system attribute information, the browser attribute information that described infected file is corresponding, described infected file correspondenceService packs information.
Further, if only inquire corresponding described backup in the backup file information bank of described serverThe service packs information list of file, the attribute information that described client sends described infected file is to serverInquire about and obtain Query Result, comprising: according to the timestamp of described infected file and described service packs letterThe timestamp of the corresponding described backup file of breath list, generates the of list directory in described service packs information listOne catalogue relevance weight, determines the corresponding institute of described service packs information list according to the first catalogue relevance weightState the correspondence of backup file and described infected file, so as described server inquire about and obtain and underCarry corresponding described backup file, the attribute information of described infected file comprises the timestamp of described infected file.
Further, described client is according to the attribute information of described infected file, from described Query ResultHit the backup file matching with self, and from described server, download backup file to substitute described senseDye file, comprising: select in described service packs information list corresponding according to described the first catalogue relevance weightCandidate list catalogue generate download address, download corresponding from described server according to this download address clientDescribed backup file corresponding to candidate list catalogue, described backup corresponding to corresponding candidate list catalogue is civilianPart leaves in the backup service packs of described server.
Further, if only inquire corresponding described backup in the backup file information bank of described serverThe browser data package informatin list of file, the attribute information that described client sends described infected file arrivesQuery Result is inquired about and obtained to server, comprising: according to the timestamp of described infected file and described clearThe timestamp of the corresponding described backup file of the device packet information list of looking at, generates described browser data package informatinIn list, the second catalogue relevance weight of list directory, determines described clear according to the second catalogue relevance weightThe correlation of looking at the corresponding described backup file of device packet information list and described infected file, so that describedCorresponding described backup file is inquired about and obtain and downloaded to server.
Further, described client is according to the attribute information of described infected file, from described Query ResultHit the backup file matching with self, and from described server, download backup file to substitute described senseDye file, comprising: select the list of described browser data package informatin according to described the second catalogue relevance weightThe candidate list catalogue of middle correspondence generates download address, according to this download address client from described serverCarry corresponding described backup file corresponding to candidate list catalogue, corresponding candidate list catalogue corresponding described inBackup file leaves in the backup browser packet of described server.
Further, if all inquire corresponding described backup in the backup file information bank of described serverThe service packs information list of file and the list of browser data package informatin, described client sends described infectionQuery Result is inquired about and obtained to the attribute information of file to server, comprising: according to described infected fileThe timestamp of timestamp and the corresponding described backup file of described service packs information list, generate described service packsThe first catalogue relevance weight of list directory calculate first of described service packs information list in information listList relevance weight; According to the timestamp of described infected file and the list pair of described browser data package informatinTimestamp that should described backup file, generates second of list directory in the list of described browser data package informatinCatalogue relevance weight is also calculated the second list relevance weight of described browser data package informatin list; RootAccording to the first list relevance weight of described service packs information list and the list of described browser data package informatinThe second list relevance weight, selects candidate's download list as Query Result.
Further, described client is according to the attribute information of described infected file, from described Query ResultHit the backup file of coupling, and from described server, download backup file to substitute described infected file,Comprise: select candidate list catalogue corresponding in described candidate's download list to generate download address, according under thisSet address client is downloaded described backup file corresponding to corresponding candidate list catalogue from described server, rightThe described backup file corresponding to candidate list catalogue of answering leaves in service packs and browser data bag, described inBackup service packs and backup browser packet are stored in the backup file storehouse of described server.
Further, the candidate list catalogue of described correspondence is: in described candidate's download list, described in correspondenceThe timestamp of backup file equals the equal list directory of timestamp of described infected file; Or, described rightThe candidate list catalogue of answering is: in described candidate's download list, described in the timestamp of described backup file is greater thanThe list directory of the timestamp of infected file.
Further, the candidate list catalogue of described correspondence is: in described candidate's download list, described in correspondenceThe timestamp of backup file equals the list directory of the timestamp of described infected file, and according to the version of fileNumber judge that described backup file corresponding to described candidate list catalogue is as formal version.
Further, if all do not inquire corresponding described standby in the backup file information bank of described serverService packs information list and the list of browser data package informatin of part file, described client sends described senseDye the attribute information of file and inquire about and obtain Query Result to server, comprising: obtain deposit described standbyThe raw data packets of part file initial data; By the timestamp of backup file described in described server early than instituteState the raw data packets of timestamp of infected file as Query Result, described in described raw data packets is stored inIn the backup file storehouse of server.
Further, described client is according to the attribute information of described infected file, from described Query ResultHit the backup file matching with self, and from described server, download backup file to substitute described senseDye file, comprising: according to the timestamp of backup file described in raw data packets in described server early than instituteState infected file timestamp raw data packets generate download address, according to this download address client from instituteState server and download described backup file to replace described infected file.
In order to solve the problems of the technologies described above, the application also provides a kind of file repair system, comprising: clientEnd and server, described client infects for determining by malicious code the infected file forming, and obtains instituteState the attribute information of infected file, and the attribute information that sends described infected file is inquired about also to serverObtain Query Result, described Query Result comprises the attribute of at least one backup file of described server collectionInformation, described backup file is corresponding with described infected file; Described client is according to the genus of described infected fileProperty information, from described Query Result, choose and mate described backup file, and carrying from described serverGet and download to substitute described infected file.
Further, described server comprises: query interface, and for receiving the described infected file of transmissionAttribute information; Backup file information bank, for preserving the information of backup file, to determine and described infection literary compositionThe backup file of part coupling.
Further, described server comprises: download interface, choose from described Query Result for basisThe backup file matching with self generate download chained address; Download unit, for according to described chainThe backup file of coupling is downloaded to replace described infection literary composition in ground connection location from the backup file storehouse of described serverPart.
Compared with existing scheme, the technique effect that the application obtains: according to the attribute information of infected fileFrom backup file storehouse, inquire about corresponding backup file, directly replace infected file, thereby avoided existing skillFile reparation in art need to be made fail-safe software, and cannot thoroughly repair the defect of infected file.
Brief description of the drawings
Accompanying drawing described herein is used to provide further understanding of the present application, forms the application's a part,The application's schematic description and description is used for explaining the application, does not form the improper limit to the applicationFixed. In the accompanying drawings:
Fig. 1 is the Ile repair method schematic flow sheet of the embodiment of the present invention one;
Fig. 2 is the Ile repair method schematic flow sheet of the embodiment of the present invention two;
Fig. 3 is the Ile repair method schematic flow sheet of the embodiment of the present invention three;
Fig. 4 is the Ile repair method schematic flow sheet of the embodiment of the present invention four;
Fig. 5 is the concrete application schematic diagram that the present invention only inquires backup file from service packs list;
Fig. 6 is the structural representation of embodiment of the present invention file repair system.
Detailed description of the invention
To coordinate graphic and embodiment to describe the application's embodiment in detail below, by this to the application asThe implementation procedure that what application technology means solves technical problem and reaches technology effect can fully understand and according to thisImplement.
As shown in Figure 1, be the Ile repair method schematic flow sheet of the embodiment of the present invention one, the present embodiment isFor the service packs letter that only inquires corresponding described backup file in the backup file information bank of described serverThe situation of breath list, particularly, this Ile repair method comprises:
Step 101, client are determined the infected file that is infected formation by malicious code, and obtain described infection literary compositionThe attribute information of part;
Described infected file comprises executable file, such as this executable file can be windowsvista systemThe undefined executable file of uniting. Described executable file comprises Portable executable file (PortableExecutable, PE), new executable file (NewExecutable, NE) or linearity can carry out literary compositionPart (LinearExecutable, LE). Wherein, Portable executable file PE comprise DLL, EXE,FON, OCX, LIB and part sys file, new executable file NE type has comprised .exe .dll .drvWith the file of .fon Four types, linear executable file LE comprises vxd file.
The attribute information that step 102, described client send described infected file is to the inquiry configuring in serverInterface, judges according to the attribute information of described infected file whether described infected file is relevant to operating systemExecutable file; If so, perform step 103; Otherwise, return to the result that inquiry is failed;
In the present embodiment, in step 102, determine whether that system executable file can specifically pass through this sideFormula realizes: according to the operation of storing directory attribute information corresponding to described infected file and described infected fileSigning messages in basic operating system attribute information determines whether the carried out literary composition relevant to operating systemPart, the attribute information of described infected file comprise described infected file corresponding storing directory attribute information andThe basic operating system attribute information of described infected file operation.
Step 103, backup file letter by the query interface that configures in described server in described serverIn breath storehouse, according to the attribute information of described infected file difference from the backup file information bank of described serverInquire about service packs information list and the list of browser data package informatin of corresponding described backup file;
Wherein, because infected file may be the file in service packs, may be also the literary composition in browser dataPart, therefore, in order to improve the efficiency of inquiry, stores service packs information row in described backup file information bankTable and browser data information list, like this, in the time of inquiry, first can be in these packet information listsWhether middle inquiry has the attribute information of the backup file mating with infected file, such as for windowsvistaThe all clear and definite classification of the service packs of system and each version of browser data bag, therefore, are also convenient to set up thisThe information list of a little packets;
Wherein, the service packs information list of described backup file and the list of browser data package informatin comprise: instituteState the file name information that backup file is corresponding, storing directory attribute information that described backup file is corresponding, described inBrowser attribute information that basic operating system attribute information, the described backup file of backup file operation are corresponding,The service packs information that described backup file is corresponding, these information can be referred to as the attribute information of described backup file;
Wherein, the attribute information of described infected file comprises: file name information that described infected file is corresponding,The basic operating system of the storing directory attribute information that described infected file is corresponding, the operation of described infected file belongs toProperty information, the browser attribute information that described infected file is corresponding, service packs letter that described infected file is correspondingBreath.
If step 104 only inquires corresponding described backup literary composition in the backup file information bank of described serverThe service packs information list of part, using this service packs information list as Query Result, according to described infected fileThe timestamp of timestamp and the corresponding described backup file of described service packs information list, generate described service packsThe first catalogue relevance weight of each list directory of information list, true according to the first catalogue relevance weightThe correspondence of the corresponding described backup file of fixed described service packs information list and described infected file, so that in instituteState server and inquire about and obtain and download corresponding described backup file, the attribute letter of described infected fileBreath comprises the timestamp of described infected file;
In the present embodiment, using timestamp as infected file and the judgment standard of described backup file correlation,Such as, if in full accord with the timestamp of described infected file, can give described service packs information listIn this list directory compose with the first the highest catalogue relevance weight, and time of other and described infected fileStab inconsistently, visual timestamp is successively composed with other the first less catalogue relevance weight.
Step 105, select in described service packs information list according to described the first catalogue relevance weight correspondingCandidate list catalogue generates download address, downloads corresponding according to this download address client from described serverThe described backup file that candidate list catalogue is corresponding, corresponding described backup file corresponding to candidate list catalogueLeave in service packs.
As previously mentioned, in full accord with the timestamp of described infected file, can give described service packs informationIn list, this list directory is composed with the first the highest catalogue relevance weight, and this first the highest catalogue is relevantProperty weight as corresponding candidate list catalogue, generate corresponding download ground according to corresponding candidate list catalogueLocation.
In the present embodiment, if stabbing identical backup file, life period only has one, the time of described correspondenceSelecting list directory is the list order that the timestamp of described infected file and the timestamp of described backup file equateRecord, this list directory has the first the highest catalogue relevance weight. If there is no the equal feelings of timestampCondition, timestamp that the candidate list catalogue of described correspondence is described infected file is less than described backup fileThe list directory that timestamp is equal, this list directory has the first the highest catalogue relevance weight, this feelingsCondition may be owing to having beaten up-to-date service packs in client, and this latest patch bag and relevant information thereof are notBe collected on server.
In an other embodiment, if life period is stabbed two identical backup files, described correspondenceCandidate list catalogue is: the list that the timestamp of described infected file equates with the timestamp of described backup fileCatalogue and be judged to be the described backup file of official release according to the version number of described backup file. Why wantWith the version number of backup file, reason is that the beta version of backup file also may be collected in server,Beta version or formal version and just can judge described backup file by the version number of backup file, fromAnd the described backup file of only downloading formal version is to substitute infected file.
As shown in Figure 2, be the Ile repair method schematic flow sheet of the embodiment of the present invention two, the present embodiment isFor only in the backup file information bank of described server, inquire the browser of corresponding described backup fileThe situation of packet information list, particularly, this Ile repair method comprises:
Step 201, client are determined the infected file that is infected formation by malicious code, and obtain described infection literary compositionThe attribute information of part;
This step is similar to the step 101 in above-described embodiment one, does not repeat them here.
The attribute information that step 202, described client send described infected file is to the inquiry configuring in serverInterface, judges according to the attribute information of described infected file whether described infected file is relevant to operating systemExecutable file; If so, perform step 203; Otherwise, return to the result that inquiry is failed;
This step is similar to the step 102 in above-described embodiment one, does not repeat them here.
Step 203, backup file letter by the query interface that configures in described server in described serverIn breath storehouse, according to the attribute information of described infected file difference from the backup file information bank of described serverInquire about service packs information list and the list of browser data package informatin of corresponding described backup file;
This step is similar to the step 103 in above-described embodiment one, does not repeat them here.
If step 204 only inquires corresponding described backup literary composition in the backup file information bank of described serverThe browser data package informatin list of part, according to the timestamp of described infected file and described browser data bagThe timestamp of the corresponding described backup file of information list, generates each in the list of described browser data package informatinThe second catalogue relevance weight of bar list directory, determines described browser according to the second catalogue relevance weightThe correlation of the corresponding described backup file of packet information list and described infected file, so that in described serviceCorresponding described backup file is inquired about and obtain and downloaded to device, and the attribute information of described infected file comprisesThe timestamp of described infected file;
The determination methods of step 104 in similar above-described embodiment one, in the present embodiment, using timestamp as senseDye the judgment standard of file and described backup file correlation, such as, if the browser data bag inquiringIn information list, in full accord with the timestamp of described infected file, can give described browser data letterIn breath list, this list directory is composed with the first the highest catalogue relevance weight, and other and described infected fileTimestamp inconsistent, visual timestamp is successively composed with its first less catalogue relevance weight.
Step 205, select in the list of described browser data package informatin according to described the second catalogue relevance weightCorresponding candidate list catalogue generates download address, and client is downloaded from described server according to this download addressCorresponding described backup file corresponding to candidate list catalogue, corresponding described standby of corresponding candidate list cataloguePart file leaves in browser data bag.
As previously mentioned, in full accord with the timestamp of described infected file, can give described service packs informationIn list, this list directory is composed with the first the highest catalogue relevance weight, and this first the highest catalogue is relevantProperty weight as corresponding candidate list catalogue, generate corresponding download ground according to corresponding candidate list catalogueLocation.
In the present embodiment, in described service packs information list, if the identical backup file of timestamp only has oneIndividual, the candidate list catalogue of described correspondence is: in the list of described browser data package informatin, described in correspondenceThe list directory that the timestamp of backup file is identical with the timestamp of described infected file, this list directory hasThe first the highest catalogue relevance weight. If there is no the identical situation of timestamp, the time of described correspondenceSelecting list directory is the equal list order of timestamp that the timestamp of described infected file is less than described backup fileRecord, this list directory has the first the highest catalogue relevance weight, and this situation may be due in clientOn beaten up-to-date service packs, and this latest patch bag and relevant information thereof are not collected in service timelyOn device.
In an other embodiment, if life period is stabbed two identical backup files, described correspondenceCandidate list catalogue is: in the list of described browser data package informatin, and the timestamp of corresponding described backup fileThe list directory identical with the timestamp of described infected file, and judge according to the version number of described backup fileDescribed backup file corresponding to this candidate list catalogue is formal version. Use the version number of backup file, reasonThe beta version that is backup file also may be collected in server, and just can by the version number of fileJudging described backup file is beta version or formal version, thereby only downloads the described backup file of formal versionTo substitute infected file.
As shown in Figure 3, be the Ile repair method schematic flow sheet of the embodiment of the present invention three, the present embodiment isFor in the backup file information bank of described server, all inquire the browser of corresponding described backup fileThe situation of packet information list and service packs information list, Ile repair method comprises:
Step 301, client are determined the infected file that is infected formation by malicious code, and obtain described infection literary compositionThe attribute information of part;
This step is similar to the step 101 in above-described embodiment one, does not repeat them here.
The attribute information that step 302, described client send described infected file is to the inquiry configuring in serverInterface, judges according to the attribute information of described infected file whether described infected file is relevant to operating systemExecutable file; If so, perform step 303; Otherwise, return to the result that inquiry is failed;
This step is similar to the step 102 in above-described embodiment one, does not repeat them here.
In the present embodiment, in step 302, determine whether that the executable file relevant to operating system can toolBody is realized in this way: according to storing directory attribute information corresponding to described infected file and described senseThe signing messages dying in the basic operating system attribute information of running paper determines whether and operating system phaseThe executable file closing, the attribute information of described infected file comprises the corresponding order of depositing of described infected fileThe basic operating system attribute information of record attribute information and the operation of described infected file.
Step 303, backup file letter by the query interface that configures in described server in described serverIn breath storehouse, according to the attribute information of described infected file difference from the backup file information bank of described serverInquire about service packs information list and the list of browser data package informatin of corresponding described backup file;
This step is similar to the step 103 in above-described embodiment one, does not repeat them here.
If step 304 all inquires corresponding described backup literary composition in the backup file information bank of described serverThe service packs information list of part and the list of browser data package informatin, according to the timestamp of described infected fileWith the timestamp of the corresponding described backup file of described service packs information list, generate described service packs information listThe first catalogue relevance weight of each list directory first list of calculating described service packs information listRelevance weight;
Step 305, according to the timestamp of described infected file institute corresponding to the list of described browser data package informatinState the timestamp of backup file, generate of each article of list directory in the list of described browser data package informatinTwo catalogue relevance weight are also calculated the second list relevance weight of described browser data package informatin list;
Between step 304 and step 305, there is no absolute sequential relationship, these two steps can any oneFormerly carry out and another one in rear execution, or two simultaneously carry out.
Step 306, according to the first list relevance weight of described service packs information list and described browser numberAccording to the second list relevance weight of package informatin list, select candidate's download list as Query Result.
From step 304 and 305, in service packs information list and in the list of browser data package informatinInquire the attribute information that has backup file, i.e. backup file pair in backup file storehouse on server simultaneouslyIn the service packs of answering and browser data bag, have the backup file of replaceable infected file simultaneously. For thisThe situation of kind, in order to download the backup file mating the most with infected file from server, needs according to everyThe relevance weight of individual data the package list, i.e. the first list relevance weight of service packs information list and browsingThe second list relevance weight of device packet information list comprehensively judges, is standby from server to determineIn part library, select under backup file in backup file or the browser information bag in service packs carries outCarry.
For example, if the first list associated weight is greater than the second list associated weight, show service packs informationList and infected file correlation are larger, and browser data package informatin and infected file correlation are less. ThisTime, taking service packs information list as candidate's download list, this candidate's download list is as Query Result. Otherwise,, taking the list of browser data package informatin as candidate's download list, this candidate's download list is as Query Result.
Step 307, select in described candidate's download list corresponding candidate list catalogue to generate download address, rootDownload described backup literary composition corresponding to corresponding candidate list catalogue according to this download address client from described serverPart, corresponding described backup file corresponding to candidate list catalogue leaves backup service packs and backup browser inIn packet, described backup service packs and backup browser packet are stored in the backup file of described serverIn storehouse, described correlation comprises described the first catalogue relevance weight and described the second catalogue relevance weight.
In the present embodiment, for candidate's download list, it may comprise multiple list directories, and eachList directory can correspond to a backup file, and therefore, the candidate list catalogue of described correspondence is instituteState in candidate's download list, the timestamp of corresponding described backup file is identical with the timestamp of described infected fileList directory; Or, if life period is not stabbed identical backup file, the candidate list of described correspondenceCatalogue is: in described candidate's download list, the timestamp of corresponding described backup file is greater than described infected fileThe list directory of timestamp.
In an other embodiment, if life period is stabbed two identical backup files, described correspondenceCandidate list catalogue is: in described candidate's download list, and the timestamp of corresponding described backup file and described senseDye the identical list directory of timestamp of file, and judge this candidate's row according to the version number of described backup fileDescribed backup file corresponding to entry record is formal version. By version number to distinguish beta version or formalVersion, thus the described backup file of only downloading formal version is to substitute infected file.
As shown in Figure 4, for the Ile repair method of the embodiment of the present invention four is pressed flow chart. The present embodiment is pinTo in the backup file information bank of described server, all do not inquire the browser of corresponding described backup fileThe situation of packet information list and service packs information list, particularly, this Ile repair method comprises:
Step 401, client are determined the infected file that is infected formation by malicious code, and obtain described infection literary compositionThe attribute information of part;
This step is similar to the step 101 in above-described embodiment one, does not repeat them here.
The attribute information that step 402, described client send described infected file is to the inquiry configuring in serverInterface, judges according to the attribute information of described infected file whether described infected file is relevant to operating systemExecutable file; If so, perform step 403; Otherwise, return to the result that inquiry is failed;
This step is similar to the step 101 in above-described embodiment one, does not repeat them here.
In the present embodiment, in step 402, determine whether that system executable file can specifically pass through this sideFormula realizes: according to the operation of storing directory attribute information corresponding to described infected file and described infected fileSigning messages in basic operating system attribute information determines whether the carried out literary composition relevant to operating systemPart, the attribute information of described infected file comprise described infected file corresponding storing directory attribute information andThe basic operating system attribute information of described infected file operation.
Step 403, backup file letter by the query interface that configures in described server in described serverIn breath storehouse, according to the attribute information of described infected file difference from the backup file information bank of described serverInquire about service packs information list and the list of browser data package informatin of corresponding described backup file;
This step is similar to the step 103 in above-described embodiment one, does not repeat them here.
If step 404 does not all inquire corresponding described backup in the backup file information bank of described serverThe service packs information list of file and the list of browser data package informatin, obtain that to deposit described backup file formerThe raw data packets of beginning data, and by the timestamp of backup file described in described server early than described infectionThe raw data packets of the timestamp of file is as Query Result, and described raw data packets is stored in described serverBackup file storehouse in;
Step 405, according to the timestamp of backup file described in raw data packets in described server early than describedThe raw data packets of the timestamp of infected file generates download address, according to this download address client from describedServer is downloaded described backup file to replace described infected file.
In the present embodiment, for raw data packets, if stabbing identical backup file, life period only hasOne, the candidate list catalogue of described correspondence is: in described candidate's download list, and corresponding described backup literary compositionThe list directory that the timestamp of part equates with the timestamp of described infected file; Or, the candidate of described correspondenceList directory is: in described candidate's download list, the timestamp of described backup file is greater than described infected fileThe list directory of timestamp.
In an other embodiment, for raw data packets, if life period stab identical two standbyPart file, the candidate list catalogue of described correspondence is: in described candidate's download list, corresponding described backupThe list directory that the timestamp of file is identical with the timestamp of described infected file, and according to described backup fileVersion number judge that described backup file corresponding to this candidate list catalogue is as formal version.
As shown in Figure 5, specifically apply and show for the present invention only inquires one of backup file from service packs listIntention. The infected formation infected file of mshtml.dll file in client under system32 storing directory,In order to replace this infected file mshtml.dll, it is relevant that client is collected relevant this infected file mshtml.dllAttribute information, as the filename filename:mshtml.dll of infected file mshtml.dll, reflects this infection literary compositionThe basic operating system information of part mshtml.dll operation, as version number [osver=6.1.7600.256.1.0], infectsThe storing directory information [PATH=System32] of file mshtml.dll by these and this infected fileThe relevant attribute information of mshtml.dll sends in the backup file information bank of server and inquires about, as Fig. 3Shown in, be the Query Result generating according to the relevant attribute information of infected file mshtml.dll, this Query ResultForm with Query List presents, and has altogether 5 list directories, and these list directories are all to list under candidateEntry record, in Fig. 5, first row represents the windowsvista signing messages in basic operating system information, theTwo lists are shown there being backup file service packs information, corresponding one of each windowsvista signing messagesService packs information in list directory; Calculate the method for relevance weight according to timestamp, learn in Fig. 5 the 4thComplete with the timestamp of infected file mshtml.dll with timestamp 20100810 corresponding in 5 list directoriesUnanimously. Thus, known, learn two candidate's download list catalogues by service packs information list, still,Known by version number, the version number in the 4th article and 5 articles of list directories is " 8.0.7600.16625 "" 8.0.7600.20745 ", learns, the 4th article of backup file that list directory is corresponding is beta version, and the 5thThe backup file that bar list directory is corresponding is formal version. Therefore, stab with fileversion number and obtain by generalized timeKnow that the 5th article of list directory is corresponding candidate's download directory, the candidate candidate download directory corresponding according to this:
PATCH_CN/win7/20100810/Windows6.1-KB2183461-x86/x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20745_none_2e889224137c30 85。
According to above-mentioned candidate's download directory, generate download address, to download the backup literary composition of replaceable infected filePart mshtml.dll:
http://dsys.360.cn/PATCH_CN/win7/20100810/Windows6.1-KB2183461-x86/x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20745_none_2e889224137c3085/mshtml.dll.cab。
As shown in Figure 6, be the structural representation of embodiment of the present invention file repair system, this system comprises:Client 601 and server 602, described client 601 infects for determining by malicious code the infection formingFile, and obtain the attribute information of described infected file, and the attribute information that sends described infected file is to clothesQuery Result is inquired about and obtained to business device 602, and described Query Result comprises what described server 602 was collectedThe attribute information of at least one backup file, described backup file is corresponding with described infected file; Described clientEnd 601, according to the attribute information of described infected file, is chosen the backup file of coupling from described Query Result,And from described server 602, extract and download to substitute described infected file.
In this enforcement, described server 602 comprises:
Query interface 612, for receiving the attribute information of described infected file of transmission;
Backup file information bank 622, for preserving the information of backup file, to determine and described infected fileThe backup file of joining.
In the present embodiment, described server can also comprise:
Download interface 632, for generating and download according to the backup file of the coupling of choosing from described Query ResultChained address;
Download unit 642, right for downloading from the backup file storehouse of described server according to described chained addressThe backup file of answering is to replace described infected file.
Compared with existing scheme, the technique effect that the application obtains: according to the attribute information of infected fileFrom backup file storehouse, inquire about corresponding backup file, directly replace infected file, thereby avoided existing skillFile reparation in art need to be made fail-safe software, and cannot thoroughly repair the defect of infected file.
Those skilled in the art should understand, the application's embodiment can be provided as method, system or meterCalculation machine program product. Therefore, the application can adopt complete hardware implementation example, completely implement software example or knotClose the form of the embodiment of software and hardware aspect. And the application can adopt at one or more wherein bagsThe computer-usable storage medium that contains computer usable program code (include but not limited to magnetic disc store,CD-ROM, optical memory etc.) form of the upper computer program of implementing.
Above-mentioned explanation illustrates and has described some preferred embodiments of the application, but as previously mentioned, is to be understood thatThe application is not limited to disclosed form herein, should not regard the eliminating to other embodiment as, and canFor various other combinations, amendment and environment, and can be in invention contemplated scope described herein, by upperStating technology or the knowledge of instruction or association area changes. And the change that those skilled in the art carry out and variationDo not depart from the application's spirit and scope, all should be in the protection domain of the application's claims.
Claims (18)
1. an Ile repair method, is characterized in that,
Client is determined the infected file that is infected formation by malicious code, and obtains the attribute of described infected fileInformation;
The attribute information that described client sends described infected file enters in the backup file information bank of serverQuery Result is inquired about and obtained to row, in described backup file information bank, comprises service packs information list and browserPacket information list, described Query Result comprises the genus of at least one backup file of described server collectionProperty information, described backup file is corresponding with described infected file;
Described client, according to the timestamp in the attribute information of described infected file, is determined described Query ResultThe described backup file of middle correspondence and the correlation of described infected file, and from described server extract and underCarry the backup file of coupling to substitute described infected file;
Wherein, described client sends the attribute information of described infected file to the backup file information of serverIn storehouse, inquire about and obtain Query Result, further comprise:
According to the timestamp of described infected file and the corresponding described backup file of described service packs information list timeBetween stamp, generate list directory in described service packs information list the first catalogue relevance weight and calculate described inThe first list relevance weight of service packs information list;
According to the timestamp of described infected file described backup literary composition corresponding to the list of described browser data package informatinThe timestamp of part, generates the second catalogue correlation of list directory in the list of described browser data package informatin and weighsHeavy and calculate the second list relevance weight of described browser data package informatin list;
According to the first list relevance weight of described service packs information list and described browser data package informatinThe second list relevance weight of list, selects candidate's download list as Query Result.
2. method according to claim 1, is characterized in that, the attribute information bag of described infected fileDraw together: the basic operation of the corresponding storing directory attribute information of described infected file and the operation of described infected fileSystem property information, the file name information that described infected file is corresponding, the browser that described infected file is correspondingAttribute information, the service packs information that described infected file is corresponding, the timestamp of described infected file.
3. method according to claim 1 and 2, is characterized in that, described client sends described senseDye the attribute information of file and inquire about and obtain Query Result in the backup file information bank of server, enterOne step comprises:
The attribute information that sends described infected file is to the query interface configuring in server;
By the query interface configuring in described server, in the backup file information bank in described serverInquire about and obtain Query Result.
4. method according to claim 1, is characterized in that, described client sends described infection literary compositionQuery Result is inquired about and obtained to the attribute information of part in the backup file information bank of server, furtherComprise:
Judge according to the attribute information of described infected file whether described infected file is relevant to operating systemExecutable file, if so, in the backup file information bank in described server, inquire about obtain rightThe Query Result of answering; Otherwise, return to the result that inquiry is failed.
5. method according to claim 4, is characterized in that, according to the attribute letter of described infected fileBreath judges that whether described infected file is the executable file relevant to operating system, further comprises:
According to the basic behaviour of storing directory attribute information corresponding to described infected file and the operation of described infected fileThe signing messages of doing in system property information determines whether the executable file relevant to operating system, instituteThe attribute information of stating infected file comprises corresponding storing directory attribute information and the described sense of described infected fileDye the basic operating system attribute information of running paper.
6. according to the method described in any one in claim 4 or 5, it is characterized in that, if described infectionFile is the executable file relevant to operating system, and described client sends the attribute of described infected fileQuery Result is inquired about and obtained to information in the backup file information bank of server, further comprises:
According to the attribute information of described infected file, from the backup file information bank of described server, look into respectivelyAsk service packs information list and the list of browser data package informatin of corresponding described backup file;
Wherein, the service packs information list of described backup file and the list of browser data package informatin comprise: instituteState the file name information that backup file is corresponding, storing directory attribute information that described backup file is corresponding, described inBrowser attribute information that basic operating system attribute information, the described backup file of backup file operation are corresponding,The service packs information that described backup file is corresponding;
Wherein, the attribute information of described infected file comprises: file name information that described infected file is corresponding,The basic operating system of the storing directory attribute information that described infected file is corresponding, the operation of described infected file belongs toProperty information, the browser attribute information that described infected file is corresponding, service packs letter that described infected file is correspondingBreath.
7. method according to claim 1, is characterized in that, if at the backup literary composition of described serverIn part information bank, only inquire the service packs information list of corresponding described backup file, described client sendsInquiry knot is inquired about and obtained to the attribute information of described infected file in the backup file information bank of serverReally, further comprise:
According to the timestamp of described infected file and the corresponding described backup file of described service packs information list timeBetween stamp, generate the first catalogue relevance weight of list directory in described service packs information list, according to firstCatalogue relevance weight is determined the corresponding described backup file of described service packs information list and described infected fileCorrespondence, to inquire about and obtain and download corresponding described backup file at described server, described inThe attribute information of infected file comprises the timestamp of described infected file.
8. method according to claim 1, is characterized in that, described client is determined described inquiry knotThe correlation of corresponding described backup file and described infected file in fruit, and from described server, download couplingBackup file to substitute described infected file, further comprise:
Select candidate list corresponding in described service packs information list according to described the first catalogue relevance weightCatalogue generates download address, downloads corresponding candidate list according to this download address client from described serverThe described backup file that catalogue is corresponding, corresponding described backup file corresponding to candidate list catalogue leaves institute inState in the backup service packs of server.
9. method according to claim 1, is characterized in that, if at the backup literary composition of described serverIn part information bank, only inquire the browser data package informatin list of corresponding described backup file, described clientEnd sends the attribute information of described infected file and inquires about and obtain in the backup file information bank of serverQuery Result, further comprises:
According to the timestamp of described infected file described backup literary composition corresponding to the list of described browser data package informatinThe timestamp of part, generates the second catalogue correlation of list directory in the list of described browser data package informatin and weighsHeavy, determine the corresponding described backup literary composition of described browser data package informatin list according to the second catalogue relevance weightThe correlation of part and described infected file, to inquire about and obtain and download corresponding at described serverDescribed backup file.
10. method according to claim 9, is characterized in that, described client is determined described inquiryThe correlation of corresponding described backup file and described infected file in result, and extract also from described serverDownload the backup file of coupling to substitute described infected file, further comprise:
Select time corresponding in the list of described browser data package informatin according to described the second catalogue relevance weightSelect list directory to generate download address, download corresponding time according to this download address client from described serverSelect the described backup file that list directory is corresponding, corresponding described backup file corresponding to candidate list catalogue depositedBe placed in the backup browser packet of described server.
11. methods according to claim 1, is characterized in that, described client is determined described inquiryThe correlation of corresponding described backup file and described infected file in result, and download from described serverThe backup file of joining, to substitute described infected file, further comprises:
Select candidate list catalogue corresponding in described candidate's download list to generate download address, according to this downloadAddress client is downloaded described backup file corresponding to corresponding candidate list catalogue, correspondence from described serverDescribed backup file corresponding to candidate list catalogue leave in service packs and browser data bag, described standbyPart service packs and backup browser packet are stored in the backup file storehouse of described server.
Method 12. according to Claim 8, in 10,11 described in any one, is characterized in that, described rightThe candidate list catalogue of answering is: in described candidate's download list, the timestamp of corresponding described backup file equalsThe equal list directory of timestamp of described infected file; Or the candidate list catalogue of described correspondence is:In described candidate's download list, the timestamp of described backup file is greater than the row of the timestamp of described infected fileEntry record.
Method 13. according to Claim 8, in 10,11 described in any one, is characterized in that, described rightThe candidate list catalogue of answering is: in described candidate's download list, the timestamp of corresponding described backup file equalsThe list directory of the timestamp of described infected file, and judge described candidate list order according to the version number of fileDescribed backup file corresponding to record is formal version.
14. methods according to claim 1, is characterized in that, if in the backup of described serverIn fileinfo storehouse, all do not inquire service packs information list and the browser data bag of corresponding described backup fileInformation list, described client sends the attribute information of described infected file to the backup file letter of serverQuery Result is inquired about and obtained to breath in storehouse, further comprises:
Obtain the raw data packets of depositing described backup file initial data;
Original by the timestamp of backup file described in described server early than the timestamp of described infected filePacket is as Query Result, and described raw data packets is stored in the backup file storehouse of described server.
15. methods according to claim 14, is characterized in that, described client is determined described inquiryThe correlation of corresponding described backup file and described infected file in result, and download from described serverThe backup file of joining, to substitute described infected file, further comprises:
According to the timestamp of backup file described in raw data packets in described server early than described infected fileTimestamp raw data packets generate download address, according to this download address client from described serverCarry described backup file to replace described infected file.
16. 1 kinds of file repair systems, is characterized in that, comprising: client and server, described clientEnd infects for determining by malicious code the infected file forming, and obtains the attribute information of described infected file,And the attribute information that sends described infected file is inquired about and is obtained in the backup file information bank of serverQuery Result, comprises service packs information list and browser data package informatin row in described backup file information bankTable, described Query Result comprises the attribute information of at least one backup file of described server collection, described inBackup file is corresponding with described infected file; Described client is according in the attribute information of described infected fileTimestamp, determines the correlation of corresponding described backup file and described infected file in described Query Result, andThe backup file extracting from described server and download coupling is to substitute described infected file;
Wherein, described client sends the attribute information of described infected file to the backup file information of serverIn storehouse, inquire about and obtain Query Result, further comprise:
According to the timestamp of described infected file and the corresponding described backup file of described service packs information list timeBetween stamp, generate list directory in described service packs information list the first catalogue relevance weight and calculate described inThe first list relevance weight of service packs information list;
According to the timestamp of described infected file described backup literary composition corresponding to the list of described browser data package informatinThe timestamp of part, generates the second catalogue correlation of list directory in the list of described browser data package informatin and weighsHeavy and calculate the second list relevance weight of described browser data package informatin list;
According to the first list relevance weight of described service packs information list and described browser data package informatinThe second list relevance weight of list, selects candidate's download list as Query Result.
17. systems according to claim 16, is characterized in that, described server comprises:
Query interface, for receiving the attribute information of described infected file of transmission;
Backup file information bank, for preserving the information of backup file, to determine and described infected file selfThe backup file matching.
18. according to the system described in any one in claim 16 or 17, it is characterized in that described serviceDevice comprises:
Download interface, for raw according to the backup file matching with self of choosing from described Query ResultThe chained address that becomes to download;
Download unit, for downloading coupling according to described chained address from the backup file storehouse of described serverBackup file to replace described infected file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210375522.0A CN102902923B (en) | 2012-09-29 | 2012-09-29 | Ile repair method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210375522.0A CN102902923B (en) | 2012-09-29 | 2012-09-29 | Ile repair method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102902923A CN102902923A (en) | 2013-01-30 |
| CN102902923B true CN102902923B (en) | 2016-05-18 |
Family
ID=47575150
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210375522.0A Active CN102902923B (en) | 2012-09-29 | 2012-09-29 | Ile repair method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102902923B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104932965B (en) * | 2014-03-18 | 2019-05-28 | 北京奇虎科技有限公司 | Object method for real-time monitoring and device |
| CN109144967B (en) * | 2018-08-13 | 2021-01-12 | 爱智慧(广州)科技有限公司 | Maintenance system and method for improving distributed computing system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060230449A1 (en) * | 2005-03-29 | 2006-10-12 | International Business Machines Corporation | Source code repair method for malicious code detection |
| CN101246535A (en) * | 2008-03-25 | 2008-08-20 | 深圳市迅雷网络技术有限公司 | Method, system and device for renovating abnormal document |
| CN101950336A (en) * | 2010-08-18 | 2011-01-19 | 奇智软件(北京)有限公司 | Method and device for removing malicious programs |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8407788B2 (en) * | 2009-05-29 | 2013-03-26 | Oracle International Corporation | Methods and systems for implementing a self defending/repairing database |
-
2012
- 2012-09-29 CN CN201210375522.0A patent/CN102902923B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060230449A1 (en) * | 2005-03-29 | 2006-10-12 | International Business Machines Corporation | Source code repair method for malicious code detection |
| CN101246535A (en) * | 2008-03-25 | 2008-08-20 | 深圳市迅雷网络技术有限公司 | Method, system and device for renovating abnormal document |
| CN101950336A (en) * | 2010-08-18 | 2011-01-19 | 奇智软件(北京)有限公司 | Method and device for removing malicious programs |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102902923A (en) | 2013-01-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102810138B (en) | A kind of restorative procedure of user side file and system | |
| CN103294950B (en) | A kind of high-power secret information stealing malicious code detecting method based on backward tracing and system | |
| Williams et al. | Privatefs: A parallel oblivious file system | |
| CA2731954C (en) | Apparatus, methods, and computer program products providing dynamic provable data possession | |
| US7716530B2 (en) | Thread interception and analysis | |
| US8204915B2 (en) | Apparatus and method for generating a database that maps metadata to P2P content | |
| CN102592103B (en) | Secure file processing method, equipment and system | |
| CN102902922B (en) | Ile repair method and system | |
| US20090164522A1 (en) | Computer forensics, e-discovery and incident response methods and systems | |
| CN103559231B (en) | A kind of file system quota management method, apparatus and system | |
| Farina et al. | Bittorrent sync: First impressions and digital forensic implications | |
| Casey et al. | Malware forensics field guide for Linux systems: digital forensics field guides | |
| CN105224433A (en) | A kind of internal memory monitoring method and server | |
| CN103366117B (en) | A kind of viral restorative procedure of infection type and system | |
| CN110135194A (en) | A kind of management method of the industry internet digital object based on block chain | |
| CN102045220A (en) | Wooden horse monitoring and auditing method and system thereof | |
| US8205261B1 (en) | Incremental virus scan | |
| CN103019778A (en) | Startups cleaning method and device | |
| US20180307861A1 (en) | System and method for automatically establishing, tracking, and querying the trust level of files, patches, and updates | |
| CN102929946A (en) | Data synchronization method, device and system | |
| CN104866394A (en) | Distributed file backup method and system | |
| JP2008097484A (en) | Log management system and forensic investigation method | |
| CN103310154B (en) | The method, apparatus and system that information security processes | |
| CN102902923B (en) | Ile repair method and system | |
| CN108228793A (en) | Acquisition methods, device and the terminal applies of data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee after: Beijing Qizhi Business Consulting Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220330 Address after: 100016 1773, 15 / F, 17 / F, building 3, No.10, Jiuxianqiao Road, Chaoyang District, Beijing Patentee after: Sanliu0 Digital Security Technology Group Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Beijing Qizhi Business Consulting Co.,Ltd. |