CN102945350A - Remote antivirus method - Google Patents
Remote antivirus method Download PDFInfo
- Publication number
- CN102945350A CN102945350A CN2012104094511A CN201210409451A CN102945350A CN 102945350 A CN102945350 A CN 102945350A CN 2012104094511 A CN2012104094511 A CN 2012104094511A CN 201210409451 A CN201210409451 A CN 201210409451A CN 102945350 A CN102945350 A CN 102945350A
- Authority
- CN
- China
- Prior art keywords
- virus
- killing
- antivirus
- remote
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a remote antivirus method, which comprises the following steps: processing virus after finding out the virus, and outputting virus behavior information and processed results to a cache database to establish an antivirus record; after finishing said virus processing operation, calling a scanning engine to perform scanning antivirus (backtracking antivirus) on the virus again; after performing the backtracking antivirus, judging antivirus results; reporting to a user that the antivirus is completed and finishing the operation if the virus is thoroughly cleaned; and triggering a remote help module so that a security software engineer performs manual antivirus in a personal computer by the remote help module if the virus is unable to be thoroughly cleaned. Compared with a traditional antivirus mechanism simply relying on software, the method provided by the invention is characterized by directly using professional knowledge of the professional security engineer to manually kill the virus in the personal computer and greatly enhancing the capability of the antivirus software to kill the virus and protect the personal computer.
Description
Technical field
The present invention relates to the network security technology field, relate generally to a kind of method of remote virus-killing.
Background technology
In the computer virus checking and killing field, the technician often runs into that the user is various to seek help, and the feedback computing machine has been poisoned and namely used the computer problems such as antivirus software does not fall extremely.Although antivirus software commonly used can help the user to solve all kinds of virus problems, because virus and antivirus software are processes of resisting each other, always even after using antivirus software after having certain customers to poison, still exist and thoroughly to remove viral problem.
Summary of the invention
Use in the antivirus software virus killing process in order to solve the user, can't remove the problem of obstinate virus, antivirus engine of the present invention judges initiatively whether virus occurs repeatedly, and can't be eliminated clean, automatic spring remote assistance function in this case allows safety engineer's Telnet user's computing machine to kill virus for user's remote manual after obtaining the user and permitting.Simply, the invention provides a kind of scheme of when judgement can't thoroughly be removed virus by automatic antivirus software, utilizing remote assistance to help the user manually to kill virus.
The present invention includes virus killing module and remote assistance module, and following steps:
1) the virus killing module is called its antivirus engine subscriber computer is carried out virus scan;
2) find after the virus virus to be processed, and output virus behavior information and virus treated result set up the virus killing record to cache database;
3) in step 2) virus treated operation finish after, according to the behavioural information of the virus of processing and the virus killing record of preservation, again call antivirus engine this virus scanned virus killing (recalling virus killing);
4) in execution in step 3) recall virus killing after, the result judges to virus killing, if judge that virus is thoroughly removed, reports then that the user kills virus to finish, and end operation; If judge that virus can't thoroughly be removed, then continue to carry out next step;
5) trigger the remote assistance module, eject the remote virus-killing of prompting frame prompting user, after obtaining user's license, be in the fail-safe software slip-stick artist of server end or other position by the long-range user's of logining of network utilisation remote assistance module computer system, subscriber computer is manually killed virus.
6) the fail-safe software slip-stick artist withdrawed from Telnet, long-range the withdrawing from of remote assistance module prompting user after virus killing was finished.
As a kind of improvement of above technical scheme, the behavioural information of virus comprises the virus document of release and the registry information of position and modification thereof.
The present invention can't thoroughly delete in the situation of virus under the automatic mode at the antivirus software that subscriber computer is installed, allow professional fail-safe software slip-stick artist's Telnet by the remote assistance module, introduce manual virus killing more professional, that specific aim is stronger, can guarantee the thorough deletion to virus.Compare traditional, rely on the disinfection mechanism of software merely, the present invention directly is applied in professional safety engineer's professional knowledge in the virus killing operation of subscriber computer, strengthen widely the virus killing ability of antivirus software, improved the security of subscriber computer environment.
Description of drawings
The present invention is further described below in conjunction with drawings and Examples, wherein:
Fig. 1 is process flow diagram of the present invention.
Embodiment
In a preferred embodiment of the invention, method proposed by the invention can be embodied as the virus killing system of the described method of an execution, described virus killing system comprises the client and server end of mutual communication, wherein client comprises virus killing module and remote assistance module, and described virus killing module and remote assistance module are embodied as the antivirus software that is installed on the subscriber computer at this.
Real-time guard module in the virus killing module is found virus, and perhaps the virus scan in plan target detects virus, and when perhaps the user manually began killing virus, the virus killing module starts carried out the checking and killing virus operation to subscriber computer.In this process, the virus killing module is for position and the corresponding behavior of finding virus, and the virus killing result of each virus is made caching record; After virus killing is finished, again recall virus killing according to the virus of having found that records in the buffer memory position of haunting; In the time can't deleting virus document, call the remote assistance module, the guiding user carries out long-range checking and killing virus.
Wherein, virus has its exclusive behavioural information, namely after infecting computer, all can stay obvious vestige at computer, mainly comprises: the virus document of release, registry information of modification etc.
As shown in Figure 1, the concrete steps of method proposed by the invention are as follows:
1, the virus killing module is called all or partial memory of its antivirus engine scanning user's computing machine;
2, find after the virus virus to be processed, and output virus behavior information and virus treated result are to cache database, namely preserving the virus killing record in buffer memory, namely described record comprises: the result of file, position and virus treated that virus discharges (success or failure);
3, because of in the virus killing process, because virus is in existing state, possibly can't thoroughly know virus, residual virus is the re-infection computer again, so after above-mentioned virus killing operation is finished, can again call scanning engine and scan virus killing according to the virus killing record of this viral behavioural information and preservation, this time virus killing operation is referred to herein as recalls virus killing.
4, after virus killing is recalled in execution, if can thoroughly remove virus, report then that the user kills virus to finish, if still can't thoroughly remove virus, then trigger the remote assistance module.
5, after the triggering remote assistance module, eject the remote virus-killing of prompting frame prompting user, after obtaining user's permission, be in the fail-safe software slip-stick artist of server end or other position by the long-range user's of logining of network utilisation remote assistance module computer system, subscriber computer manually killed virus after obtaining enough authorities of user machine system.
6, the fail-safe software slip-stick artist withdrawed from Telnet, long-range the withdrawing from of remote assistance module prompting user after virus killing was finished.
The present invention can't thoroughly delete in the situation of virus under the automatic mode at the antivirus software that subscriber computer is installed, allow professional safety engineer's Telnet by the remote assistance module, introduce manual virus killing more professional, that specific aim is stronger, can guarantee the thorough deletion to virus.Compare traditional, rely on the disinfection mechanism of software merely, the present invention directly is applied in professional safety engineer's professional knowledge in the virus killing of subscriber computer, has improved widely the security of subscriber computer environment.
Certainly, the present invention is except above-mentioned embodiment, and other equivalent technical solutions also should be within its protection domain.
Claims (2)
1. the method for a remote virus-killing is characterized in that: comprise virus killing module and remote assistance module, and following steps:
1) the virus killing module is called its antivirus engine subscriber computer is carried out virus scan;
2) find after the virus virus to be processed, and output virus behavior information and virus treated result to cache database to preserve the virus killing record;
3) in step 2) virus treated operation finish after, according to the behavioural information of the virus of processing and the virus killing record of preservation, again call antivirus engine this virus scanned virus killing (recalling virus killing);
4) in execution in step 3) recall virus killing after, the result judges to virus killing, if judge that virus is thoroughly removed, reports then that the user kills virus to finish, and end operation; If judge that virus can't thoroughly be removed, then continue to carry out next step;
5) trigger the remote assistance module, eject the remote virus-killing of prompting frame prompting user, after the acquisition user allowed, the fail-safe software slip-stick artist of far-end manually killed virus to subscriber computer by the long-range computer system of logining the user of network utilisation remote assistance module;
6) the fail-safe software slip-stick artist withdrawed from Telnet, long-range the withdrawing from of remote assistance module prompting user after virus killing was finished.
2. the method for remote virus-killing according to claim 1 is characterized in that: the behavioural information of virus comprises the virus document of release and the registry information of position and modification thereof.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210409451.1A CN102945350B (en) | 2012-10-24 | 2012-10-24 | A kind of method of remote virus-killing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210409451.1A CN102945350B (en) | 2012-10-24 | 2012-10-24 | A kind of method of remote virus-killing |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102945350A true CN102945350A (en) | 2013-02-27 |
| CN102945350B CN102945350B (en) | 2016-01-20 |
Family
ID=47728291
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210409451.1A Active CN102945350B (en) | 2012-10-24 | 2012-10-24 | A kind of method of remote virus-killing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102945350B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103310155A (en) * | 2013-06-17 | 2013-09-18 | 腾讯科技(深圳)有限公司 | Method and device for searching virus parent |
| CN104298920A (en) * | 2014-10-14 | 2015-01-21 | 百度在线网络技术(北京)有限公司 | Virus file processing method, system and device |
| CN105528543A (en) * | 2015-12-23 | 2016-04-27 | 北京奇虎科技有限公司 | Remote antivirus method, client, console and system |
| CN108804923A (en) * | 2018-06-07 | 2018-11-13 | 安徽鼎龙网络传媒有限公司 | A kind of compartmentalization net report association system of cloud property back-stage management |
| CN108830081A (en) * | 2018-06-14 | 2018-11-16 | 安徽鼎龙网络传媒有限公司 | A kind of virtual lock emergency feedback system on micro- scene backstage |
| CN108875377A (en) * | 2018-05-28 | 2018-11-23 | 安徽鼎龙网络传媒有限公司 | A kind of continuous Virus Test System of synthesis of business activity management platform |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101795267A (en) * | 2009-12-30 | 2010-08-04 | 成都市华为赛门铁克科技有限公司 | Method and device for detecting viruses and gateway equipment |
| CN102024113A (en) * | 2010-12-22 | 2011-04-20 | 北京安天电子设备有限公司 | Method and system for quickly detecting malicious code |
| CN102081714A (en) * | 2011-01-25 | 2011-06-01 | 潘燕辉 | Cloud antivirus method based on server feedback |
| CN102279917A (en) * | 2011-09-19 | 2011-12-14 | 奇智软件(北京)有限公司 | Multi-antivirus engine parallel antivirus method and system |
| CN102663284A (en) * | 2012-03-21 | 2012-09-12 | 南京邮电大学 | Malicious code identification method based on cloud computing |
-
2012
- 2012-10-24 CN CN201210409451.1A patent/CN102945350B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101795267A (en) * | 2009-12-30 | 2010-08-04 | 成都市华为赛门铁克科技有限公司 | Method and device for detecting viruses and gateway equipment |
| CN102024113A (en) * | 2010-12-22 | 2011-04-20 | 北京安天电子设备有限公司 | Method and system for quickly detecting malicious code |
| CN102081714A (en) * | 2011-01-25 | 2011-06-01 | 潘燕辉 | Cloud antivirus method based on server feedback |
| CN102279917A (en) * | 2011-09-19 | 2011-12-14 | 奇智软件(北京)有限公司 | Multi-antivirus engine parallel antivirus method and system |
| CN102663284A (en) * | 2012-03-21 | 2012-09-12 | 南京邮电大学 | Malicious code identification method based on cloud computing |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103310155A (en) * | 2013-06-17 | 2013-09-18 | 腾讯科技(深圳)有限公司 | Method and device for searching virus parent |
| CN103310155B (en) * | 2013-06-17 | 2015-11-04 | 腾讯科技(深圳)有限公司 | A kind of method and apparatus searching viral parent |
| CN104298920A (en) * | 2014-10-14 | 2015-01-21 | 百度在线网络技术(北京)有限公司 | Virus file processing method, system and device |
| CN105528543A (en) * | 2015-12-23 | 2016-04-27 | 北京奇虎科技有限公司 | Remote antivirus method, client, console and system |
| CN108875377A (en) * | 2018-05-28 | 2018-11-23 | 安徽鼎龙网络传媒有限公司 | A kind of continuous Virus Test System of synthesis of business activity management platform |
| CN108804923A (en) * | 2018-06-07 | 2018-11-13 | 安徽鼎龙网络传媒有限公司 | A kind of compartmentalization net report association system of cloud property back-stage management |
| CN108830081A (en) * | 2018-06-14 | 2018-11-16 | 安徽鼎龙网络传媒有限公司 | A kind of virtual lock emergency feedback system on micro- scene backstage |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102945350B (en) | 2016-01-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102945350A (en) | Remote antivirus method | |
| CN101231682B (en) | Computer information safe method | |
| CN102082836B (en) | DNS (Domain Name Server) safety monitoring system and method | |
| CN102194072B (en) | Method, device and system used for handling computer virus | |
| CN101022343B (en) | Network invading detecting/resisting system and method | |
| CN111181926B (en) | Security device based on mimicry defense idea and operation method thereof | |
| CN113098846A (en) | Industrial control flow monitoring method, equipment, storage medium and device | |
| CN103795735B (en) | Safety means, server and server info safety implementation method | |
| CN106650436A (en) | Safety detecting method and device based on local area network | |
| CN101930515B (en) | System and method for safely decompressing compressed file | |
| CN105704120B (en) | A method of the secure access network based on self study form | |
| CN105635046A (en) | Database command line filtering and audit blocking method and device | |
| CN109787964B (en) | Process behavior tracing device and method | |
| CN111368293B (en) | Process management method, device, system and computer readable storage medium | |
| CN114448693A (en) | Safety control method, device, electronic equipment and medium combining RPA and AI | |
| CN102867146A (en) | Method and system for preventing computer virus from frequently infecting systems | |
| CN110717183A (en) | Virus checking and killing method, device, equipment and storage medium | |
| CN102346827A (en) | Method and device for handling computer viruses | |
| CN114826880A (en) | Method and system for online monitoring of data safe operation | |
| CN107888576B (en) | Anti-collision library safety risk control method using big data and equipment fingerprints | |
| CN113709132A (en) | Security detection method and system for reducing cloud computing requirements | |
| CN105893376A (en) | Database access supervision method | |
| CN107231365B (en) | Evidence obtaining method, server and firewall | |
| CN111125649A (en) | Protection method and device for brute force cracking of remote desktop login | |
| CN101286986B (en) | Active defense method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20191204 Address after: 519030 Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province Patentee after: Zhuhai Seal Interest Technology Co., Ltd. Address before: 519000, No. 10, main building, No. 6, science Road, Harbour Road, Tang Wan Town, Guangdong, Zhuhai, 601F Patentee before: Zhuhai Juntian Electronic Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right |