CN102945350B - A kind of method of remote virus-killing - Google Patents
A kind of method of remote virus-killing Download PDFInfo
- Publication number
- CN102945350B CN102945350B CN201210409451.1A CN201210409451A CN102945350B CN 102945350 B CN102945350 B CN 102945350B CN 201210409451 A CN201210409451 A CN 201210409451A CN 102945350 B CN102945350 B CN 102945350B
- Authority
- CN
- China
- Prior art keywords
- virus
- killing
- user
- judge
- remote
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention proposes a kind of remote virus-killing method, described method processes virus after discovery virus, and exports virus behavior information and result to cache database, sets up virus killing record; After above virus treated has operated, according to the virus killing record of the virus of process, again call scanning engine and scanning virus killing (backtracking virus killing) is carried out to this virus; After execution backtracking virus killing, judge virus killing result, if judge that virus is thoroughly removed, then report user has been killed virus, and end operation; If judge that virus cannot thoroughly be removed, then trigger remote assistance module, fail-safe software slip-stick artist is manually killed virus to subscriber computer by network utilisation remote assistance module.Compare traditional, the simple disinfection mechanism relying on software, the present invention directly utilizes the professional knowledge of specialty safety slip-stick artist manually to kill virus to subscriber computer, greatly increases the virus killing protective capacities of antivirus software to subscriber computer.
Description
Technical field
The present invention relates to technical field of network security, relate generally to a kind of method of remote virus-killing.
Background technology
In computer virus checking and killing field, technician often runs into that user is various to seek help, and namely feedback computing machine is poisoning uses antivirus software to kill to wait computer problem.Although conventional antivirus software can help user to solve all kinds of virus problems, because virus and antivirus software are processes resisted each other, even if after the poisoning rear use antivirus software of Zong You certain customers, still there is the problem thoroughly cannot removing virus.
Summary of the invention
Use in antivirus software virus killing process to solve user, the problem of obstinate virus cannot be removed, antivirus engine of the present invention initiatively judges whether virus occurs repeatedly, and cannot be eliminated clean, automatic spring remote assistance function in this case, is obtaining allowing the computing machine of safety engineer's Telnet clients for the virus killing of user's remote manual after user permits.Briefly, the invention provides a kind of judging to utilize when thoroughly cannot remove virus by automatic antivirus software remote assistance to help user to carry out the scheme of manually virus killing.
The present invention includes virus killing module and remote assistance module, and following steps:
1) module of killing virus is called its antivirus engine and is carried out virus scan to subscriber computer;
2) find to process virus after virus, and export virus behavior information and virus treated result to cache database, set up virus killing record;
3) in step 2) virus treated operated after, according to the behavioural information of virus and the virus killing record of preservation of process, again call antivirus engine and scanning virus killing (backtracking kill virus) carried out to this virus;
4) after the backtracking virus killing performing step 3), judge virus killing result, if judge that virus is thoroughly removed, then report user has been killed virus, and end operation; If judge that virus cannot thoroughly be removed, then continue to perform next step;
5) trigger remote assistance module, eject prompting frame prompting user remote virus-killing, after obtaining user's license, the fail-safe software slip-stick artist being in server end or other position, by the long-range computer system logining user of network utilisation remote assistance module, manually kills virus to subscriber computer.
6) the rear fail-safe software slip-stick artist that killed virus exits Telnet, and remote assistance module prompts user is long-range to exit.
One as above technical scheme is improved, and the behavioural information of virus comprises the virus document of release and the registry information of position and amendment thereof.
The antivirus software that the present invention installs on the user computer in automatic mode cannot complete deletion virus when, the Telnet of specialty safety software engineer is allowed by remote assistance module, introduce more professional, that specific aim is stronger manual virus killing, the complete deletion to virus can be guaranteed.Compare traditional, the simple disinfection mechanism relying on software, the professional knowledge of specialty safety slip-stick artist is directly applied in the virus killing operation of subscriber computer by the present invention, greatly enhance the virus killing ability of antivirus software, improve the security of subscriber computer environment.
Accompanying drawing explanation
Below in conjunction with drawings and Examples, the present invention is further described, wherein:
Fig. 1 is process flow diagram of the present invention.
Embodiment
In a preferred embodiment of the invention, method proposed by the invention can be embodied as the virus killing system of the described method of an execution, described virus killing system comprises the client and server end of communication mutually, wherein client comprises virus killing module and remote assistance module, and described virus killing module and remote assistance module are embodied as installation antivirus software on the user computer at this.
Find virus in the real-time guard module of virus killing module, or the virus scan in plan target detects virus, or when user manually starts killing virus, virus killing module starts carries out checking and killing virus operation to subscriber computer.In the process, virus killing module is for finding the position of virus and corresponding behavior, and the virus killing result of each virus makes caching record; After virus killing completes, again recall virus killing according to the virus found recorded in buffer memory position of haunting; When virus document cannot be deleted, call remote assistance module, guide user to carry out remote virus killing.
Wherein, virus has its exclusive behavioural information, namely after infection computer, all can leave obvious vestige at computer, mainly comprise: the virus document of release, registry information of amendment etc.
As shown in Figure 1, the concrete steps of method proposed by the invention are as follows:
1, module of killing virus calls all or part of storer of the computing machine of its antivirus engine scanning user;
2, after finding virus, virus is processed, and export virus behavior information and virus treated result to cache database, namely preserving virus killing record in the buffer, namely described record comprises: the file of virus release, the result (success or failure) of position and virus treated;
3, because of in virus killing process, because virus is in existing state, possibly cannot thoroughly know virus, residual virus can re-infection computer again, so after above-mentioned virus killing has operated, can according to the behavioural information of this virus and the virus killing record of preservation, again call scanning engine and carry out scanning virus killing, this time virus killing operation is referred to herein as backtracking virus killing.
4, after execution backtracking virus killing, if thoroughly can remove virus, then report user has been killed virus, if still thoroughly virus cannot be removed, then and trigger remote assistance module.
5, after trigger remote assistance module, eject prompting frame prompting user remote virus-killing, after obtaining user's permission, the fail-safe software slip-stick artist being in server end or other position, by the long-range computer system logining user of network utilisation remote assistance module, manually kills virus to subscriber computer after obtaining enough authorities of user machine system.
6, the rear fail-safe software slip-stick artist that killed virus exits Telnet, and remote assistance module prompts user is long-range to exit.
The antivirus software that the present invention installs on the user computer in automatic mode cannot complete deletion virus when, the Telnet of specialty safety slip-stick artist is allowed by remote assistance module, introduce more professional, that specific aim is stronger manual virus killing, the complete deletion to virus can be guaranteed.Compare traditional, the simple disinfection mechanism relying on software, the professional knowledge of specialty safety slip-stick artist is directly applied in the virus killing of subscriber computer by the present invention, greatly increases the security of subscriber computer environment.
Certainly, the present invention is except above-mentioned embodiment, and other equivalent technical solutions also should within its protection domain.
Claims (1)
1. a method for client remote virus killing, described client comprises virus killing module and remote assistance module, it is characterized in that, comprises the following steps:
1) module of killing virus is called its antivirus engine and is carried out virus scan to subscriber computer;
2) find to process virus after virus, and export virus behavior information and virus treated result to cache database to preserve virus killing record, wherein viral behavioural information comprises the virus document of release and the registry information of position and amendment thereof;
3) in step 2) virus treated operated after, according to process the behavioural information of virus and the virus killing record of preservation, again call antivirus engine to the virus that cannot thoroughly remove carry out backtracking kill virus;
4) performing step 3) backtracking virus killing after, judge virus killing result, if judge that virus is thoroughly removed, then report user has been killed virus, and end operation; If judge that virus cannot thoroughly be removed, then continue to perform next step;
5) trigger remote assistance module, eject prompting frame prompting user remote virus-killing, after obtaining user's permission, the fail-safe software slip-stick artist of far-end, by the long-range computer system logining user of network utilisation remote assistance module, manually kills virus to subscriber computer;
6) the rear fail-safe software slip-stick artist that killed virus exits Telnet, and remote assistance module prompts user is long-range to exit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210409451.1A CN102945350B (en) | 2012-10-24 | 2012-10-24 | A kind of method of remote virus-killing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210409451.1A CN102945350B (en) | 2012-10-24 | 2012-10-24 | A kind of method of remote virus-killing |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102945350A CN102945350A (en) | 2013-02-27 |
| CN102945350B true CN102945350B (en) | 2016-01-20 |
Family
ID=47728291
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210409451.1A Active CN102945350B (en) | 2012-10-24 | 2012-10-24 | A kind of method of remote virus-killing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102945350B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103310155B (en) * | 2013-06-17 | 2015-11-04 | 腾讯科技(深圳)有限公司 | A kind of method and apparatus searching viral parent |
| CN104298920A (en) * | 2014-10-14 | 2015-01-21 | 百度在线网络技术(北京)有限公司 | Virus file processing method, system and device |
| CN105528543A (en) * | 2015-12-23 | 2016-04-27 | 北京奇虎科技有限公司 | Remote antivirus method, client, console and system |
| CN108875377A (en) * | 2018-05-28 | 2018-11-23 | 安徽鼎龙网络传媒有限公司 | A kind of continuous Virus Test System of synthesis of business activity management platform |
| CN108804923A (en) * | 2018-06-07 | 2018-11-13 | 安徽鼎龙网络传媒有限公司 | A kind of compartmentalization net report association system of cloud property back-stage management |
| CN108830081A (en) * | 2018-06-14 | 2018-11-16 | 安徽鼎龙网络传媒有限公司 | A kind of virtual lock emergency feedback system on micro- scene backstage |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101795267A (en) * | 2009-12-30 | 2010-08-04 | 成都市华为赛门铁克科技有限公司 | Method and device for detecting viruses and gateway equipment |
| CN102024113A (en) * | 2010-12-22 | 2011-04-20 | 北京安天电子设备有限公司 | Method and system for quickly detecting malicious code |
| CN102081714A (en) * | 2011-01-25 | 2011-06-01 | 潘燕辉 | Cloud antivirus method based on server feedback |
| CN102279917A (en) * | 2011-09-19 | 2011-12-14 | 奇智软件(北京)有限公司 | Multi-antivirus engine parallel antivirus method and system |
| CN102663284A (en) * | 2012-03-21 | 2012-09-12 | 南京邮电大学 | Malicious code identification method based on cloud computing |
-
2012
- 2012-10-24 CN CN201210409451.1A patent/CN102945350B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101795267A (en) * | 2009-12-30 | 2010-08-04 | 成都市华为赛门铁克科技有限公司 | Method and device for detecting viruses and gateway equipment |
| CN102024113A (en) * | 2010-12-22 | 2011-04-20 | 北京安天电子设备有限公司 | Method and system for quickly detecting malicious code |
| CN102081714A (en) * | 2011-01-25 | 2011-06-01 | 潘燕辉 | Cloud antivirus method based on server feedback |
| CN102279917A (en) * | 2011-09-19 | 2011-12-14 | 奇智软件(北京)有限公司 | Multi-antivirus engine parallel antivirus method and system |
| CN102663284A (en) * | 2012-03-21 | 2012-09-12 | 南京邮电大学 | Malicious code identification method based on cloud computing |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102945350A (en) | 2013-02-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102945350B (en) | A kind of method of remote virus-killing | |
| JP2021500645A5 (en) | ||
| CN102194072B (en) | Method, device and system used for handling computer virus | |
| CN102867146B (en) | Method and system for preventing computer virus from repeatedly infecting system | |
| RU2004135454A (en) | SECURITY-related SOFTWARE INTERFACE | |
| CN101930515B (en) | System and method for safely decompressing compressed file | |
| WO2006074294A3 (en) | Methods and apparatus providing security to computer systems and networks | |
| CN105844155B (en) | Macro-virus searching and killing method and system | |
| CN105635046A (en) | Database command line filtering and audit blocking method and device | |
| CN105704120B (en) | A method of the secure access network based on self study form | |
| CN109787964B (en) | Process behavior tracing device and method | |
| CN111368293B (en) | Process management method, device, system and computer readable storage medium | |
| CN102523593A (en) | Method for prevent self program from being uninstalled | |
| CN103929732B (en) | A kind of method and M2M gateways of management terminal peripheral hardware | |
| CN103593616A (en) | System and method for preventing and controlling USB flash disk viruses in enterprise information network | |
| CN114157501B (en) | Parameter analysis method and device based on TianRui database | |
| CN108287779A (en) | A kind of Windows startup items monitoring method and system | |
| CN101252487B (en) | Method for processing safety warning and safety policy equipment | |
| CN106682493B (en) | A kind of method, apparatus for preventing process from maliciously being terminated and electronic equipment | |
| CN105893376A (en) | Database access supervision method | |
| CN114462038B (en) | Security protection method, device, equipment and computer readable storage medium | |
| CN109428881B (en) | Network security protection method, network element equipment, system and computer storage medium | |
| CN107231365B (en) | Evidence obtaining method, server and firewall | |
| CN106856477B (en) | Threat processing method and device based on local area network | |
| CN103778369B (en) | Prevent virus document from subscriber equipment is carried out the device and method of illegal operation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20191204 Address after: 519030 Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province Patentee after: Zhuhai Seal Interest Technology Co., Ltd. Address before: 519000, No. 10, main building, No. 6, science Road, Harbour Road, Tang Wan Town, Guangdong, Zhuhai, 601F Patentee before: Zhuhai Juntian Electronic Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right |