CN104008338A - Android malicious program processing method, device and equipment - Google Patents
Android malicious program processing method, device and equipment Download PDFInfo
- Publication number
- CN104008338A CN104008338A CN201410193306.3A CN201410193306A CN104008338A CN 104008338 A CN104008338 A CN 104008338A CN 201410193306 A CN201410193306 A CN 201410193306A CN 104008338 A CN104008338 A CN 104008338A
- Authority
- CN
- China
- Prior art keywords
- rogue program
- boot
- program
- user
- activity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Exchange Systems With Centralized Control (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a method for processing an Android malicious program, which comprises the following steps: monitoring a first calling period T1 of the malicious program for ACTIVITY; setting a second call period T2, wherein T2 is less than T1; and starting the malicious program deletion bootstrap program to enable the malicious program deletion bootstrap program to call the ACTIVITY in a second calling period T2. The invention also discloses an Android malicious program processing device and intelligent terminal equipment. By implementing the technical scheme of the invention, the malicious application which is installed in the operating system of the user mobile equipment and can be controlled by the user desktop to prevent the user from uninstalling can be successfully uninstalled, so that the aim of the user of the lasso corruption can be fulfilled, and the system safety can be improved.
Description
Technical field
The present invention relates to mobile Internet field of information security technology, relate in particular to a kind of Android rogue program disposal route, device and equipment.
Background technology
Along with the development of Android system, application program in Android system is also more and more, under normal circumstances, and in the mobile terminal device based on Android system, the application program of all installations can manage in system arranges, comprising the stopping of application program, unloading etc.
Because the source of Android system application is more extensive, once user installs malicious application, can bring various harm.A typical example is the malicious application as Cryptolocker and so on, such malicious application can be controlled subscriber equipment desktop, and constantly require user's Litis aestimatio to unlock, user just can unlock after must completing and paying the bill and make equipment recover normal use, if user attempts to carry out other clicks or operation unloads this malicious application, this malicious application can automatically be cancelled user behavior and require once again user charges.Therefore, once user facility operation system infects this type of malicious application virus, user cannot remove this malicious application, and subscriber equipment will become complete down state, and unique solution can only be sent Yuan Chang back to and be reset.And replacement behavior will destroy the data of user's storage completely, bring irretrievable loss to user.
Summary of the invention
The embodiment of the present invention provides a kind of Android malicious application disposal route, can successfully unload in user's mobile device operation system, install this type of by controlling user desktop, stoping user to unload, reach the malicious application of extorting blackmail customer objective.
The embodiment of the present invention provides a kind of Android malware detection methods, comprising:
Monitor described rogue program and call cycle T 1 for first of ACTIVITY;
Arrange second and call cycle T 2, wherein T2 is less than T1;
Start rogue program and delete boot, make rogue program deletion boot call cycle T 2 with second and call ACTIVITY.
Accordingly, the embodiment of the present invention also provides a kind of Android rogue program device, comprising:
Monitoring module, calls cycle T 1 for monitoring described rogue program for first of ACTIVITY;
Module is set, calls cycle T 2 for arranging second, wherein T2 is less than T1;
Start module, delete boot for starting rogue program, make rogue program deletion boot call cycle T 2 with second and call ACTIVITY.
Implement the embodiment of the present invention, there is following beneficial effect:
For occupying user's desktop, stoping the rogue program that unloads of user periodically to call the characteristic of ACTIVITY, the present invention is arranged on and is less than startup rogue program deletion boot in its cycle, call the ACTIVITY of Uninstaller, help user successfully to unload this type of malicious application, ensure that subscriber equipment normally uses.
Brief description of the drawings
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is the schematic flow sheet of a kind of Android malicious application disposal route of providing of the embodiment of the present invention;
Fig. 2 is another schematic flow sheet of a kind of Android malicious application disposal route of providing of the embodiment of the present invention;
Fig. 3 is the structural representation of a kind of Android rogue program treating apparatus of providing of the embodiment of the present invention;
Fig. 4 is another structural representation of a kind of Android rogue program treating apparatus of providing of the embodiment of the present invention;
Fig. 5 is another structural representation of a kind of Android rogue program treating apparatus of providing of the embodiment of the present invention;
Fig. 6 is another structural representation of a kind of Android rogue program treating apparatus of providing of the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only a part of embodiment of the present invention, instead of whole embodiment.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
Activity is in Android assembly, to be substantially the most also one of four large assemblies (Activity, Service service, Content Provider content provider, BroadcastReceiver radio receiver) of the most common use.
In Activity, all operations is all closely related with user, be one and be responsible for and the assembly of user interactions, in an android application, an Activity is exactly an independent screen conventionally, above it, can show some controls, also can monitor and process user's event and make response.
In android, Activity has four kinds of basic status:
After a new Activity startup is stacked, it is presented at screen foremost, processing is the top (Activity stack top) in stack, now it in visible and can with the state of activation of user interactions, be called active state or running status (active OR running).
When Activity loses focus, be placed on stack top by a new non-full frame Activity or a transparent Activity, state is now called halted state (Paused).Now it still keeps being connected with window manager, and Activity still maintains vigour (keep all states, information about firms, keeps being connected with window manager), but will be stopped by force when Installed System Memory is extremely low.So it is still visible, therefore but lost focus and can not carry out alternately with user.
If an Activity is override completely by other Activity, be called halted state (Stopped).It still keeps all states and information about firms, but it is no longer visible, so its window is hidden, when Installed System Memory need to be used in other local time, the Activity of Stopped will be stopped by force.
If an Activity is Paused or Stopped state, system can be deleted this Activity from internal memory, and Android system is adopted in two ways and deleted, or requires this Activity to finish, or directly stops its process.In the time that this Activity is shown to user again, the state that it must restart and reset above.
Android manages Activity by a kind of mode of Activity stack, its position in stack of the Determines of the example of an Activity.Activity in foreground is always on the top of stack, and in the time that the Activity on foreground is destroyed because of abnormal or other reason, the Activity in the stack second layer will be activated, and float to stack top.When new Activity starts when stacked, former Activity can be pressed into the second layer of stack.Activity change in location in stack has reflected its conversion between different conditions.
Cryptolocker and similar malicious application have utilized this specific character of Activity, by not stopping to call new Activity, generate new screen, in the time that user clicks other operations, this application can be called the Activity of other application of new Activity covering user click, such application has just occupied user's desktop like this, user cannot remove this malicious application, and subscriber equipment will become complete down state.
For above-mentioned similar malicious application, the present invention proposes a kind of Android malicious application disposal route, refer to Fig. 1, Fig. 1 is the schematic flow sheet of a kind of Android malicious application disposal route of providing of the embodiment of the present invention, in embodiments of the present invention, the method comprises:
S100, monitor described rogue program and call cycle T 1 for first of ACTIVITY;
Described malicious application is mainly the characteristic of having utilized ACTIVITY stack, periodically calls ACTIVITY, to occupy user's desktop, therefore can monitor described malicious application, and that obtains its ACTIVITY calls cycle T 1;
S101, arrange second and call cycle T 2, wherein T2 is less than T1;
S103, startup rogue program are deleted boot, make rogue program deletion boot call cycle T 2 with second and call ACTIVITY.
What setting was less than T1 calls cycle T 2, and object is to try to be the first and before described rogue program, calls the ACTIVITY example of Uninstaller, is user's this malicious application of unloading that creates conditions.
Further, described rogue program is deleted boot reception user's rogue program delete instruction, deletes described rogue program.
Concrete, described rogue program deletion boot completes the deletion of described rogue program by calling the delete program of Android system.
While starting rogue program deletion boot, this boot can be called the ACTIVITY example of Uninstaller, now the ACTIVITY example of this Uninstaller is placed in ACTIVITY stack top, user is visible, therefore user can click Uninstaller and unload this rogue program, if user fails to click in time Uninstaller within the described T1 cycle, this rogue program can call in next cycle the ACTIVITY example of self, now due to rogue program delete boot call that cycle T 2 is less than rogue program call cycle T 1, rogue program deletion boot starts again, with the second ACTIVITY example that calls cycle T 2 and call Uninstaller.Therefore, can ensure rogue program delete boot can before described rogue program, call delete program all the time, help user unload this malicious application.
Fig. 2 is another schematic flow sheet of a kind of Android malicious application disposal route of providing of the embodiment of the present invention.In embodiments of the present invention, the method comprises:
S200, monitor described rogue program and call cycle T 1 for first of ACTIVITY;
Described malicious application is mainly the characteristic of having utilized ACTIVITY stack, periodically calls ACTIVITY, to occupy user's desktop, therefore can monitor described malicious application, and that obtains its ACTIVITY calls cycle T 1;
S201, arrange second and call cycle T 2, wherein T2 is less than T1;
Whether S202, check system are installed described rogue program and are deleted boot; If it is carry out S203, otherwise carry out S204;
If S203 system has been installed described rogue program and deleted boot, start voluntarily described rogue program and delete boot;
Further, if fail-safe software has been installed in user facility operation system, can described rogue program be deleted to boot by server end and be pushed in subscriber equipment.
Delete boot if S204 system is not installed described rogue program, point out rogue program deletion boot described in user installation by informing;
Concrete, can delete boot at rogue program described in informing prompting user installation by third party application.
Optionally, user can also install described rogue program by webpage and delete boot.
S205, after described rogue program is deleted boot installation, start button is set in informing, user is completed described rogue program and is deleted the startup of boot by described start button.
Concrete, start rogue program and delete boot, make rogue program deletion boot call cycle T 2 with second and call ACTIVITY.
Start rogue program and delete after boot, can ensure that rogue program deletes boot and can before described rogue program, call delete program all the time, help user to unload this malicious application.
Optionally, in other embodiments of the invention, said method can also comprise, after deleting application program success, uploads the result of described rogue program to server.And
Upload the facility information of described rogue program place equipment to server.
By above-mentioned subsequent treatment mode, the propagation condition to rogue program and the device systems information that infects are added up easily.
Fig. 3 is the structural representation of a kind of Android rogue program treating apparatus of providing of the embodiment of the present invention, and in embodiments of the present invention, this device comprises:
Monitoring module 100, calls cycle T 1 for monitoring described rogue program for first of ACTIVITY;
Described malicious application is mainly the characteristic of having utilized ACTIVITY stack, periodically calls ACTIVITY, to occupy user's desktop, therefore can monitor described malicious application, and that obtains its ACTIVITY calls cycle T 1;
Module 101 is set, calls cycle T 2 for arranging second, wherein T2 is less than T1;
Start module 102, delete boot for starting rogue program, make rogue program deletion boot call cycle T 2 with second and call ACTIVITY.
Setting is less than calling the cycle of T1, and object is to try to be the first and before described rogue program, calls the ACTIVITY example of delete program, unloads this malicious application for user creates conditions.
Further, described rogue program is deleted boot reception user's rogue program delete instruction, deletes described rogue program.
Concrete, described rogue program deletion boot completes the deletion of described rogue program by calling the delete program of Android system.
While starting rogue program deletion boot, this boot can be called the ACTIVITY example of Uninstaller, now the ACTIVITY embodiment of this Uninstaller is placed in ACTIVITY stack top, user is visible, therefore user can click Uninstaller and unload this rogue program, if user fails to click in time Uninstaller within the described T1 cycle, this rogue program can call in next cycle the ACTIVITY example of self, now due to rogue program delete boot call that cycle T 2 is less than rogue program call cycle T 1, rogue program deletion boot starts again, with the second ACTIVITY example that calls cycle T 2 and call Uninstaller.Therefore, can ensure rogue program delete boot can before described rogue program, call delete program all the time, help user unload this malicious application.
Fig. 4 is another structural representation of a kind of Android rogue program treating apparatus of providing of the embodiment of the present invention, and in embodiments of the present invention, this device comprises:
Monitoring module 200, calls cycle T 1 for monitoring described rogue program for first of ACTIVITY;
Described malicious application is mainly the characteristic of having utilized ACTIVITY stack, periodically calls ACTIVITY, to occupy user's desktop, therefore can monitor described malicious application, and that obtains its ACTIVITY calls cycle T 1;
Module 201 is set, calls cycle T 2 for arranging second, wherein T2 is less than T1;
Whether checking module 202, install described rogue program for check system and delete boot;
First starts module 203, deletes boot if system has been installed described rogue program, starts voluntarily described rogue program and deletes boot;
Further, if fail-safe software has been installed in user facility operation system, can described rogue program be deleted to boot by server end and be pushed in subscriber equipment.
Reminding module 204, while deleting boot, point out rogue program deletion boot described in user installation by informing for described rogue program is not installed when system;
Concrete, can delete boot at rogue program described in informing prompting user installation by third party application.
Optionally, user can also install described rogue program by webpage and delete boot.
First arranges module 205, for after described rogue program is deleted boot installation, start button is set in informing, and user completes the startup of described rogue program deletion boot by described start button.
Concrete, start rogue program and delete boot, make rogue program deletion boot call cycle T 2 with second and call ACTIVITY.
Start rogue program and delete after boot, can ensure that rogue program deletes boot and can before described rogue program, call delete program all the time, help user to unload this malicious application.
Further, described rogue program is deleted boot reception user's rogue program delete instruction, deletes described rogue program;
Concrete, described rogue program deletion boot completes the deletion of described rogue program by calling the delete program of Android system.
Fig. 5 is another structural representation of a kind of Android rogue program treating apparatus of providing of the embodiment of the present invention, and in embodiments of the present invention, this device comprises:
Monitoring module 300, calls cycle T 1 for monitoring described rogue program for first of ACTIVITY;
Described malicious application is mainly the characteristic of having utilized ACTIVITY stack, periodically calls ACTIVITY, to occupy user's desktop, therefore can monitor described malicious application, and that obtains its ACTIVITY calls cycle T 1;
Module 301 is set, calls cycle T 2 for arranging second, wherein T2 is less than T1;
Start module 302, delete boot for starting rogue program, make rogue program deletion boot call cycle T 2 with second and call ACTIVITY.
Setting is less than calling the cycle of T1, and object is to try to be the first and before described rogue program, calls the ACTIVITY example of delete program, unloads this malicious application for user creates conditions.
Further, described rogue program is deleted boot reception user's rogue program delete instruction, deletes described rogue program.
Concrete, described rogue program deletion boot completes the deletion of described rogue program by calling the delete program of Android system;
Transmission module 303 on first, after deleting application program success, uploads the result of described rogue program to server; Therefore server end can be added up the propagation condition of rogue program easily.
Fig. 6 is another structural representation of a kind of Android rogue program treating apparatus of providing of the embodiment of the present invention, and in embodiments of the present invention, this device comprises:
Monitoring module 400, calls cycle T 1 for monitoring described rogue program for first of ACTIVITY;
Described malicious application is mainly the characteristic of having utilized ACTIVITY stack, periodically calls ACTIVITY, to occupy user's desktop, therefore can monitor described malicious application, and that obtains its ACTIVITY calls cycle T 1;
Module 401 is set, calls cycle T 2 for arranging second, wherein T2 is less than T1;
Start module 402, delete boot for starting rogue program, make rogue program deletion boot call cycle T 2 with second and call ACTIVITY.
Setting is less than calling the cycle of T1, and object is to try to be the first and before described rogue program, calls the ACTIVITY example of delete program, unloads this malicious application for user creates conditions.
Further, described rogue program is deleted boot reception user's rogue program delete instruction, deletes described rogue program.
Concrete, described rogue program deletion boot completes the deletion of described rogue program by calling the delete program of Android system;
Transmission module 403 on second, for uploading the facility information of described rogue program place equipment to server; Because the device systems information that server end can infect rogue program is easily added up.
By enforcement technical solution of the present invention, can successfully unload passing through of installing in user's mobile device operation system and control user's desktop, stop user to unload, reach the malicious application of extorting blackmail customer objective, improve security of system.
It should be noted that, each embodiment in this instructions describes and other embodiment differences emphatically, between each embodiment identical similar part mutually referring to.Especially for device embodiment, because it is substantially similar in appearance to embodiment of the method, so describe fairly simplely, relevant part is referring to the part explanation of embodiment of the method.
One of ordinary skill in the art will appreciate that all or part of flow process realizing in above-described embodiment method, can carry out the hardware that instruction is relevant by computer program to complete, described program can be stored in a computer read/write memory medium, this program, in the time carrying out, can comprise as the flow process of the embodiment of above-mentioned each side method.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-Only Memory, ROM) or random store-memory body (Random Access Memory, RAM) etc.
Above disclosed is only a kind of preferred embodiment of the present invention, certainly can not limit with this interest field of the present invention, one of ordinary skill in the art will appreciate that all or part of flow process that realizes above-described embodiment, and the equivalent variations of doing according to the claims in the present invention, still belong to the scope that invention is contained.
Claims (21)
1. an Android rogue program disposal route, is characterized in that, comprising:
Monitor described rogue program and call cycle T 1 for first of ACTIVITY;
Arrange second and call cycle T 2, wherein T2 is less than T1;
Start rogue program and delete boot, make rogue program deletion boot call cycle T 2 with second and call ACTIVITY.
2. the method for claim 1, is characterized in that, before described startup rogue program is deleted boot, also comprises:
Whether check system is installed described rogue program and is deleted boot.
3. method as claimed in claim 2, is characterized in that,
If system has been installed described rogue program and deleted boot, start voluntarily described rogue program and delete boot.
4. method as claimed in claim 3, is characterized in that,
Delete boot if system is not installed described rogue program, point out rogue program deletion boot described in user installation by informing.
5. method as claimed in claim 4, is characterized in that,
After described rogue program is deleted boot installation, start button is set in informing, user completes the startup of described rogue program deletion boot by described start button.
6. the method as described in claim 1 or 3 or 5, is characterized in that, described rogue program is deleted boot reception user's rogue program delete instruction, deletes described rogue program.
7. method as claimed in claim 6, is characterized in that, described rogue program deletion boot completes the deletion of described rogue program by calling the delete program of Android system.
8. method as claimed in claim 4, is characterized in that,
User installs described rogue program by webpage and deletes boot.
9. the method for claim 1, is characterized in that, after deleting application program success, uploads the result of described rogue program to server.
10. the method for claim 1, is characterized in that, uploads the facility information of described rogue program place equipment to server.
11. 1 kinds of Android rogue program treating apparatus, is characterized in that, comprising:
Monitoring module, calls cycle T 1 for monitoring described rogue program for first of ACTIVITY;
Module is set, calls cycle T 2 for arranging second, wherein T2 is less than T1;
Start module, delete boot for starting rogue program, make rogue program deletion boot call cycle T 2 with second and call ACTIVITY.
12. devices as claimed in claim 11, is characterized in that, also comprise:
Whether checking module, install described rogue program for check system and delete boot.
13. devices as claimed in claim 12, is characterized in that, also comprise:
First starts module, deletes boot if system has been installed described rogue program, starts voluntarily described rogue program and deletes boot.
14. devices as claimed in claim 13, is characterized in that, also comprise:
Reminding module, while deleting boot, point out rogue program deletion boot described in user installation by informing for described rogue program is not installed when system.
15. devices as claimed in claim 14, is characterized in that, also comprise:
First arranges module, for after described rogue program is deleted boot installation, start button is set in informing, and user completes the startup of described rogue program deletion boot by described start button.
16. devices as described in claim 11 or 13 or 15, is characterized in that, described rogue program is deleted boot and receive user's rogue program delete instruction, deletes described rogue program.
17. devices as claimed in claim 16, is characterized in that, described rogue program deletion boot completes the deletion of described rogue program by calling the delete program of Android system.
18. devices as claimed in claim 14, is characterized in that,
User installs described rogue program by webpage and deletes boot.
19. devices as claimed in claim 11, is characterized in that, also comprise:
Transmission module on first, after deleting application program success, uploads the result of described rogue program to server.
20. devices as claimed in claim 11, is characterized in that, also comprise:
Transmission module on second, for uploading the facility information of described rogue program place equipment to server.
21. 1 kinds of intelligent terminals, comprise the device described in claim 11-20.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410193306.3A CN104008338B (en) | 2014-05-08 | 2014-05-08 | Android malicious program processing method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410193306.3A CN104008338B (en) | 2014-05-08 | 2014-05-08 | Android malicious program processing method, device and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104008338A true CN104008338A (en) | 2014-08-27 |
| CN104008338B CN104008338B (en) | 2017-06-27 |
Family
ID=51368988
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410193306.3A Active CN104008338B (en) | 2014-05-08 | 2014-05-08 | Android malicious program processing method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104008338B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104375938A (en) * | 2014-11-20 | 2015-02-25 | 工业和信息化部电信研究院 | Dynamic behavior monitoring method and system for Android application program |
| CN108197462A (en) * | 2016-12-08 | 2018-06-22 | 武汉安天信息技术有限责任公司 | It is extorted under a kind of Android system using detecting system and method |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1282083C (en) * | 2001-09-14 | 2006-10-25 | 北京瑞星科技股份有限公司 | Computer memory virus monitoring method and method for operation with virus |
| CN101414329B (en) * | 2007-10-15 | 2016-03-30 | 北京瑞星信息技术有限公司 | Delete just in the method for operating virus |
| CN102419803B (en) * | 2011-11-01 | 2014-12-03 | 华为数字技术(成都)有限公司 | Method, system and device for searching and killing computer virus |
| CN102722680B (en) * | 2012-06-07 | 2014-11-05 | 腾讯科技(深圳)有限公司 | Method and system for removing rogue programs |
| CN103577753B (en) * | 2012-08-01 | 2017-07-25 | 联想(北京)有限公司 | The method and electronic equipment of a kind of prompting camouflage applications hidden danger |
-
2014
- 2014-05-08 CN CN201410193306.3A patent/CN104008338B/en active Active
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104375938A (en) * | 2014-11-20 | 2015-02-25 | 工业和信息化部电信研究院 | Dynamic behavior monitoring method and system for Android application program |
| CN108197462A (en) * | 2016-12-08 | 2018-06-22 | 武汉安天信息技术有限责任公司 | It is extorted under a kind of Android system using detecting system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104008338B (en) | 2017-06-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9164748B2 (en) | Information backup method and apparatus | |
| US9953161B2 (en) | Method, device and system for processing notification bar message | |
| US9280664B2 (en) | Apparatus and method for blocking activity of malware | |
| CN107870968B (en) | Performing real-time updates to a file system volume | |
| US8555271B2 (en) | Method, software and apparatus for application upgrade during execution | |
| US9197656B2 (en) | Computer program, method, and system for preventing execution of viruses and malware | |
| CN105335654A (en) | Android malicious program detection and processing method, device and equipment | |
| US11334338B2 (en) | Operating system update management | |
| US8701195B2 (en) | Method for antivirus in a mobile device by using a mobile storage and a system thereof | |
| WO2016019893A1 (en) | Application installation method and apparatus | |
| CN104794014A (en) | System operation method and intelligent terminal | |
| CN106406944A (en) | Control method and system for forbidding self-starting of application | |
| CN103677650A (en) | Drive letter drifting preventing and treating method and device | |
| CN103617380A (en) | Application program authority dynamic control method and system | |
| CN110647333A (en) | Firmware upgrading method and equipment configured to upgrade firmware therein | |
| CN104156298A (en) | Application monitoring method and device | |
| WO2006124239A2 (en) | Disk protection using enhanced write filter | |
| CN104036188A (en) | Android malicious program detection method, device and equipment | |
| US9330254B1 (en) | Systems and methods for preventing the installation of unapproved applications | |
| CN106095621A (en) | The restoration methods of Launcher operation exception and system in a kind of Android system | |
| CN101667236B (en) | Method and device for controlling driver installation | |
| US9465643B1 (en) | Systems and methods for monitoring a primary operating system (OS) and/or migrating data using an OS hypervisor | |
| JP2007164652A (en) | Method for managing secondary storage device in user terminal and user terminal | |
| CN103984585A (en) | Method for upgrading Linux kernel in running process of kernel module capable of being plugged in thermal mode | |
| CN104008338A (en) | Android malicious program processing method, device and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |