CN104008338B - Android malicious program processing method, device and equipment - Google Patents

Android malicious program processing method, device and equipment Download PDF

Info

Publication number
CN104008338B
CN104008338B CN201410193306.3A CN201410193306A CN104008338B CN 104008338 B CN104008338 B CN 104008338B CN 201410193306 A CN201410193306 A CN 201410193306A CN 104008338 B CN104008338 B CN 104008338B
Authority
CN
China
Prior art keywords
rogue program
bootstrap
program
deletes
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410193306.3A
Other languages
Chinese (zh)
Other versions
CN104008338A (en
Inventor
陈章群
沈江波
张楠
赵闵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Kingsoft Internet Security Software Co Ltd
Original Assignee
Beijing Kingsoft Internet Security Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Kingsoft Internet Security Software Co Ltd filed Critical Beijing Kingsoft Internet Security Software Co Ltd
Priority to CN201410193306.3A priority Critical patent/CN104008338B/en
Publication of CN104008338A publication Critical patent/CN104008338A/en
Application granted granted Critical
Publication of CN104008338B publication Critical patent/CN104008338B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Exchange Systems With Centralized Control (AREA)

Abstract

The embodiment of the invention discloses a method for processing an Android malicious program, which comprises the following steps: monitoring a first calling period T1 of the malicious program for ACTIVITY; setting a second call period T2, wherein T2 is less than T1; and starting the malicious program deletion bootstrap program to enable the malicious program deletion bootstrap program to call the ACTIVITY in a second calling period T2. The invention also discloses an Android malicious program processing device and intelligent terminal equipment. By implementing the technical scheme of the invention, the malicious application which is installed in the operating system of the user mobile equipment and can be controlled by the user desktop to prevent the user from uninstalling can be successfully uninstalled, so that the aim of the user of the lasso corruption can be fulfilled, and the system safety can be improved.

Description

A kind of Android rogue programs processing method, device and equipment
Technical field
The present invention relates to mobile Internet field of information security technology, more particularly to a kind for the treatment of of Android rogue programs Method, device and equipment.
Background technology
With the development of android system, the application program in android system is also more and more, it is generally the case that In mobile terminal device based on android system, the application program of all installations can be managed in system setting, Stopping, unloading including application program etc..
Because the source of android system application program is than wide, user once installs malicious application, can bring various Harm.One typical example is the malicious application such as Cryptolocker etc, and such malicious application can control to use Family equipment desktop, and user's Litis aestimatio is constantly required to unlock, user must complete just be unlocked after payment Equipment is set to recover normally to use, if user attempts to carry out other clicks or operation to unload the malicious application, this is maliciously Cancel user behavior automatically using meeting and require user charges once again.Therefore, once the such evil of user facility operation system infections Meaning application virus, user will be unable to remove the malicious application, and user equipment will become complete down state, unique to solve Method can only send genuine back to and be reset.And resetting behavior will completely destroy the data of user's storage, being brought to user can not be more The loss of benefit.
The content of the invention
The embodiment of the present invention provides a kind of Android malicious applications processing method, can successfully unload user's mobile device That is installed in operating system is such by controlling user's desktop, preventing user from being unloaded, and reaches and extorts blackmail customer objective Malicious application.
The embodiment of the present invention provides a kind of Android malware detection methods, including:
Monitor first of the rogue program for ACTIVITY and call cycle T 1;
Set second and call cycle T 2, wherein T2 is less than T1;
Start rogue program and delete bootstrap, rogue program is deleted bootstrap and call cycle T 2 to call with second ACTIVITY。
Accordingly, the embodiment of the present invention also provides a kind of Android rogue programs device, including:
Monitoring module, cycle T 1 is called for monitoring first of the rogue program for ACTIVITY;
Setup module, cycle T 2 is called for setting second, and wherein T2 is less than T1;
Starting module, bootstrap is deleted for starting rogue program, rogue program is deleted bootstrap and is adjusted with second ACTIVITY is called with cycle T 2.
Implement the embodiment of the present invention, have the advantages that:
For the characteristic of the periodically invoked ACTIVITY of rogue program for occupying user's desktop, preventing user from being unloaded, The present invention is arranged on less than rogue program deletion bootstrap is started in its cycle, calls the ACTIVITY of Uninstaller, is helped User successfully unloads such malicious application, it is ensured that user equipment is normally used.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing The accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are only this Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is a kind of schematic flow sheet of Android malicious applications processing method provided in an embodiment of the present invention;
Fig. 2 is a kind of another schematic flow sheet of Android malicious applications processing method provided in an embodiment of the present invention;
Fig. 3 is a kind of structural representation of Android rogue programs processing unit provided in an embodiment of the present invention;
Fig. 4 is a kind of another structural representation of Android rogue programs processing unit provided in an embodiment of the present invention;
Fig. 5 is a kind of another structural representation of Android rogue programs processing unit provided in an embodiment of the present invention;
Fig. 6 is a kind of another structural representation of Android rogue programs processing unit provided in an embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made Embodiment, belongs to the scope of protection of the invention.
Activity be in Android components it is most basic be also the big component of most commonly seen four (Activity, One of Service is serviced, Content Provider content providers, BroadcastReceiver radio receivers).
All operations are all closely related with user in Activity, are a components being responsible for user mutual, at one In android applications, an Activity is exactly generally a single screen, and it can show some controls above, also may be used To monitor and process the event of user and respond.
In android, Activity possesses four kinds of basic status:
After one new Activity starts stacking, it is displayed in screen foremost, and treatment is the top in stack (Activity stack tops), now it be in it is visible and can with the state of activation of user mutual, be called active state or operation shape State (active OR running).
When Activity loses focus, by the Activity quilts that new non-full frame Activity or one is transparent Stack top is placed on, state now is called halted state (Paused).Now it still keeps being connected with window manager, Activity still maintains vigour (keep all of state, information about firms, and window manager to keep connection), but in system Internal memory will be fallen when extreme low by force termination.So it is still visible, but had been out focus thus can not be with user Interact.
If an Activity is completely covered by other Activity, it is called halted state (Stopped).It according to So keep stateful and information about firms, but it is no longer visible, so its window is hidden, when Installed System Memory needs by with When elsewhere, the Activity of Stopped will be fallen by force termination.
If an Activity is Paused or Stopped states, system can be by the Activity from internal memory Delete, android system is deleted using two ways, otherwise require that the Activity terminates, otherwise directly terminate its Process.When the Activity is shown to user again, it must start over and reset state above.
Android is to manage Activity, an example of Activity by way of a kind of Activity stacks Its position in stack of Determines.Activity in foreground always on the top of stack, when foreground Activity because During for exception or destroyed other reasons, the Activity in the stack second layer will be activated, and float to stack top.When new When Activity starts stacking, former Activity can be pressed into the second layer of stack.The position of one Activity in stack becomes Change reflects its conversion between different conditions.
Cryptolocker and similar malicious application are this characteristic that make use of Activity, by not stopping to call newly Activity, generate new screen, when user clicks on other operations, the application can call new Activity to cover user The Activity of the other application of click, so such application just occupy user's desktop, and user will be unable to remove the malice and answer With user equipment will become complete down state.
For above-mentioned similar malicious application, the present invention proposes a kind of Android malicious applications processing method, refers to figure 1, Fig. 1 is a kind of schematic flow sheet of Android malicious applications processing method provided in an embodiment of the present invention, is implemented in the present invention In example, the method includes:
S100, monitoring first of rogue program for ACTIVITY call cycle T 1;
The malicious application has mainly used the characteristic of ACTIVITY stacks, periodically calls ACTIVITY, with User's desktop is occupied, therefore the malicious application can be monitored, obtain its ACTIVITY calls cycle T 1;
S101, setting second call cycle T 2, and wherein T2 is less than T1;
S102, startup rogue program delete bootstrap, rogue program is deleted bootstrap and call cycle T 2 with second Call ACTIVITY.
Set and call cycle T 2 less than T1, it is therefore intended that to try to be the first and called Uninstaller before the rogue program ACTIVITY examples, be user create conditions unloading the malicious application.
Further, the rogue program deletes the rogue program deletion instruction that bootstrap receives user, deletes described Rogue program.
Specifically, the rogue program deletes bootstrap by calling the deletion program of android system to complete State the deletion of rogue program.
When starting rogue program deletion bootstrap, the bootstrap can call the ACTIVITY examples of Uninstaller, this When the Uninstaller ACTIVITY examples be placed in ACTIVITY stack tops, user is visible, therefore user can click on Uninstaller The rogue program is unloaded, if user fails to click on Uninstaller in time within the T1 cycles, the rogue program can be under One cycle called the ACTIVITY examples of itself, now because the cycle T 2 of calling that rogue program deletes bootstrap is less than malice Program calls cycle T 1, then rogue program is deleted bootstrap and is again started up, and with second calls cycle T 2 to call Uninstaller ACTIVITY examples.Accordingly, it is capable to ensure that rogue program is deleted bootstrap and can be called before the rogue program all the time Deletion program, helps user to unload the malicious application.
Fig. 2 is a kind of another schematic flow sheet of Android malicious applications processing method provided in an embodiment of the present invention. In the embodiment of the present invention, the method includes:
S200, monitoring first of rogue program for ACTIVITY call cycle T 1;
The malicious application has mainly used the characteristic of ACTIVITY stacks, periodically calls ACTIVITY, with User's desktop is occupied, therefore the malicious application can be monitored, obtain its ACTIVITY calls cycle T 1;
S201, setting second call cycle T 2, and wherein T2 is less than T1;
Whether S202, inspection system install the rogue program and delete bootstrap;If it is S203 is performed, is otherwise held Row S204;
If S203, system have installed the rogue program and deleted bootstrap, voluntarily start the rogue program and delete Except bootstrap;
Further, if being mounted with fail-safe software in user facility operation system, can be by server end Rogue program deletion bootstrap is pushed in user equipment.
If S204, system are fitted without the rogue program and delete bootstrap, user installation is pointed out by informing The rogue program deletes bootstrap;
Specifically, by third party application rogue program described in user installation can be pointed out to delete guiding in informing Program.
Optionally, user can also install the rogue program and delete bootstrap by webpage.
S205, the rogue program delete bootstrap installation after, start button is set in informing, use Family completes the startup that the rogue program deletes bootstrap by the start button.
Specifically, starting rogue program deletes bootstrap, rogue program is deleted bootstrap and call the cycle with second T2 calls ACTIVITY.
Start after rogue program deletion bootstrap, can guarantee that rogue program deletion bootstrap all the time can be described Deletion program is called before rogue program, helps user to unload the malicious application.
Optionally, in other embodiments of the present invention, the above method can also include, delete application program success Afterwards, the result of the rogue program is uploaded to server.And
The facility information of equipment where the rogue program is uploaded to server.
By above-mentioned subsequent treatment mode, in that context it may be convenient to propagation condition to rogue program and the equipment system for being infected System information is counted.
Fig. 3 is a kind of structural representation of Android rogue programs processing unit provided in an embodiment of the present invention, in this hair In bright embodiment, the device includes:
Monitoring module 100, cycle T 1 is called for monitoring first of the rogue program for ACTIVITY;
The malicious application has mainly used the characteristic of ACTIVITY stacks, periodically calls ACTIVITY, with User's desktop is occupied, therefore the malicious application can be monitored, obtain its ACTIVITY calls cycle T 1;
Setup module 101, cycle T 2 is called for setting second, and wherein T2 is less than T1;
Starting module 102, bootstrap is deleted for starting rogue program, rogue program is deleted bootstrap with second Cycle T 2 is called to call ACTIVITY.
Set and call the cycle less than T1, it is therefore intended that try to be the first and deletion program was called before the rogue program ACTIVITY examples, be user create conditions unloading the malicious application.
Further, the rogue program deletes the rogue program deletion instruction that bootstrap receives user, deletes described Rogue program.
Specifically, the rogue program deletes bootstrap by calling the deletion program of android system to complete State the deletion of rogue program.
When starting rogue program deletion bootstrap, the bootstrap can call the ACTIVITY examples of Uninstaller, this When the Uninstaller ACTIVITY embodiments be placed in ACTIVITY stack tops, user is visible, therefore user can click on unloading journey Sequence unloads the rogue program, if user fails to click on Uninstaller in time within the T1 cycles, the rogue program can be Next cycle calls the ACTIVITY examples of itself, now because the cycle T 2 of calling that rogue program deletes bootstrap is less than evil Meaning program calls cycle T 1, then rogue program is deleted bootstrap and is again started up, and with second calls cycle T 2 to call unloading journey The ACTIVITY examples of sequence.Accordingly, it is capable to ensure that rogue program is deleted bootstrap and can be adjusted before the rogue program all the time With the program of deletion, user is helped to unload the malicious application.
Fig. 4 is a kind of another structural representation of Android rogue programs processing unit provided in an embodiment of the present invention, In the embodiment of the present invention, the device includes:
Monitoring module 200, cycle T 1 is called for monitoring first of the rogue program for ACTIVITY;
The malicious application has mainly used the characteristic of ACTIVITY stacks, periodically calls ACTIVITY, with User's desktop is occupied, therefore the malicious application can be monitored, obtain its ACTIVITY calls cycle T 1;
Setup module 201, cycle T 2 is called for setting second, and wherein T2 is less than T1;
Module 202 is checked, bootstrap is deleted for whether inspection system to install the rogue program;
First starting module 203, if system has installed the rogue program and deleted bootstrap, voluntarily starts described Rogue program deletes bootstrap;
Further, if being mounted with fail-safe software in user facility operation system, can be by server end Rogue program deletion bootstrap is pushed in user equipment.
Reminding module 204, for when system is fitted without the rogue program deletion bootstrap, being carried by informing Show that rogue program described in user installation deletes bootstrap;
Specifically, by third party application rogue program described in user installation can be pointed out to delete guiding in informing Program.
Optionally, user can also install the rogue program and delete bootstrap by webpage.
First setup module 205, after deleting bootstrap installation in the rogue program, in informing Start button is set, and user completes the startup that the rogue program deletes bootstrap by the start button.
Specifically, starting rogue program deletes bootstrap, rogue program is deleted bootstrap and call the cycle with second T2 calls ACTIVITY.
Start after rogue program deletion bootstrap, can guarantee that rogue program deletion bootstrap all the time can be described Deletion program is called before rogue program, helps user to unload the malicious application.
Further, the rogue program deletes the rogue program deletion instruction that bootstrap receives user, deletes described Rogue program;
Specifically, the rogue program deletes bootstrap by calling the deletion program of android system to complete State the deletion of rogue program.
Fig. 5 is a kind of another structural representation of Android rogue programs processing unit provided in an embodiment of the present invention, In the embodiment of the present invention, the device includes:
Monitoring module 300, cycle T 1 is called for monitoring first of the rogue program for ACTIVITY;
The malicious application has mainly used the characteristic of ACTIVITY stacks, periodically calls ACTIVITY, with User's desktop is occupied, therefore the malicious application can be monitored, obtain its ACTIVITY calls cycle T 1;
Setup module 301, cycle T 2 is called for setting second, and wherein T2 is less than T1;
Starting module 302, bootstrap is deleted for starting rogue program, rogue program is deleted bootstrap with second Cycle T 2 is called to call ACTIVITY.
Set and call the cycle less than T1, it is therefore intended that try to be the first and deletion program was called before the rogue program ACTIVITY examples, be user create conditions unloading the malicious application.
Further, the rogue program deletes the rogue program deletion instruction that bootstrap receives user, deletes described Rogue program.
Specifically, the rogue program deletes bootstrap by calling the deletion program of android system to complete State the deletion of rogue program;
First uploading module 303, after deleting application program successfully, the place of the rogue program is uploaded to server Reason result;Therefore the propagation condition that server end can be easily to rogue program is counted.
Fig. 6 is a kind of another structural representation of Android rogue programs processing unit provided in an embodiment of the present invention, In the embodiment of the present invention, the device includes:
Monitoring module 400, cycle T 1 is called for monitoring first of the rogue program for ACTIVITY;
The malicious application has mainly used the characteristic of ACTIVITY stacks, periodically calls ACTIVITY, with User's desktop is occupied, therefore the malicious application can be monitored, obtain its ACTIVITY calls cycle T 1;
Setup module 401, cycle T 2 is called for setting second, and wherein T2 is less than T1;
Starting module 402, bootstrap is deleted for starting rogue program, rogue program is deleted bootstrap with second Cycle T 2 is called to call ACTIVITY.
Set and call the cycle less than T1, it is therefore intended that try to be the first and deletion program was called before the rogue program ACTIVITY examples, be user create conditions unloading the malicious application.
Further, the rogue program deletes the rogue program deletion instruction that bootstrap receives user, deletes described Rogue program.
Specifically, the rogue program deletes bootstrap by calling the deletion program of android system to complete State the deletion of rogue program;
Second uploading module 403, the facility information for uploading equipment where the rogue program to server;Because of service The device systems information that device end easily can be infected rogue program is counted.
By implementing technical solution of the present invention, can successfully unload install in user's mobile device operation system by control User's desktop processed, prevention user are unloaded, and reach the malicious application for extorting blackmail customer objective, improve security of system.
It should be noted that each embodiment in this specification focuses on description and other embodiment difference, each Between embodiment identical similar part mutually referring to.For particularly with device embodiment, because it is substantially similar to Embodiment of the method, so describing fairly simple, the relevent part can refer to the partial explaination of embodiments of method.
One of ordinary skill in the art will appreciate that all or part of flow in realizing above-described embodiment method, can be The hardware of correlation is instructed to complete by computer program, described program can be stored in a computer read/write memory medium In, the program is upon execution, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, described storage medium can be magnetic Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access Memory, RAM) etc..
Above disclosed is only a kind of preferred embodiment of the invention, can not limit the power of the present invention with this certainly Sharp scope, one of ordinary skill in the art will appreciate that realizing all or part of flow of above-described embodiment, and weighs according to the present invention Profit requires made equivalent variations, still falls within the covered scope of invention.

Claims (21)

1. a kind of Android rogue programs processing method, it is characterised in that including:
Monitor first of the rogue program for ACTIVITY and call cycle T 1;
Set second and call cycle T 2, wherein T2 is less than T1;
Start rogue program and delete bootstrap, rogue program is deleted bootstrap and call cycle T 2 to call with second ACTIVITY。
2. the method for claim 1, it is characterised in that before the startup rogue program deletes bootstrap, also Including:
Whether inspection system installs the rogue program and deletes bootstrap.
3. method as claimed in claim 2, it is characterised in that
If system has installed the rogue program and deleted bootstrap, voluntarily start the rogue program and delete guiding journey Sequence.
4. method as claimed in claim 3, it is characterised in that
If system is fitted without the rogue program and deletes bootstrap, malice journey described in user installation is pointed out by informing Sequence deletes bootstrap.
5. method as claimed in claim 4, it is characterised in that
After the rogue program deletes bootstrap installation, start button is set in informing, user passes through institute State start button and complete the startup that the rogue program deletes bootstrap.
6. the method as described in claim 1 or 3 or 5, it is characterised in that the rogue program deletes bootstrap and receives user Rogue program delete instruction, delete the rogue program.
7. method as claimed in claim 6, it is characterised in that the rogue program deletes bootstrap by calling The deletion program of android system completes the deletion of the rogue program.
8. method as claimed in claim 4, it is characterised in that
User installs the rogue program and deletes bootstrap by webpage.
9. the method for claim 1, it is characterised in that after application program success is deleted, institute is uploaded to server State the result of rogue program.
10. the method for claim 1, it is characterised in that upload setting for equipment where the rogue program to server Standby information.
A kind of 11. Android rogue programs processing units, it is characterised in that including:
Monitoring module, cycle T 1 is called for monitoring first of the rogue program for ACTIVITY;
Setup module, cycle T 2 is called for setting second, and wherein T2 is less than T1;
Starting module, bootstrap is deleted for starting rogue program, rogue program is deleted bootstrap and is called week with second Phase, T2 called ACTIVITY.
12. devices as claimed in claim 11, it is characterised in that also include:
Module is checked, bootstrap is deleted for whether inspection system to install the rogue program.
13. devices as claimed in claim 12, it is characterised in that also include:
First starting module, if system has installed the rogue program and deleted bootstrap, voluntarily starts the malice journey Sequence deletes bootstrap.
14. devices as claimed in claim 13, it is characterised in that also include:
Reminding module, for when system is fitted without the rogue program deletion bootstrap, user being pointed out by informing The rogue program is installed and deletes bootstrap.
15. devices as claimed in claim 14, it is characterised in that also include:
First setup module, after deleting bootstrap installation in the rogue program, sets in informing and opens Dynamic button, user completes the startup that the rogue program deletes bootstrap by the start button.
16. device as described in claim 11 or 13 or 15, it is characterised in that the rogue program is deleted bootstrap and received The rogue program of user deletes instruction, deletes the rogue program.
17. devices as claimed in claim 16, it is characterised in that the rogue program deletes bootstrap by calling The deletion program of android system completes the deletion of the rogue program.
18. devices as claimed in claim 14, it is characterised in that
User installs the rogue program and deletes bootstrap by webpage.
19. devices as claimed in claim 11, it is characterised in that also include:
First uploading module, after deleting application program successfully, the result of the rogue program is uploaded to server.
20. devices as claimed in claim 11, it is characterised in that also include:
Second uploading module, the facility information for uploading equipment where the rogue program to server.
21. a kind of intelligent terminals, comprising the device described in claim 11-20.
CN201410193306.3A 2014-05-08 2014-05-08 Android malicious program processing method, device and equipment Active CN104008338B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410193306.3A CN104008338B (en) 2014-05-08 2014-05-08 Android malicious program processing method, device and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410193306.3A CN104008338B (en) 2014-05-08 2014-05-08 Android malicious program processing method, device and equipment

Publications (2)

Publication Number Publication Date
CN104008338A CN104008338A (en) 2014-08-27
CN104008338B true CN104008338B (en) 2017-06-27

Family

ID=51368988

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410193306.3A Active CN104008338B (en) 2014-05-08 2014-05-08 Android malicious program processing method, device and equipment

Country Status (1)

Country Link
CN (1) CN104008338B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104375938B (en) * 2014-11-20 2017-09-05 工业和信息化部电信研究院 The dynamic behaviour monitoring method and system of Android application program
CN108197462A (en) * 2016-12-08 2018-06-22 武汉安天信息技术有限责任公司 It is extorted under a kind of Android system using detecting system and method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1409222A (en) * 2001-09-14 2003-04-09 北京瑞星科技股份有限公司 Computer memory virus monitoring method and method for operation with virus
CN101414329A (en) * 2007-10-15 2009-04-22 北京瑞星国际软件有限公司 Method for deleting in-service virus
CN102419803A (en) * 2011-11-01 2012-04-18 成都市华为赛门铁克科技有限公司 Method, system and device for searching and killing computer virus
CN102722680A (en) * 2012-06-07 2012-10-10 腾讯科技(深圳)有限公司 Method and system for removing rogue programs
CN103577753A (en) * 2012-08-01 2014-02-12 联想(北京)有限公司 Method and electronic equipment for prompting potential hazards of camouflage application

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1409222A (en) * 2001-09-14 2003-04-09 北京瑞星科技股份有限公司 Computer memory virus monitoring method and method for operation with virus
CN101414329A (en) * 2007-10-15 2009-04-22 北京瑞星国际软件有限公司 Method for deleting in-service virus
CN102419803A (en) * 2011-11-01 2012-04-18 成都市华为赛门铁克科技有限公司 Method, system and device for searching and killing computer virus
CN102722680A (en) * 2012-06-07 2012-10-10 腾讯科技(深圳)有限公司 Method and system for removing rogue programs
CN103577753A (en) * 2012-08-01 2014-02-12 联想(北京)有限公司 Method and electronic equipment for prompting potential hazards of camouflage application

Also Published As

Publication number Publication date
CN104008338A (en) 2014-08-27

Similar Documents

Publication Publication Date Title
US9953161B2 (en) Method, device and system for processing notification bar message
US9280664B2 (en) Apparatus and method for blocking activity of malware
CN105335654B (en) Android malicious program detection and processing method, device and equipment
US9197656B2 (en) Computer program, method, and system for preventing execution of viruses and malware
US11960869B2 (en) Android penetration method and device for implementing silent installation based on accessibility services
CN105335184B (en) Application installation method and device
CN104091125A (en) Floating window processing method and device
CN104123162A (en) Method and device controlling self-starting of application programs
CN104036188B (en) Android malicious program detection method, device and equipment
US8701195B2 (en) Method for antivirus in a mobile device by using a mobile storage and a system thereof
CN106406944A (en) Control method and system for forbidding self-starting of application
CN105893847B (en) A kind of method, apparatus and electronic equipment for protecting security protection application file
CN104660606A (en) Method for remotely monitoring safety of application program
US7472288B1 (en) Protection of processes running in a computer system
CN104346279A (en) Method and device for software testing
CN105426751A (en) Method and device for preventing system time from being tampered
CN104008338B (en) Android malicious program processing method, device and equipment
CN108920263B (en) Method and apparatus for application retention
US20160321132A1 (en) Receiving an update code prior to completion of a boot procedure
CN106778173B (en) Method and device for setting application lock based on intelligent operating system
CN103810419A (en) Application uninstall preventing method and equipment
CN110555009B (en) Processing method and device for Network File System (NFS) service
CN109784041B (en) Event processing method and device, storage medium and electronic device
CN104410910A (en) Controlling method and device installing application of storage device in intelligent television
CN110928630A (en) Activation control method, device and equipment for application program window and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant