CN104573511B - The method and system of caryogram virus in a kind of killing - Google Patents
The method and system of caryogram virus in a kind of killing Download PDFInfo
- Publication number
- CN104573511B CN104573511B CN201310481967.1A CN201310481967A CN104573511B CN 104573511 B CN104573511 B CN 104573511B CN 201310481967 A CN201310481967 A CN 201310481967A CN 104573511 B CN104573511 B CN 104573511B
- Authority
- CN
- China
- Prior art keywords
- virus
- caryogram
- interior
- cleaning scheme
- starting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/568—Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
Abstract
The present invention discloses the method and electronic equipment of caryogram virus in a kind of killing.Methods described includes:Before os starting, the cleaning scheme of the interior caryogram virus is obtained by the basic input output system with Extensible Firmware Interface;The cleaning scheme includes the storage address of the interior caryogram virus;The position of the interior caryogram virus is determined according to the storage address;Remove the data of the position storage.Using the method or electronic equipment of the present invention, Rootkit viruses can be purged before Rootkit viruses are linked into system kernel in a manner of driver, so as to increase the security of operating system.
Description
Technical field
The present invention relates to computer safety field, more particularly to a kind of method and system of caryogram virus in killing.
Background technology
With the continuous development of network technology, the safety problem of the operating system of electronic equipment becomes more and more important.Mesh
Before, for the security threat of the operating system of electronic equipment it is maximum be still various types of Viruses.
Inside many Virus Types, it is exactly interior caryogram most to allow people disgustful(Rootkit)Virus.Killed when many
Malicious software can detect the virus, but can not effectively remove.The characteristics of this viroid, is, before antivirus software startup, this
Viroid can be linked into system kernel in a manner of driver, then can establish secret back door, replacement system normal file,
Process hiding, monitoring network, record keystroke sequence, some Rootkit viruses even can also close antivirus software.
It can be seen that checking and killing virus method of the prior art, for the virus of interior caryogram, can not effectively be removed.
The content of the invention
It is an object of the invention to provide in a kind of killing caryogram virus method and system, can Rootkit viruses with
The mode of driver is linked into before system kernel, and Rootkit viruses are purged, so as to increase the safety of operating system
Property.
To achieve the above object, the invention provides following scheme:
The method of caryogram virus, methods described include in a kind of killing:
Before os starting, obtained by the basic input output system with Extensible Firmware Interface in described
The cleaning scheme of caryogram virus;The cleaning scheme includes the storage address of the interior caryogram virus;
The position of the interior caryogram virus is determined according to the storage address;
Remove the data of the position storage.
Optionally, after the data for removing the position storage, in addition to:
From the cleaning scheme, relevant information of the interior caryogram virus in registration table is determined;
Remove the relevant information.
Optionally, after the data for removing the position storage, in addition to:
Boot sequence of the antivirus software in os starting is arranged to the first preferential startup, to prevent interior caryogram
Virus loads before antivirus software startup.
Optionally, after the os starting, methods described also includes:
Detect whether the operating system is loaded with the interior caryogram virus in real time by the antivirus software;
When detecting that the operating system is loaded with the interior caryogram virus, obtained from the server of network side in described
The cleaning scheme of caryogram virus;
By the cleaning scheme write-in basic input and output system with Extensible Firmware Interface of the interior caryogram virus
System, to remove the interior caryogram virus during basic input output system startup next time.
Optionally, the server from network side obtains the cleaning scheme of the interior caryogram virus, including:
The characteristic information of the interior caryogram virus is sent to the server;
Receive the cleaning scheme for the interior caryogram virus to match with the characteristic information that the server is sent.
Optionally, the cleaning scheme for obtaining the interior caryogram virus, including:
From local the first cleaning scheme for obtaining the interior caryogram virus;First cleaning scheme is the operating system
Pass through the antivirus software write-in basic input output system with Extensible Firmware Interface after last time startup;
Or the second cleaning scheme of the interior caryogram virus is obtained from the server of network side.
A kind of electronic equipment, the electronic equipment include:
First cleaning scheme acquiring unit, for before os starting, by with Extensible Firmware Interface
Basic input output system obtains the cleaning scheme of the interior caryogram virus;
Position determination unit, for determining the position of the interior caryogram virus according to the storage address;
Data dump unit, for removing the data of the position storage.
Optionally, in addition to:
Relevant information determining unit, for remove position storage in the data dump unit data after, from
In the cleaning scheme, relevant information of the interior caryogram virus in registration table is determined;
Relevant information clearing cell, for removing the relevant information.
Optionally, in addition to:
Boot sequence setting unit, for after the data of the data dump unit removing position storage, inciting somebody to action
Boot sequence of the antivirus software in os starting is arranged to the first preferential startup, to prevent interior caryogram virus described
Antivirus software loads before starting.
Optionally, the electronic equipment also includes:
Virus detection element, for after the os starting, the behaviour to be detected in real time by the antivirus software
Make whether system is loaded with the interior caryogram virus;
Second cleaning scheme acquiring unit, for when detecting that the operating system is loaded with the interior caryogram virus,
The cleaning scheme of the interior caryogram virus is obtained from the server of network side;
Cleaning scheme writing unit, for will there is extended firmware described in the cleaning scheme write-in of the interior caryogram virus
The basic input output system of interface, to remove the interior caryogram virus during basic input output system startup next time.
Optionally, the second cleaning scheme acquiring unit, including:
Characteristic information transmission sub-unit, for sending the characteristic information of the interior caryogram virus to the server;
Cleaning scheme receiving subelement, match for receiving that the server sends with the characteristic information described in
The cleaning scheme of interior caryogram virus.
Optionally, the first cleaning scheme acquiring unit, including:
First cleaning scheme first obtains subelement, for obtaining the first viral removing side of the interior caryogram from local
Case;First cleaning scheme is described with expansible solid by antivirus software write-in after starting the operating system last time
The basic input output system of part interface;
First cleaning scheme second obtains subelement, for obtaining the interior caryogram virus from the server of network side
Second cleaning scheme.
According to specific embodiment provided by the invention, the invention discloses following technique effect:
The method and electronic equipment of caryogram virus in the killing of the present invention, by with can expand before os starting
The basic input output system for opening up firmware interface obtains the cleaning scheme of the interior caryogram virus;According in the cleaning scheme
Storage address determines the position of the interior caryogram virus;Remove the data of the position storage;It can be driven in Rootkit viruses
The mode of dynamic program is linked into before system kernel, and Rootkit viruses are purged, so as to increase the security of operating system.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to institute in embodiment
The accompanying drawing needed to use is briefly described, it should be apparent that, drawings in the following description are only some implementations of the present invention
Example, for those of ordinary skill in the art, without having to pay creative labor, can also be according to these accompanying drawings
Obtain other accompanying drawings.
Fig. 1 is the flow chart of the embodiment of the method 1 of caryogram virus in the killing of the present invention;
Fig. 2 is the flow chart of the embodiment of the method 2 of caryogram virus in the killing of the present invention;
Fig. 3 is the flow chart of the embodiment of the method 3 of caryogram virus in the killing of the present invention;
Fig. 4 is the flow chart of the embodiment of the method 4 of caryogram virus in the killing of the present invention;
Fig. 5 is the structure chart of the electronic equipment embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained every other under the premise of creative work is not made
Embodiment, belong to the scope of protection of the invention.
In order to facilitate the understanding of the purposes, features and advantages of the present invention, it is below in conjunction with the accompanying drawings and specific real
Applying mode, the present invention is further detailed explanation.
The method of caryogram virus in the killing of the present invention, applied to Extensible Firmware Interface(EFI)Basic input
Output system(BIOS)Electronic equipment.The electronic equipment can be the electronic equipment such as desktop computer, all-in-one.
It is well known that in the prior art, during PC starts, BIOS is responsible for initiating hardware, detects hardware work(
Can, and the responsibility of guiding operating system.Bios program is deposited in the read-only storage that content after a power down will not lose,
The address of first instruction of processor can be positioned in BIOS memory when system powers up, and be easy to obtain initialization program
To execution.
EFI BIOS are a kind of new BIOS that latest developments are got up.EFI BIOS are to use modularization, the ginseng of C language style
Number storehouse transfer modes, the system of the form structure of dynamic link, it is more easily implemented for more traditional BIOS, fault-tolerant and error correction
Characteristic is stronger, can shorten the time of system research and development.It utilizes the form for loading EFI drivings, identification and operation hardware.EFI
BIOS is conceptually very similar to the operating system of a low order, and with the ability of manipulation all hardware resource.
The core concept of the present invention is that just have manipulation hardware resource before os starting using EFI BIOS
Ability, before os starting, interior caryogram virus is removed from the element of electronic equipment so that electronic equipment is operating
During system starts, interior caryogram virus has been not present, and prevents before antivirus software starts, interior caryogram virus is operating
System is linked into system kernel during starting in a manner of driver.
Fig. 1 is the flow chart of the embodiment of the method 1 of caryogram virus in the killing of the present invention.As shown in figure 1, this method can be with
Including:
Step 101:Before os starting, pass through the basic input output system with Extensible Firmware Interface
(EFI BIOS)Obtain the cleaning scheme of the interior caryogram virus;The cleaning scheme includes the storage of the interior caryogram virus
Location;
The operating system can be windows or linux operating systems.
EFI BIOS can initialize the hardware function units of the electronic equipment before os starting;Obtain
To the control of the hardware function units.
Specifically, EFI BIOS can load the driver for the network communication unit for belonging to hardware function units so that
The network communication unit enables;Loading belongs to the driver of the first memory cell of hardware function units so that described the
One memory cell enables;The removing viral with the interior caryogram is obtained from service terminal based on the enabled network communication unit
Scheme, and be stored in first memory cell.
When the cleaning scheme of the interior caryogram virus has stored in local electronic equipment beforehand through other modes
When in the first memory cell, can also directly it be obtained in first memory cell based on enabled first memory cell
The cleaning scheme of the interior caryogram virus of storage.
Cleaning scheme can be stored in advance on local electronic equipment in the following ways:It can be set in the electronics
During standby last startup, electronic equipment is detected by antivirus software.When detecting there is kernel on the electronic equipment
During type virus, it can be downloaded by antivirus software from the server on network for the viral cleaning scheme of the interior caryogram, by institute
Cleaning scheme is stated to be stored in the memory cell of electronic equipment.The server can be the service that the manufacturer of antivirus software is set
Device or third-party server.
The cleaning scheme comprises at least the behavioural characteristic and storage address of the interior caryogram virus.It is special according to the behavior
Sign can identify the interior caryogram virus.The position of the interior caryogram virus can be determined according to the storage address.
Step 102:The position of the interior caryogram virus is determined according to the storage address;
The storage address can represent the interior caryogram virus is located at which storage location of memory cell.Specifically,
When the memory cell is hard disk, the storage address can represent the interior caryogram virus is located at which sector of hard disk.
Step 103:Remove the data of the position storage.
Because EFI BIOS have the control to hardware function units, it is possible to are performed by EFI BIOS to storage
The clear operation of data on unit.Because now operating system is also not actuated, interior caryogram virus can not also load, so EFI
BIOS is thoroughly at this point for the removing of interior caryogram virus.
In summary, in the present embodiment, by substantially defeated with Extensible Firmware Interface before os starting
Enter the cleaning scheme that output system obtains the interior caryogram virus;Storage address in the cleaning scheme is determined in described
The position of caryogram virus;Remove the data of the position storage;It can be linked into Rootkit viruses in a manner of driver and be
Unite before kernel, Rootkit viruses are purged, so as to increase the security of operating system.
Fig. 2 is the flow chart of the embodiment of the method 2 of caryogram virus in the killing of the present invention.As shown in Fig. 2 this method can be with
Including:
Step 201:Before os starting, obtained by the basic input output system with Extensible Firmware Interface
Take the cleaning scheme of the interior caryogram virus;The cleaning scheme includes the storage address of the interior caryogram virus;
Step 202:The position of the interior caryogram virus is determined according to the storage address;
Step 203:Remove the data of the position storage.
Step 204:From the cleaning scheme, relevant information of the interior caryogram virus in registration table is determined.
Related letter of the interior caryogram virus in registration table can also be included in the present embodiment, in the cleaning scheme
Breath.
Generally, virus can also write relevant information as a kind of program of specific type in the registration table of operating system.
On the one hand the relevant information can cause the startup of system or the speed of service to reduce;On the other hand, when virus is not removed thoroughly
When, after os starting, it is possible to the relevant information in registration table, generate Virus again.
Therefore, the relevant information is removed, may further ensure that in the present embodiment for the thorough of interior caryogram virus sweep
Bottom property.
Step 205:Remove the relevant information.
Specifically, file system can be called by EFI BIOS before os starting.Call file system
Afterwards, EFI BIOS can directly be purged the associative operations such as information to registry file.
Fig. 3 is the flow chart of the embodiment of the method 3 of caryogram virus in the killing of the present invention.As shown in figure 3, this method can be with
Including:
Step 301:Before os starting, obtained by the basic input output system with Extensible Firmware Interface
Take the cleaning scheme of the interior caryogram virus;The cleaning scheme includes the storage address of the interior caryogram virus;
Step 302:The position of the interior caryogram virus is determined according to the storage address;
Step 303:Remove the data of the position storage.
Step 304:Boot sequence of the antivirus software in os starting is arranged to the first preferential startup, to prevent
Only interior caryogram virus loads before antivirus software startup.
In the present embodiment, by adjusting boot sequence of the antivirus software in os starting, by opening for antivirus software
Dynamic order is arranged to the first preferential startup, can prevent other interior caryogram viruses do not removed from starting it in the antivirus software
Preceding loading.
Fig. 4 is the flow chart of the embodiment of the method 4 of caryogram virus in the killing of the present invention.As shown in figure 4, this method can be with
Including:
Step 401:Before os starting, obtained by the basic input output system with Extensible Firmware Interface
Take the cleaning scheme of the interior caryogram virus;The cleaning scheme includes the storage address of the interior caryogram virus;
Step 402:The position of the interior caryogram virus is determined according to the storage address;
Step 403:Remove the data of the position storage.
Step 404:Boot sequence of the antivirus software in os starting is arranged to the first preferential startup, to prevent
Only interior caryogram virus loads before antivirus software startup.
Step 405:Detect whether the operating system is loaded with the interior caryogram virus in real time by the antivirus software;
Because the antivirus software is first preferentially to start, therefore the antivirus software can be to the operating system
Whole start-up course carries out complete monitoring, to detect whether the operating system is loaded with the interior caryogram virus.
Specifically, it can include:
Step A:Obtain the operating system on startup, the instruction that each program is sent;
Step B:The instruction is compared with the instruction that the behavioural characteristic of interior caryogram virus represents;
The behavioural characteristic of different interior caryogram virus can be different.Can be from the service for the manufacturer for providing checking and killing virus
Device obtains the viral library file on interior caryogram virus.The behavior of every kind of interior caryogram virus can be included in the viral library file
Characteristic information.The behavior characteristic information can represent the instruction that interior caryogram virus is operationally sent.
Step C:It is when the instruction is identical with the instruction that the behavioural characteristic represents, the program for sending the instruction is true
It is set to the interior caryogram virus.
Step 406:When detecting that the operating system is loaded with the interior caryogram virus, obtained from the server of network side
Take the cleaning scheme of the interior caryogram virus;
Specifically, the characteristic information of the interior caryogram virus can be sent to the server;The characteristic information can be with
It is the filename of the interior caryogram virus.
Receive the cleaning scheme for the interior caryogram virus to match with the characteristic information that the server is sent.
Step 407:The cleaning scheme write-in of the interior caryogram virus is described substantially defeated with Extensible Firmware Interface
Enter output system, to remove the interior caryogram virus during basic input output system startup next time.
In the present embodiment, by the startup of operating system, preferentially loading antivirus software, by antivirus software to operation
The start-up course of system carries out complete monitoring, and interior caryogram virus present in electronic equipment can be detected in real time, and
The cleaning scheme for interior caryogram virus can be obtained from the server of network side, so that the electronic equipment starts next time
When, the interior caryogram virus can be directly removed by EFI BIOS, further improves the security of system.
It should be noted that in the killing of the present invention in each embodiment of the method for caryogram virus, described in the acquisition
The cleaning scheme of interior caryogram virus, the step for, it may each comprise two ways:
From local the first cleaning scheme for obtaining the interior caryogram virus;First cleaning scheme is the operating system
Pass through the antivirus software write-in basic input output system with Extensible Firmware Interface after last time startup;
Or the second cleaning scheme of the interior caryogram virus is obtained from the server of network side.
The invention also discloses a kind of electronic equipment.The electronic equipment can be desktop computer or all-in-one.Fig. 5 is this hair
The structure chart of bright electronic equipment embodiment.As shown in figure 5, the electronic equipment can include:
First cleaning scheme acquiring unit 501, for before os starting, by with Extensible Firmware Interface
Basic input output system obtain the cleaning scheme of the interior caryogram virus;
Position determination unit 502, for determining the position of the interior caryogram virus according to the storage address;
Data dump unit 503, for removing the data of the position storage.
In the present embodiment, pass through the basic input output system with Extensible Firmware Interface before os starting
Obtain the cleaning scheme of the interior caryogram virus;Storage address in the cleaning scheme determines the interior caryogram virus
Position;Remove the data of the position storage;Can Rootkit viruses be linked into a manner of driver system kernel it
Before, Rootkit viruses are purged, so as to increase the security of operating system.
In practical application, the electronic equipment can also include:
Relevant information determining unit, for remove position storage in the data dump unit 503 data after,
From the cleaning scheme, relevant information of the interior caryogram virus in registration table is determined;
Relevant information clearing cell, for removing the relevant information.
It can also include:
Boot sequence setting unit, for remove position storage in the data dump unit 503 data after,
Boot sequence of the antivirus software in os starting is arranged to the first preferential startup, to prevent interior caryogram virus in institute
State before antivirus software starts and load.
The electronic equipment can also include:
Virus detection element, for after the os starting, the behaviour to be detected in real time by the antivirus software
Make whether system is loaded with the interior caryogram virus;
Second cleaning scheme acquiring unit, for when detecting that the operating system is loaded with the interior caryogram virus,
The cleaning scheme of the interior caryogram virus is obtained from the server of network side;
Cleaning scheme writing unit, for will there is extended firmware described in the cleaning scheme write-in of the interior caryogram virus
The basic input output system of interface, to remove the interior caryogram virus during basic input output system startup next time.
Wherein, the second cleaning scheme acquiring unit, can include:
Characteristic information transmission sub-unit, for sending the characteristic information of the interior caryogram virus to the server;
Cleaning scheme receiving subelement, match for receiving that the server sends with the characteristic information described in
The cleaning scheme of interior caryogram virus.
In above-described embodiment, the first cleaning scheme acquiring unit 501, it can include:
First cleaning scheme first obtains subelement, for obtaining the first viral removing side of the interior caryogram from local
Case;First cleaning scheme is described with expansible solid by antivirus software write-in after starting the operating system last time
The basic input output system of part interface;
First cleaning scheme second obtains subelement, for obtaining the interior caryogram virus from the server of network side
Second cleaning scheme.
Finally, it is to be noted that, herein, such as first and second or the like relational terms be used merely to by
One entity or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or operation
Between any this actual relation or order be present.Moreover, term " comprising ", "comprising" or its any other variant meaning
Covering including for nonexcludability, so that process, method, article or equipment including a series of elements not only include that
A little key elements, but also the other element including being not expressly set out, or also include for this process, method, article or
The intrinsic key element of equipment.In the absence of more restrictions, the key element limited by sentence "including a ...", is not arranged
Except other identical element in the process including the key element, method, article or equipment being also present.
Through the above description of the embodiments, those skilled in the art can be understood that the present invention can be by
Software adds the mode of required hardware platform to realize, naturally it is also possible to all implemented by hardware, but in many cases before
Person is more preferably embodiment.Based on such understanding, whole that technical scheme contributes to background technology or
Person part can be embodied in the form of software product, and the computer software product can be stored in storage medium, such as
ROM/RAM, magnetic disc, CD etc., including some instructions are causing a computer equipment(Can be personal computer, service
Device, or network equipment etc.)Perform the method described in some parts of each embodiment of the present invention or embodiment.
Each embodiment is described by the way of progressive in this specification, what each embodiment stressed be and other
The difference of embodiment, between each embodiment identical similar portion mutually referring to.For electronics disclosed in embodiment
For equipment, because it is corresponded to the method disclosed in Example, so description is fairly simple, related part is referring to method portion
Defend oneself bright.
Specific case used herein is set forth to the principle and embodiment of the present invention, and above example is said
It is bright to be only intended to help the method and its core concept for understanding the present invention;Meanwhile for those of ordinary skill in the art, foundation
The thought of the present invention, in specific embodiments and applications there will be changes.In summary, this specification content is not
It is interpreted as limitation of the present invention.
Claims (12)
1. a kind of method of caryogram virus in killing, it is characterised in that methods described includes:
Before os starting, the interior caryogram is obtained by the basic input output system with Extensible Firmware Interface
The cleaning scheme of virus;The cleaning scheme includes the storage address of the interior caryogram virus;
The position of the interior caryogram virus is determined according to the storage address;
Remove the data of the position storage;
Wherein, the cleaning scheme for obtaining the interior caryogram virus, including:
From local the first cleaning scheme for obtaining the interior caryogram virus;First cleaning scheme is one in the operating system
Pass through the antivirus software write-in basic input output system with Extensible Firmware Interface after secondary startup.
2. according to the method for claim 1, it is characterised in that after the data for removing the position storage, also wrap
Include:
From the cleaning scheme, relevant information of the interior caryogram virus in registration table is determined;
Remove the relevant information.
3. according to the method for claim 1, it is characterised in that after the data for removing the position storage, also wrap
Include:
Boot sequence of the antivirus software in os starting is arranged to the first preferential startup, to prevent interior caryogram virus
Loaded before antivirus software startup.
4. according to the method for claim 3, it is characterised in that after the os starting, methods described also includes:
Detect whether the operating system is loaded with the interior caryogram virus in real time by the antivirus software;
When detecting that the operating system is loaded with the interior caryogram virus, the interior caryogram is obtained from the server of network side
The cleaning scheme of virus;
To there is the basic input output system of Extensible Firmware Interface described in the cleaning scheme write-in of the interior caryogram virus, with
Toilet removes the interior caryogram virus when stating basic input output system startup next time.
5. according to the method for claim 4, it is characterised in that the server from network side obtains the interior caryogram disease
The cleaning scheme of poison, including:
The characteristic information of the interior caryogram virus is sent to the server;
Receive the cleaning scheme for the interior caryogram virus to match with the characteristic information that the server is sent.
6. according to the method described in claim any one of 1-5, it is characterised in that the removing for obtaining the interior caryogram virus
Scheme, in addition to:
The second cleaning scheme of the interior caryogram virus is obtained from the server of network side.
7. a kind of electronic equipment, it is characterised in that the electronic equipment includes:
First cleaning scheme acquiring unit, for before os starting, by with the basic of Extensible Firmware Interface
The cleaning scheme of caryogram virus in input-output system acquisition, the cleaning scheme include the storage of the interior caryogram virus
Location;
Position determination unit, for determining the position of the interior caryogram virus according to the storage address;
Data dump unit, for removing the data of the position storage;
The first cleaning scheme acquiring unit, including:
First cleaning scheme first obtains subelement, for obtaining the first viral cleaning scheme of the interior caryogram from local;Institute
It is to be connect after starting the operating system last time by the way that antivirus software write-in is described with extended firmware to state the first cleaning scheme
The basic input output system of mouth.
8. electronic equipment according to claim 7, it is characterised in that also include:
Relevant information determining unit, for remove position storage in the data dump unit data after, from described
In cleaning scheme, relevant information of the interior caryogram virus in registration table is determined;
Relevant information clearing cell, for removing the relevant information.
9. electronic equipment according to claim 7, it is characterised in that also include:
Boot sequence setting unit, for after the data of the data dump unit removing position storage, will kill virus
Boot sequence of the software in os starting is arranged to the first preferential startup, to prevent interior caryogram virus in the antivirus
Software loads before starting.
10. electronic equipment according to claim 9, it is characterised in that the electronic equipment also includes:
Virus detection element, it is for after the os starting, the operation to be detected in real time by the antivirus software
Whether system is loaded with the interior caryogram virus;
Second cleaning scheme acquiring unit, for when detecting that the operating system is loaded with the interior caryogram virus, from net
The server of network side obtains the cleaning scheme of the interior caryogram virus;
Cleaning scheme writing unit, for will there is Extensible Firmware Interface described in the cleaning scheme write-in of the interior caryogram virus
Basic input output system, remove the interior caryogram virus when starting next time so as to the basic input output system.
11. electronic equipment according to claim 10, it is characterised in that the second cleaning scheme acquiring unit, including:
Characteristic information transmission sub-unit, for sending the characteristic information of the interior caryogram virus to the server;
Cleaning scheme receiving subelement, the kernel to match with the characteristic information sent for receiving the server
The cleaning scheme of type virus.
12. according to the electronic equipment described in claim any one of 7-11, it is characterised in that first cleaning scheme obtains single
Member, in addition to:
First cleaning scheme second obtains subelement, for obtaining the second of the interior caryogram virus from the server of network side
Cleaning scheme.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310481967.1A CN104573511B (en) | 2013-10-15 | 2013-10-15 | The method and system of caryogram virus in a kind of killing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310481967.1A CN104573511B (en) | 2013-10-15 | 2013-10-15 | The method and system of caryogram virus in a kind of killing |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104573511A CN104573511A (en) | 2015-04-29 |
| CN104573511B true CN104573511B (en) | 2018-01-23 |
Family
ID=53089549
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310481967.1A Active CN104573511B (en) | 2013-10-15 | 2013-10-15 | The method and system of caryogram virus in a kind of killing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104573511B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106681813B (en) * | 2016-12-15 | 2020-06-12 | 腾讯科技(深圳)有限公司 | System management method and device |
| CN110851831B (en) * | 2019-11-12 | 2023-04-28 | 腾讯科技(深圳)有限公司 | Virus processing method, device, computer equipment and computer readable storage medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100472547C (en) * | 2006-03-21 | 2009-03-25 | 联想(北京)有限公司 | System and method for killing ROOTKIT |
| CN101877039A (en) * | 2009-11-23 | 2010-11-03 | 浪潮电子信息产业股份有限公司 | Fault detection technology of server operating system |
| CN102208002B (en) * | 2011-06-09 | 2015-03-04 | 国民技术股份有限公司 | Novel computer virus scanning and killing device |
-
2013
- 2013-10-15 CN CN201310481967.1A patent/CN104573511B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN104573511A (en) | 2015-04-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5978365B2 (en) | System and method for performing network access control in a virtual environment | |
| RU2589862C1 (en) | Method of detecting malicious code in random-access memory | |
| US9280664B2 (en) | Apparatus and method for blocking activity of malware | |
| US8181247B1 (en) | System and method for protecting a computer system from the activity of malicious objects | |
| EP3420489B1 (en) | Cybersecurity systems and techniques | |
| EP3299957A1 (en) | Performing live updates to file system volumes | |
| JP2017527931A (en) | Malware detection method and system | |
| CN104751063B (en) | A kind of operating system trusted bootstrap method based on real pattern technology | |
| EP2876572B1 (en) | Firmware-level security agent supporting operating system-level security in computer system | |
| US9588829B2 (en) | Security method and apparatus directed at removable storage devices | |
| WO2006047163A2 (en) | System and method for identifying and removing malware on a computer system | |
| WO2013026320A1 (en) | Method and system for detecting webpage trojan embedded | |
| WO2016019893A1 (en) | Application installation method and apparatus | |
| CN110334522A (en) | Start the method and device of measurement | |
| CN108228077A (en) | The management method of memory block, operation method, device, equipment, readable medium | |
| KR101974989B1 (en) | Method and apparatus for determining behavior information corresponding to a dangerous file | |
| EP3127036A1 (en) | Systems and methods for identifying a source of a suspect event | |
| CN104573511B (en) | The method and system of caryogram virus in a kind of killing | |
| CN105893847A (en) | Method and device for protecting safety protection application program file and electronic equipment | |
| EP3563281A1 (en) | Persistence probing to detect malware | |
| EP2584484B1 (en) | System and method for protecting a computer system from the activity of malicious objects | |
| EP2729893B1 (en) | Security method and apparatus | |
| CN103699838A (en) | Identification method and equipment of viruses | |
| CN103632086B (en) | The method and apparatus for repairing basic input-output system BIOS rogue program | |
| CN106572083A (en) | Log processing method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |