CN104899510A - Virus detecting and killing method for removable storage devices - Google Patents
Virus detecting and killing method for removable storage devices Download PDFInfo
- Publication number
- CN104899510A CN104899510A CN201510235271.XA CN201510235271A CN104899510A CN 104899510 A CN104899510 A CN 104899510A CN 201510235271 A CN201510235271 A CN 201510235271A CN 104899510 A CN104899510 A CN 104899510A
- Authority
- CN
- China
- Prior art keywords
- virus
- killing
- intranet
- memory equipment
- movable memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Measuring Or Testing Involving Enzymes Or Micro-Organisms (AREA)
Abstract
The invention discloses a virus detecting and killing method for removable storage devices. The virus detecting and killing method for removable storage devices comprises the following steps of: on a terminal device connected to an intranet, installing a removable-storage-device virus detecting and killing management module through pushing performed by an intranet management center or through downloading, and enabling detecting and killing monitoring for removable storage devices; when the intranet management center detects that a removable storage device is inserted into the terminal on the intranet, the removable-storage-device virus detecting and killing management module automatically detecting files on the removable storage device, and screening and blocking detected suspicious files; and then manually or automatically deleting the detected virus files by using the terminal device, and reporting a virus infection log file to the intranet management center, wherein a virus infection report on removable storage devices can be viewed in the intranet management center. The virus detecting and killing method for removable storage devices provided by the invention can achieve the objective of ensuring security of enterprise intranets.
Description
Technical field
The present invention relates to data security arts, particularly, relate to a kind of Viral diagnosis checking and killing method for movable memory equipment.
Background technology
At present, widely using of movable memory equipment (as: USB flash disk) has brought facility, increasing computer user carries out data file exchange by movable memory equipment, and high utilization rate so just provides conveniently to the propagation of computer-virus program.The virus such as " Panda burning incense ", " AV terminator " one after another using movable memory equipment as major transmission path.Because movable memory equipment viroid carrier is comparatively extensive, except movable memory equipment, the removable storage facilitiess such as MP3, MP4, portable hard drive and digital camera become the transmitting carrier of this viroid bar none, and this type of viral subversive is also stronger, hacker is made " to dote on " to have to this kind of Virus and add, constantly " weeding out the old and bring forth the new ".
, there are the new features of " hommization " in the Virus utilizing the convenient characteristic of movable memory equipment to propagate, the reaction after energy Accurate Prediction user is poisoning and operation steps.Be subject to new Virus to infect and the computer system that cannot normally use, people usually can select format C dish refitting system to solve problem.And this type of new virus program is exactly meticulous is here provided with trap.This Virus, when traveling through disk and writing automatic played file, do not write, and all disks beyond C dish all writes the copy of Virus in C dish.Even if that is format refitting system, clear up the installation subregion of computer system, but in all the other each subregions of Virus Already in hard disk, once after installing brand-new system, do not detect the Virus of other subregions of removing hard disk and use, then again can allow Virus destruction of computer systems, infect data file.
In order to prevent enterprises numerous movable memory equipment, virus is brought in computing machine, and need to promote killing management and control efficiency further, unify killing and management and control for the virus in movable memory equipment, Timeliness coverage virus outbreak trend in addition measure currently faces the problem needing to solve.
Summary of the invention
The object of the invention is to, for the problems referred to above, propose a kind of Viral diagnosis checking and killing method for movable memory equipment, to realize the advantage ensureing corporate intranet safety.
For achieving the above object, the technical solution used in the present invention is:
For a Viral diagnosis checking and killing method for movable memory equipment, comprise the following steps:
The terminal device of access Intranet to be pushed by Intranet administrative center or downloading mode carries out movable memory equipment checking and killing virus administration module and installs, and open movable memory equipment killing monitoring;
When Intranet administrative center monitors interior online terminal insertion movable memory equipment, movable memory equipment checking and killing virus administration module detects the file in movable memory equipment automatically, and carries out screening blocking-up to the apocrypha detected;
Then be the file erase of virus manually or automatically by above-mentioned screening by terminal device, and report infection Virus Logs file to Intranet administrative center, can check that movable memory equipment infects virus report in Intranet administrative center.
Preferably, described Virus Logs file at least comprises, killing time, Virus Type and viral load.
Technical scheme of the present invention has following beneficial effect:
Technical scheme of the present invention, virus screening killing and management and control are carried out to movable memory equipment, effectively can carry out complete detection and killing to the virus on movable memory equipment (as: USB flash disk, portable hard drive etc.), block suspect program, prevent computer virus from entering into corporate intranet, thus ensure the safety of corporate intranet further.After movable memory equipment inserts computing machine, can stop and start suspicious relevant executive routine from movable storage device, thus the propagation of effective blocking virus program, and depth scan detection killing can also be carried out to movable memory equipment, use movable storage device to provide safety guarantee for convenience.Intranet administrative center unifies killing and management and control for the virus in movable memory equipment, and Timeliness coverage virus outbreak trend is processed.
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Accompanying drawing explanation
Fig. 1 is the process flow diagram of the Viral diagnosis checking and killing method for movable memory equipment described in the embodiment of the present invention.
Embodiment
Below in conjunction with accompanying drawing, the preferred embodiments of the present invention are described, should be appreciated that preferred embodiment described herein is only for instruction and explanation of the present invention, is not intended to limit the present invention.
As shown in Figure 1, a kind of Viral diagnosis checking and killing method for movable memory equipment, comprises the following steps:
The terminal device of access Intranet to be pushed by Intranet administrative center or downloading mode carries out movable memory equipment checking and killing virus administration module and installs, and open movable memory equipment killing monitoring;
When Intranet administrative center monitors interior online terminal insertion movable memory equipment, movable memory equipment checking and killing virus administration module detects the file in movable memory equipment automatically, and carries out screening blocking-up to the apocrypha detected;
Then be the file erase of virus manually or automatically by above-mentioned screening by terminal device, and report infection Virus Logs file to Intranet administrative center, can check that movable memory equipment infects virus report in Intranet administrative center.
Virus Logs file at least comprises, killing time, Virus Type and viral load.
Movable memory equipment checking and killing virus administration module can adopt other antivirus applets such as Rising's enterprise terminal Security Agent assembly to realize.
Concrete, first, the terminal device of an access Intranet to be pushed by Intranet administrative center or downloading mode carries out movable memory equipment checking and killing virus administration module and installs, secondly, issued by Intranet administrative center strategy setting, enable movable memory equipment to monitor in real time, once movable equipment is linked on inner net computer, automatically detection scanning (finding that suspicious executive routine can block) and checking and killing virus can be carried out to movable memory equipment, Intranet administrative center can view the killing time, Virus Type, the log informations such as quantity, gather can carry out Correlative data analysis by these information, generate report.
The present invention adopts file system triage techniques, stops and starts suspicious relevant executive routine from movable memory equipment, thus the propagation of effective blocking virus program.
File system screening driver principle of work: file system screening drives for file system, and it is attached in file system.The I/O manager of Windows system is according to operation requests structure IRP(I/O request bags such as the reading and writing files of user) issue file system driver, file system driver is operation corresponding to memory device driver the operation transformation corresponding to file system and calls memory device driver by I/O manager.Document screening drives and is inserted in current file system storehouse, and interception mails to kernel mode IRP, by again processing the function that these IRP provide some new for current file system.Mail to the screened driving interception of IRP that underlying file systems drives, screening driving is done some to these IRP intercepted and is processed accordingly, the function providing some new for system or value-added service.
The effect that file system screening drives: document screening drives the function that may be used for expanding, revise existing file system, for file system provides new function and service.
Mainly contain following purposes:
(1) for file system provides transparent additional function.Being encrypted data as write in process at file, being decrypted in the process read, the processes such as data are personalized, carry out special processing for special process, increase file system efficiency etc.
(2) function of Viral diagnosis.When system at reading and writing of files time, catch the data content of read-write, detect wherein whether containing virus signature.
(3) document screening is used to carry out data read-write control, as the basis of Tempest software.
The present invention additionally uses deeper layer virus scanning killing technology, gets final product autoscan killing as compressed format files viruses such as ZIP, ARJ, CAB, LZH and RAR when inserting movable memory equipment; Also can identify the compressed format of multiple executable program, as PKLITE, LZEXE, WWPACK, ASPACK and UPX etc., allow those hide profound virus and also have to show what one really is.The file that the compressed file that built-in high-velocity scanning engine can scan multiple format generates, comprises the file that the multiple popular compressed software such as PKZIP, PKLITE, ARJ, Microsoft Compress, Diet, LZEXE and LZH generates.Document for Multiple Compression also provides search viral function, and namely a document is by the condensed document generated after two or more compressed softwares, also can carry out search virus, makes to hide virus dark again and is also difficult to escape.
Last it is noted that the foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, although with reference to previous embodiment to invention has been detailed description, for a person skilled in the art, it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (2)
1., for a Viral diagnosis checking and killing method for movable memory equipment, it is characterized in that, comprise the following steps:
The terminal device of access Intranet to be pushed by Intranet administrative center or downloading mode carries out movable memory equipment checking and killing virus administration module and installs, and open movable memory equipment killing monitoring;
When Intranet administrative center monitors interior online terminal insertion movable memory equipment, movable memory equipment checking and killing virus administration module detects the file in movable memory equipment automatically, and carries out screening blocking-up to the apocrypha detected;
Then be the file erase of virus manually or automatically by above-mentioned screening by terminal device, and report infection Virus Logs file to Intranet administrative center, can check that movable memory equipment infects virus report in Intranet administrative center.
2. the Viral diagnosis checking and killing method for movable memory equipment according to claim 1, is characterized in that, described Virus Logs file at least comprises, killing time, Virus Type and viral load.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510235271.XA CN104899510A (en) | 2015-05-11 | 2015-05-11 | Virus detecting and killing method for removable storage devices |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510235271.XA CN104899510A (en) | 2015-05-11 | 2015-05-11 | Virus detecting and killing method for removable storage devices |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104899510A true CN104899510A (en) | 2015-09-09 |
Family
ID=54032170
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510235271.XA Pending CN104899510A (en) | 2015-05-11 | 2015-05-11 | Virus detecting and killing method for removable storage devices |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104899510A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110225057A (en) * | 2019-06-24 | 2019-09-10 | 杭州安恒信息技术股份有限公司 | A kind of method for detecting virus of intelligent terminal, device, equipment and system |
| CN110381008A (en) * | 2018-04-13 | 2019-10-25 | 武汉梓金山科技有限公司 | A kind of Dynamic Defense System of Network Security and method based on big data |
| CN110598409A (en) * | 2019-09-04 | 2019-12-20 | 南方电网数字电网研究院有限公司 | Storage medium access method and device, computer equipment and storage medium |
| CN110674500A (en) * | 2019-09-04 | 2020-01-10 | 南方电网数字电网研究院有限公司 | Storage medium virus searching and killing method and device, computer equipment and storage medium |
| CN110688657A (en) * | 2019-09-26 | 2020-01-14 | 福州浩恒影音工程有限公司 | USB flash disk virus isolator and working method thereof |
| CN110795730A (en) * | 2018-10-23 | 2020-02-14 | 北京安天网络安全技术有限公司 | Method, system and storage medium for thoroughly eliminating malicious files |
| CN111475807A (en) * | 2020-04-02 | 2020-07-31 | 亚信科技(成都)有限公司 | Detection method and device for movable storage equipment |
| CN114692151A (en) * | 2022-04-08 | 2022-07-01 | 成都理工大学 | Discovery method of USB flash disk virus and application tool thereof |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103593616A (en) * | 2013-11-29 | 2014-02-19 | 国网安徽省电力公司淮南供电公司 | System and method for preventing and controlling USB flash disk viruses in enterprise information network |
| CN104077527A (en) * | 2014-06-20 | 2014-10-01 | 珠海市君天电子科技有限公司 | Method and device for generating virus detection machine and method and device for virus detection |
| CN104318161A (en) * | 2014-11-18 | 2015-01-28 | 北京奇虎科技有限公司 | Virus detection method and device for Android samples |
-
2015
- 2015-05-11 CN CN201510235271.XA patent/CN104899510A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103593616A (en) * | 2013-11-29 | 2014-02-19 | 国网安徽省电力公司淮南供电公司 | System and method for preventing and controlling USB flash disk viruses in enterprise information network |
| CN104077527A (en) * | 2014-06-20 | 2014-10-01 | 珠海市君天电子科技有限公司 | Method and device for generating virus detection machine and method and device for virus detection |
| CN104318161A (en) * | 2014-11-18 | 2015-01-28 | 北京奇虎科技有限公司 | Virus detection method and device for Android samples |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110381008A (en) * | 2018-04-13 | 2019-10-25 | 武汉梓金山科技有限公司 | A kind of Dynamic Defense System of Network Security and method based on big data |
| CN110381008B (en) * | 2018-04-13 | 2022-02-25 | 海南波克科技有限公司 | Network security dynamic defense system and method based on big data |
| CN110795730A (en) * | 2018-10-23 | 2020-02-14 | 北京安天网络安全技术有限公司 | Method, system and storage medium for thoroughly eliminating malicious files |
| CN110225057A (en) * | 2019-06-24 | 2019-09-10 | 杭州安恒信息技术股份有限公司 | A kind of method for detecting virus of intelligent terminal, device, equipment and system |
| CN110598409A (en) * | 2019-09-04 | 2019-12-20 | 南方电网数字电网研究院有限公司 | Storage medium access method and device, computer equipment and storage medium |
| CN110674500A (en) * | 2019-09-04 | 2020-01-10 | 南方电网数字电网研究院有限公司 | Storage medium virus searching and killing method and device, computer equipment and storage medium |
| CN110688657A (en) * | 2019-09-26 | 2020-01-14 | 福州浩恒影音工程有限公司 | USB flash disk virus isolator and working method thereof |
| CN111475807A (en) * | 2020-04-02 | 2020-07-31 | 亚信科技(成都)有限公司 | Detection method and device for movable storage equipment |
| CN114692151A (en) * | 2022-04-08 | 2022-07-01 | 成都理工大学 | Discovery method of USB flash disk virus and application tool thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104899510A (en) | Virus detecting and killing method for removable storage devices | |
| Baek et al. | SSD-insider: Internal defense of solid-state drive against ransomware with perfect data recovery | |
| US10235524B2 (en) | Methods and apparatus for identifying and removing malicious applications | |
| US7540027B2 (en) | Method/system to speed up antivirus scans using a journal file system | |
| US8667583B2 (en) | Collecting and analyzing malware data | |
| US8181247B1 (en) | System and method for protecting a computer system from the activity of malicious objects | |
| US8671449B1 (en) | Systems and methods for identifying potential malware | |
| US7676845B2 (en) | System and method of selectively scanning a file on a computing device for malware | |
| US8091127B2 (en) | Heuristic malware detection | |
| US8856937B1 (en) | Methods and systems for identifying fraudulent websites | |
| US8739287B1 (en) | Determining a security status of potentially malicious files | |
| US8739284B1 (en) | Systems and methods for blocking and removing internet-traversing malware | |
| US7620990B2 (en) | System and method for unpacking packed executables for malware evaluation | |
| US8806629B1 (en) | Automatic generation of policy-driven anti-malware signatures and mitigation of DoS (denial-of-service) attacks | |
| US20140283050A1 (en) | Method and apparatus for collecting information for identifying computer attack | |
| US8627404B2 (en) | Detecting addition of a file to a computer system and initiating remote analysis of the file for malware | |
| Kara | A basic malware analysis method | |
| WO2006137657A1 (en) | Method for intercepting malicious code in computer system and system therefor | |
| Čeponis et al. | Towards a robust method of dataset generation of malicious activity for anomaly-based HIDS training and presentation of AWSCTD dataset | |
| RU101235U1 (en) | VALVE Malware Check System with Variable Validation Settings | |
| US9860261B2 (en) | System for analyzing and maintaining data security in backup data and method thereof | |
| US10970392B2 (en) | Grouping application components for classification and malware detection | |
| KR102105885B1 (en) | Detection method and system of ransomeware | |
| CN114021115A (en) | Malicious application detection method and device, storage medium and processor | |
| CN116708033B (en) | Terminal security detection method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150909 |
|
| RJ01 | Rejection of invention patent application after publication |