CN106529290B - Malicious software protection method and device and electronic equipment - Google Patents
Malicious software protection method and device and electronic equipment Download PDFInfo
- Publication number
- CN106529290B CN106529290B CN201610887649.9A CN201610887649A CN106529290B CN 106529290 B CN106529290 B CN 106529290B CN 201610887649 A CN201610887649 A CN 201610887649A CN 106529290 B CN106529290 B CN 106529290B
- Authority
- CN
- China
- Prior art keywords
- root
- operating system
- virus
- authority
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 241000700605 Viruses Species 0.000 claims abstract description 138
- 238000012545 processing Methods 0.000 claims abstract description 46
- 230000002155 anti-virotic effect Effects 0.000 claims abstract description 39
- 238000001514 detection method Methods 0.000 claims abstract description 19
- 238000004891 communication Methods 0.000 claims description 10
- 230000006870 function Effects 0.000 claims description 7
- 230000009191 jumping Effects 0.000 claims description 7
- 238000010586 diagram Methods 0.000 description 7
- 230000009545 invasion Effects 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 1
- 238000011982 device technology Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/568—Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Virology (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Power Sources (AREA)
Abstract
The invention provides a malicious software protection method and device and electronic equipment. The method comprises the following steps: receiving a detection result of the root virus; if the detection result is that root viruses are detected and the root right of the current operating system is not obtained, inquiring whether a preset root right-lifting strategy is matched with the information of the electronic equipment and/or the operating system; if the preset root right-lifting strategy is matched with the information of the electronic equipment and/or the operating system, obtaining the root right of the current operating system by executing the preset root right-lifting strategy; and processing the root virus under the root authority. The method can solve the problem that the existing antivirus software cannot kill the virus with root authority.
Description
Technical Field
The present invention relates to electronic device technologies, and in particular, to a method and an apparatus for protecting malware, and an electronic device.
Background
The root user (supervisor) is the only administrator of the entire system, having the highest authority. In the Android system, once the root authority is obtained, the whole system can be accessed and modified, such as reading, modifying, adding, deleting and the like of files, and even the system can be customized, pre-installed software can be uninstalled and the like. Because the antivirus software does not have the root authority, a plurality of viruses are internally provided with the root modules, and the root authority is obtained by operating the root modules, so that the authority of the viruses is higher than the authority of the antivirus software, and the viruses are prevented from being searched and killed by the antivirus software.
In order to solve the above problems, the prior art is to manually check and kill the virus with root authority, however, this method requires the operator to have a good knowledge of the system and the virus, and the requirement on the user is very high.
Disclosure of Invention
The embodiment of the invention discloses a method and a device for protecting malicious software and electronic equipment, which can solve the problem that the existing antivirus software cannot kill viruses with root authority.
In a first aspect, a malware protection method is provided, where the method is used in an operating system of an electronic device, and the method includes: receiving a detection result of the root virus; if the detection result is that root viruses are detected and the root right of the current operating system is not obtained, inquiring whether a preset root right-lifting strategy is matched with the information of the electronic equipment and/or the operating system; if the preset root right-lifting strategy is matched with the information of the electronic equipment and/or the operating system, obtaining the root right of the current operating system by executing the preset root right-lifting strategy; and processing the root virus under the root authority.
With reference to the first aspect, in a first possible implementation manner of the first aspect, the method further includes: if the preset root right-giving strategy is not matched with the information of the electronic equipment and/or the operating system, inquiring whether a root right-giving strategy matched with the information of the electronic equipment and/or the operating system exists in a cloud server or not according to the information of the electronic equipment and/or the operating system; if the query is successful, a root right-lifting strategy matched with the information of the electronic equipment and/or the operating system is obtained from a cloud server; executing the root right-lifting strategy acquired from the cloud server to acquire the root right of the current operating system; and processing the root virus under the root authority.
With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner of the first aspect, the method further includes, if the query is unsuccessful, obtaining a root right of the current operating system through the root virus; and processing the root virus under the root authority.
With reference to the first aspect or the first possible or the second possible implementation manner of the first aspect, in a third possible implementation manner of the first aspect, the processing the root virus under root authority includes at least one of:
under the root authority, deleting the file released by the root virus under the system directory;
under the root authority, replacing the pseudo system file replaced by the root virus by a safe system file;
and under the root authority, prohibiting a legal process from jumping to the malicious code of the root virus.
With reference to the second possible implementation manner of the first aspect, in a fourth possible implementation manner of the first aspect, the obtaining, by the root virus, the root right of the current operating system includes:
if the root virus file is a scheme executable file recorded with the root permission acquisition function, executing the root virus file to acquire the root permission of the current operating system; and if the root virus file is a switching super user file, executing the switching super user file to acquire the root authority of the current operating system.
With reference to the first aspect or the first possible implementation manner or the second possible implementation manner of the first aspect, in a fifth possible implementation manner of the first aspect, after the root virus is processed under root authority, the method further includes: and releasing the acquired root authority.
In a second aspect, there is provided a malware protection device, the device comprising: the system comprises a receiving module, a first query module, a first acquisition module and a processing module, wherein the receiving module is used for receiving a detection result of the root virus; the first query module is used for querying whether a preset root right-raising strategy is matched with information of the electronic equipment and/or the operating system when a detection result is that the root virus is detected and the root right of the current operating system is not obtained; the first obtaining module is used for obtaining the root authority of the current operating system by executing a preset root right-lifting strategy when the preset root right-lifting strategy is matched with the information of the electronic equipment and/or the operating system; the processing module is used for processing the root virus under the root authority.
With reference to the first possible implementation manner of the second aspect, in a second possible implementation manner of the second aspect, the apparatus further includes a second query module and a second obtaining module, where the second query module is further configured to query, when a preset root right-giving policy is not matched with information of the electronic device and/or the operating system, whether a root right-giving policy matched with the information of the electronic device and/or the operating system exists in a cloud server according to the information of the electronic device and/or the operating system; the second obtaining module is used for obtaining a root right-lifting strategy matched with the information of the electronic equipment and/or the operating system from a cloud server when the query is successful; the first obtaining module is used for executing the root right-lifting strategy obtained from the cloud server to obtain the root right of the current operating system; the processing module is used for processing the root virus under the root authority.
With reference to the first possible implementation manner of the second aspect, in a second possible implementation manner of the second aspect, the first obtaining module is further configured to obtain, when the query is unsuccessful, a root right of a current operating system through the root virus; the processing module is also used for processing the root virus under the root authority.
With reference to the second aspect or the first possible implementation manner or the second possible implementation manner of the second aspect, in a third possible implementation manner of the second aspect, the processing module is further configured to process the root virus under root authority, where the processing module includes at least one of: under the root authority, deleting the file released by the root virus under the system directory; under the root authority, replacing the pseudo system file replaced by the root virus by a safe system file; and under the root authority, prohibiting a legal process from jumping to the malicious code of the root virus.
With reference to the second possible implementation manner of the second aspect, in a fourth possible implementation manner of the second aspect, the first obtaining module is further configured to: when the root virus file is a scheme executable file recorded with a root permission acquisition function, executing the root virus file to acquire the root permission of the current operating system; and when the root virus file is a switching super user file, executing the switching super user file to acquire the root authority of the current operating system.
With reference to the second aspect or the first possible implementation manner or the second possible implementation manner of the second aspect, in a fifth possible implementation manner of the second aspect, the apparatus further includes a releasing module, where the releasing module is configured to release the obtained root right.
In a third aspect, an electronic device is provided, which includes: a processor, a memory, a communication interface, and a bus; the processor, the memory and the communication interface are connected through the bus and complete mutual communication; the memory stores executable program code; the processor runs a program corresponding to the executable program code by reading the executable program code stored in the memory, for executing a malware protection method; wherein the method is the method of any one of the first aspect.
In a fourth aspect, the present invention provides a computer-readable storage medium storing program code executed by a computing device for topic recommendation. The program code comprises instructions for performing the method of any of the first aspects.
The method can promote the authority of the antivirus software from the non-root authority to the root authority, so that the antivirus software can automatically check and kill the virus with the root authority, and the requirement on an antivirus operation user is reduced.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flowchart illustrating a malware protection method according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating another malware protection method according to an embodiment of the present invention;
FIG. 3 is a schematic structural diagram of a malware protection device according to an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of another malware protection device disclosed in the embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a flowchart illustrating a malware protection method according to an embodiment of the present invention. The malware protection method of the embodiment comprises the following steps:
110: and receiving the detection result of the root virus.
In the embodiment of the invention, because the antivirus software consumes a large amount of resources of the system under the root authority, the antivirus software does not acquire the root authority at ordinary times. When the root authority is not acquired, the antivirus software periodically detects whether the root authority exists in the electronic equipment. The root virus is internally provided with a first root module, the virus acquires the root authority by operating the first root module, the root virus can randomly access and modify the whole system, such as reading, modifying, adding, deleting and the like of files, and even can customize the system and uninstall pre-installed software and the like. The authority of the root virus is greater than that of the antivirus software which does not acquire the root authority, and the antivirus software which does not acquire the root authority cannot process the root virus, so that the antivirus software enters step 120 once detecting that the root virus exists. And if the root virus is not detected, continuously monitoring whether the root virus exists in the electronic equipment.
120: and if the detection result is that the root virus is detected and the root right of the current operating system is not obtained, inquiring whether a preset root right-lifting strategy is matched with the information of the electronic equipment and/or the operating system.
In the embodiment of the present invention, if a root virus is detected, it is checked first whether the antivirus software has already acquired the root permission, if the root permission has already been acquired, the step 140 is directly entered, and if the root permission has not been acquired, the step 130 is entered.
130: and if the preset root right-lifting strategy is matched with the information of the electronic equipment and/or the operating system, obtaining the root right of the current operating system by executing the preset root right-lifting strategy.
In the embodiment of the invention, the root right-lifting strategy is preset in the electronic equipment, and because the searching and running efficiency of the root right-lifting strategy preset by the electronic equipment is also highest, in practical application, when the root right limit needs to be obtained, the root right is preferentially selected to be obtained through the root right-lifting strategy preset by the electronic equipment. If the electronic device detects that the preset root privilege escalation policy matches the information of the electronic device and/or the operating system, step 140 is entered.
140: and processing the root virus under the root authority.
In the embodiment of the invention, after the authority of the antivirus software is promoted from the non-root authority to the root authority, the antivirus software and the virus have the same authority, and at the moment, the antivirus software with the root authority can process the virus with the root authority.
Referring to fig. 2, fig. 2 is a schematic diagram of another malware protection method disclosed in the embodiment of the present invention, where the malware protection method of the embodiment includes the following steps:
210: and receiving the detection result of the root virus.
In the embodiment of the invention, because the antivirus software consumes a large amount of resources of the system under the root authority, the antivirus software does not acquire the root authority at ordinary times. When the root authority is not acquired, the antivirus software periodically detects whether the root authority exists in the electronic equipment. The root virus is internally provided with a first root module, the virus acquires the root authority by operating the first root module, the root virus can randomly access and modify the whole system, such as reading, modifying, adding, deleting and the like of files, and even can customize the system and uninstall pre-installed software and the like. The authority of the root virus is greater than that of the antivirus software which does not acquire the root authority, and the antivirus software which does not acquire the root authority cannot process the root virus, so that the antivirus software enters step 220 once detecting that the root virus exists.
220: and if the detection result is that the root virus is detected and the root right of the current operating system is not obtained, inquiring whether a preset root right-lifting strategy is matched with the information of the electronic equipment and/or the operating system.
In the embodiment of the invention, if the detection result is that the root virus is detected, whether the antivirus software has acquired the root authority is checked firstly, if the root authority is acquired, the root virus is directly processed under the root authority, and if the root authority is not acquired, whether a preset root privilege-raising strategy is matched with information of the electronic equipment and/or the operating system is inquired. If the preset root privilege escalation strategy is matched with the information of the electronic device and/or the operating system, the step 230 is entered; if the preset root privilege escalation strategy does not match the information of the electronic device and/or the operating system, step 240 is entered.
230: and if the preset root right-lifting strategy is matched with the information of the electronic equipment and/or the operating system, obtaining the root right of the current operating system by executing the preset root right-lifting strategy.
In the embodiment of the invention, the root right-lifting strategy is preset in the electronic equipment, and because the searching and running efficiency of the root right-lifting strategy preset by the electronic equipment is also highest, in practical application, when the root right limit needs to be obtained, the root right is preferentially selected to be obtained through the root right-lifting strategy preset by the electronic equipment. If the electronic device detects that the preset root privilege escalation policy matches the information of the electronic device and/or the operating system, step 270 is entered.
240: and if the preset root right-lifting strategy is not matched with the information of the electronic equipment and/or the operating system, inquiring whether the root right-lifting strategy matched with the information of the electronic equipment and/or the operating system exists in the cloud server or not according to the information of the electronic equipment and/or the operating system.
In the embodiment of the invention, if the preset root right-lifting strategy is not matched with the information of the electronic device and/or the operating system, the electronic device may send the information of the electronic device and/or the operating system to the cloud server, and query whether the root right-lifting strategy matched with the information of the electronic device and/or the operating system exists in the cloud server according to the information of the electronic device and/or the operating system.
250: if the query is successful, a root right-lifting policy matched with the information of the electronic device and/or the operating system is obtained from the cloud server, and the process proceeds to step 270.
260: and if the query is unsuccessful, obtaining the root authority of the current operating system through the root virus.
In the embodiment of the invention, when the root virus file is a scheme executable file recorded with the root permission acquisition function, the root virus file is executed to acquire the root permission of the current operating system; and when the root virus file is the switching super user file, executing the switching super user file to acquire the root authority of the current operating system, and entering step 270.
270: and processing the root virus under the root authority.
In the embodiment of the invention, after the antivirus software acquires the root authority, the antivirus software and the virus have the same authority, and at the moment, the antivirus software with the root authority can process the root virus.
The virus invasion to the system mainly comprises the following three modes: (1) the virus releases a large number of files to the system directory. (2) The virus replaces the secure system file with a dummy system file. (3) The virus injects malicious codes into the system, so that the process can jump to the malicious codes when running normally, and the hijacking of the process is realized. Correspondingly, the root virus is processed under the root authority, and the antivirus software can select the corresponding mode to process the root virus according to the invasion condition of the virus to the system.
(1) And under the root authority, the antivirus software deletes the file released by the root virus in the system directory.
(2) And under the root authority, the antivirus software replaces the pseudo system file replaced by the root virus with the safe system file.
(3) And under the root authority, the antivirus software prohibits the legal process from jumping to the malicious code of the root virus.
280: and releasing the acquired root authority.
In the embodiment of the invention, after the antivirus is finished, in order to save system resources, the root authority is released by the antivirus software, and the root virus is continuously detected under the non-root authority.
While the method of the embodiments of the present invention has been described in detail, in order to better implement the above-described aspects of the embodiments of the present invention, the following also provides the related apparatus for implementing the aspects.
Referring to fig. 3, fig. 3 is a schematic structural diagram of a malware protection device according to an embodiment of the present invention. The malware protection device 30 of the present embodiment includes: a receiving module 31, a first querying module 32, a first obtaining module 33 and a processing module 34.
The receiving module 31 is configured to receive a detection result of the root virus;
the first query module 32 is configured to query whether a preset root right-raising policy is matched with information of the electronic device and/or the operating system when a detection result is that a root virus is detected and a root right of a current operating system is not obtained;
the first obtaining module 33 is configured to, when a preset root right-lifting policy is matched with information of the electronic device and/or the operating system, obtain a root right of a current operating system by executing the preset root right-lifting policy;
the processing module 34 is configured to process the root virus under the root authority.
The malware protection device 30 of the embodiment of the present invention can implement the malware protection method shown in fig. 1, and please refer to fig. 1 and related embodiments specifically, which is not repeated herein.
Referring to fig. 4, fig. 4 is a schematic structural diagram of another malware protection device disclosed in the embodiment of the present invention. The malware protection device 40 of the present embodiment is further optimized for the malware protection device shown in fig. 3, and the malware protection device 40 of the present embodiment is different from the malware protection device 30 shown in fig. 3 in that the malware protection device further includes: a second query module 35 and a second acquisition module 36.
The second query module 35 is further configured to query whether a root right-lifting policy matched with the information of the electronic device and/or the operating system exists in a cloud server according to the information of the electronic device and/or the operating system when a preset root right-lifting policy is not matched with the information of the electronic device and/or the operating system;
the second obtaining module 36 is configured to obtain, when the query is successful, a root right-giving policy that is matched with information of the electronic device and/or the operating system from a cloud server;
the first obtaining module 33 is configured to execute the root right-granting policy obtained from the cloud server to obtain a root right of the current operating system;
the processing module 34 is configured to process the root virus under the root authority.
Optionally, the first obtaining module 33 is further configured to obtain a root right of the current operating system through the root virus when the query is unsuccessful;
the processing module 34 is further configured to process the root virus under the root authority.
Optionally, the processing module 34 is further configured to process the root virus under root authority, where the processing module is configured to perform processing on the root virus under root authority, and the processing module is configured to perform processing on the root virus under root authority, where the processing module is configured to perform processing on the root virus under root authority, and the processing module is further configured to perform processing:
under the root authority, deleting the file released by the root virus under the system directory;
under the root authority, replacing the pseudo system file replaced by the root virus by a safe system file;
and under the root authority, prohibiting a legal process from jumping to the malicious code of the root virus.
Optionally, the first obtaining module 33 is further configured to: when the root virus file is a scheme executable file recorded with a root permission acquisition function, executing the root virus file to acquire the root permission of the current operating system; and when the root virus file is a switching super user file, executing the switching super user file to acquire the root authority of the current operating system.
Optionally, the apparatus further includes a releasing module 37, where the releasing module 37 is configured to release the obtained root right.
The malware protection device 40 according to the embodiment of the present invention can implement the malware protection method shown in fig. 2, and please refer to fig. 2 and related embodiments specifically, which is not repeated herein.
Referring to fig. 5, fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention. The electronic device of the embodiment includes: at least one processor 601, a communication interface 602, a user interface 603 and a memory 604, wherein the processor 601, the communication interface 602, the user interface 603 and the memory 604 can be connected by a bus or other means, and the embodiment of the present invention is exemplified by being connected by the bus 605. Wherein,
The communication interface 602 may be a wired interface (e.g., an ethernet interface) or a wireless interface (e.g., a cellular network interface or using a wireless local area network interface) for communicating with other electronic devices or websites. In the embodiment of the present invention, the communication interface 602 is specifically configured to recommend the target recommendation object to a user of the electronic device.
The user interface 603 may specifically be a touch panel, including a touch screen and a touch screen, for detecting an operation instruction on the touch panel, and the user interface 603 may also be a physical button or a mouse. The user interface 603 may also be a display screen for outputting, displaying images or data.
receiving a detection result of the root virus;
if the detection result is that root viruses are detected and the root right of the current operating system is not obtained, inquiring whether a preset root right-lifting strategy is matched with the information of the electronic equipment and/or the operating system;
if the preset root right-lifting strategy is matched with the information of the electronic equipment and/or the operating system, obtaining the root right of the current operating system by executing the preset root right-lifting strategy;
and processing the root virus under the root authority.
Optionally, if a preset root right-lifting strategy is not matched with the information of the electronic device and/or the operating system, querying whether a root right-lifting strategy matched with the information of the electronic device and/or the operating system exists in a cloud server according to the information of the electronic device and/or the operating system;
if the query is successful, a root right-lifting strategy matched with the information of the electronic equipment and/or the operating system is obtained from a cloud server;
executing the root right-lifting strategy acquired from the cloud server to acquire the root right of the current operating system;
and processing the root virus under the root authority.
Optionally, if the query is unsuccessful, obtaining a root right of the current operating system through the root virus;
and processing the root virus under the root authority.
Optionally, the processing of the root virus under root authority comprises at least one of:
under the root authority, deleting the file released by the root virus under the system directory;
under the root authority, replacing the pseudo system file replaced by the root virus by a safe system file;
and under the root authority, prohibiting a legal process from jumping to the malicious code of the root virus.
Optionally, if the root virus file is a scheme executable file recorded with a root permission acquisition function, executing the root virus file to acquire the root permission of the current operating system; and if the root virus file is a switching super user file, executing the switching super user file to acquire the root authority of the current operating system.
Optionally, releasing the acquired root authority.
The method can promote the authority of the antivirus software from the non-root authority to the root authority, so that the antivirus software can automatically check and kill the virus with the root authority, and the requirement on an antivirus operation user is reduced.
It will be understood by those skilled in the art that all or part of the steps in the methods of the embodiments described above may be implemented by instructions associated with a program, which may be stored in a computer-readable storage medium, where the storage medium includes Read-Only Memory (ROM), Random Access Memory (RAM), Programmable Read-Only Memory (PROM), Erasable Programmable Read-Only Memory (EPROM), One-time Programmable Read-Only Memory (OTPROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), compact disc-Read-Only Memory (CD-ROM), or other Memory, magnetic disk, magnetic tape, or magnetic tape, Or any other medium which can be used to carry or store data and which can be read by a computer.
The foregoing detailed description of the embodiments of the present invention has been presented for purposes of illustration and description, and is intended to be exhaustive or to limit the invention to the precise forms disclosed; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (11)
1. A malware protection method for use in an operating system of an electronic device, the method comprising:
receiving a detection result of the root virus;
if the detection result is that root viruses are detected and the root right of the current operating system is not obtained, the antivirus software inquires whether a preset root right-lifting strategy is matched with the information of the electronic equipment and/or the operating system;
if the preset root right-lifting strategy is matched with the information of the electronic equipment and/or the operating system, the antivirus software acquires the root right of the current operating system by executing the preset root right-lifting strategy;
if the preset root right-giving strategy is not matched with the information of the electronic equipment and/or the operating system, inquiring whether a root right-giving strategy matched with the information of the electronic equipment and/or the operating system exists in a cloud server or not according to the information of the electronic equipment and/or the operating system;
if the query is unsuccessful, obtaining the root authority of the current operating system through the root virus;
the obtaining of the root permission of the current operating system through the root virus includes:
if the root virus file is a scheme executable file recorded with the root permission acquisition function, executing the root virus file to acquire the root permission of the current operating system; if the root virus file is a switching super user file, executing the switching super user file to acquire the root authority of the current operating system;
and processing the root virus under the root authority.
2. The method of claim 1, further comprising:
if the preset root right-giving strategy is not matched with the information of the electronic equipment and/or the operating system, inquiring whether a root right-giving strategy matched with the information of the electronic equipment and/or the operating system exists in a cloud server or not according to the information of the electronic equipment and/or the operating system;
if the query is successful, a root right-lifting strategy matched with the information of the electronic equipment and/or the operating system is obtained from a cloud server;
executing the root right-lifting strategy acquired from the cloud server to acquire the root right of the current operating system;
and processing the root virus under the root authority.
3. The method according to claim 1 or 2, wherein processing the root virus under root authority comprises at least one of:
under the root authority, deleting the file released by the root virus under the system directory;
under the root authority, replacing the pseudo system file replaced by the root virus by a safe system file;
and under the root authority, prohibiting a legal process from jumping to the malicious code of the root virus.
4. The method of claim 1 or 2, further comprising, after processing the root virus under root authority: and releasing the acquired root authority.
5. The method of claim 3, further comprising, after processing the root virus under root authority: and releasing the acquired root authority.
6. A malware protection device, the device comprising: a receiving module, a first query module, a first acquisition module and a processing module,
the receiving module is used for receiving a detection result of the root virus;
the first query module is used for querying whether a preset root right-raising strategy is matched with information of the electronic equipment and/or the operating system when a detection result is that the root virus is detected and the root right of the current operating system is not obtained;
the first obtaining module is used for obtaining the root authority of the current operating system by executing a preset root right-lifting strategy when the preset root right-lifting strategy is matched with the information of the electronic equipment and/or the operating system;
the apparatus also includes a second query module that,
the second query module is used for querying whether a root right-lifting strategy matched with the information of the electronic equipment and/or the operating system exists in a cloud server according to the information of the electronic equipment and/or the operating system when a preset root right-lifting strategy is not matched with the information of the electronic equipment and/or the operating system;
the first obtaining module is further used for obtaining the root authority of the current operating system through the root virus when the query is unsuccessful;
the first obtaining module is specifically configured to:
when the root virus file is a scheme executable file recorded with a root permission acquisition function, executing the root virus file to acquire the root permission of the current operating system; when the root virus file is a switching super user file, executing the switching super user file to acquire the root authority of the current operating system;
the processing module is used for processing the root virus under the root authority.
7. The apparatus of claim 6, further comprising a second query module and a second acquisition module,
the second query module is further configured to query whether a root right-lifting policy matched with the information of the electronic device and/or the operating system exists in a cloud server according to the information of the electronic device and/or the operating system when a preset root right-lifting policy is not matched with the information of the electronic device and/or the operating system;
the second obtaining module is used for obtaining a root right-lifting strategy matched with the information of the electronic equipment and/or the operating system from a cloud server when the query is successful;
the first obtaining module is used for executing the root right-lifting strategy obtained from the cloud server to obtain the root right of the current operating system;
the processing module is used for processing the root virus under the root authority.
8. The apparatus of claim 6 or 7, wherein the processing module is further configured to process the root virus under root authority, and the processing module is further configured to at least one of:
under the root authority, deleting the file released by the root virus under the system directory;
under the root authority, replacing the pseudo system file replaced by the root virus by a safe system file;
and under the root authority, prohibiting a legal process from jumping to the malicious code of the root virus.
9. The apparatus according to claim 6 or 7, further comprising a releasing module configured to release the obtained root right.
10. The apparatus according to claim 8, further comprising a releasing module configured to release the obtained root right.
11. An electronic device, comprising: a processor, a memory, a communication interface, and a bus; the processor, the memory and the communication interface are connected through the bus and complete mutual communication; the memory stores executable program code; the processor runs a program corresponding to the executable program code by reading the executable program code stored in the memory, for executing a malware protection method; wherein the method is as claimed in any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610887649.9A CN106529290B (en) | 2016-10-11 | 2016-10-11 | Malicious software protection method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610887649.9A CN106529290B (en) | 2016-10-11 | 2016-10-11 | Malicious software protection method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106529290A CN106529290A (en) | 2017-03-22 |
| CN106529290B true CN106529290B (en) | 2020-02-18 |
Family
ID=58331322
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610887649.9A Active CN106529290B (en) | 2016-10-11 | 2016-10-11 | Malicious software protection method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106529290B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109871690A (en) * | 2018-05-04 | 2019-06-11 | 360企业安全技术(珠海)有限公司 | The management method and device of equipment permission, storage medium, electronic device |
| CN108898017A (en) * | 2018-06-29 | 2018-11-27 | 北京金山安全软件有限公司 | Virus deletion method and device and electronic equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102208002A (en) * | 2011-06-09 | 2011-10-05 | 国民技术股份有限公司 | Novel computer virus scanning and killing device |
| CN102694801A (en) * | 2012-05-21 | 2012-09-26 | 华为技术有限公司 | Method and device for detecting virus and firewall equipment |
| CN103116722A (en) * | 2013-02-06 | 2013-05-22 | 北京奇虎科技有限公司 | Processing method, processing device and processing system of notification board information |
| CN103902882A (en) * | 2014-03-18 | 2014-07-02 | 宇龙计算机通信科技(深圳)有限公司 | Terminal and method for protecting user information against leakage |
| CN104050417A (en) * | 2014-07-04 | 2014-09-17 | 北京奇虎科技有限公司 | Method and device for detecting software states at mobile terminal |
| CN104978517A (en) * | 2014-10-08 | 2015-10-14 | 武汉安天信息技术有限责任公司 | Android system illegal root detection method and Android system illegal root detection system |
| CN105631332A (en) * | 2015-12-24 | 2016-06-01 | 北京奇虎科技有限公司 | Malicious program processing method and apparatus |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102541733B (en) * | 2011-12-26 | 2015-10-07 | 成都三零瑞通移动通信有限公司 | Software fast scanning method under a kind of Android |
| CN104008340B (en) * | 2014-06-09 | 2017-02-15 | 北京奇虎科技有限公司 | Virus scanning and killing method and device |
| CN104933332B (en) * | 2015-06-10 | 2018-07-13 | 北京北信源软件股份有限公司 | A kind of method and device for preventing software from illegally being unloaded |
| CN105512544B (en) * | 2015-11-30 | 2018-12-04 | 深圳市创想天空科技股份有限公司 | A kind of method and device obtaining mobile terminal superuser right |
-
2016
- 2016-10-11 CN CN201610887649.9A patent/CN106529290B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102208002A (en) * | 2011-06-09 | 2011-10-05 | 国民技术股份有限公司 | Novel computer virus scanning and killing device |
| CN102694801A (en) * | 2012-05-21 | 2012-09-26 | 华为技术有限公司 | Method and device for detecting virus and firewall equipment |
| CN103116722A (en) * | 2013-02-06 | 2013-05-22 | 北京奇虎科技有限公司 | Processing method, processing device and processing system of notification board information |
| CN103902882A (en) * | 2014-03-18 | 2014-07-02 | 宇龙计算机通信科技(深圳)有限公司 | Terminal and method for protecting user information against leakage |
| CN104050417A (en) * | 2014-07-04 | 2014-09-17 | 北京奇虎科技有限公司 | Method and device for detecting software states at mobile terminal |
| CN104978517A (en) * | 2014-10-08 | 2015-10-14 | 武汉安天信息技术有限责任公司 | Android system illegal root detection method and Android system illegal root detection system |
| CN105631332A (en) * | 2015-12-24 | 2016-06-01 | 北京奇虎科技有限公司 | Malicious program processing method and apparatus |
Non-Patent Citations (1)
| Title |
|---|
| 金山手机卫士发现ROM病毒,需要root?;xiaotd;《爱毒霸社区》;20111102;正文第1页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106529290A (en) | 2017-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109743315B (en) | Behavior identification method, behavior identification device, behavior identification equipment and readable storage medium for website | |
| US9824217B2 (en) | Runtime detection of self-replicating malware | |
| CN102663288B (en) | Virus killing method and device thereof | |
| EP2788912B1 (en) | Predictive heap overflow protection | |
| US9235706B2 (en) | Preventing execution of task scheduled malware | |
| CN107395593B (en) | Vulnerability automatic protection method, firewall and storage medium | |
| CN102945348B (en) | Fileinfo collection method and device | |
| US10216934B2 (en) | Inferential exploit attempt detection | |
| CN105303107A (en) | Abnormal process detection method and apparatus | |
| CN106709325B (en) | Method and device for monitoring program | |
| EP2998902B1 (en) | Method and apparatus for processing file | |
| US9910983B2 (en) | Malware detection | |
| EP3579523A1 (en) | System and method for detection of malicious interactions in a computer network | |
| CN105095759A (en) | File detection method and device | |
| CN106709341A (en) | Virus processing method and device capable of aiming at file package | |
| US20180232518A1 (en) | Protecting computer code against rop attacks | |
| US8448243B1 (en) | Systems and methods for detecting unknown malware in an executable file | |
| CN106529290B (en) | Malicious software protection method and device and electronic equipment | |
| CN106302531B (en) | Safety protection method and device and terminal equipment | |
| CN111125721A (en) | Control method for process starting, computer equipment and readable storage medium | |
| CN108363931B (en) | Method and device for restoring files in isolation area | |
| CN106203121A (en) | Method and device for preventing malicious modification of kernel address and terminal | |
| US20160239364A1 (en) | Method of verifying integrity of program using hash | |
| CN112395603B (en) | Vulnerability attack identification method and device based on instruction execution sequence characteristics and computer equipment | |
| US10783249B2 (en) | Root virus removal method and apparatus, and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |