CN109145599B - Protection method for malicious viruses - Google Patents
Protection method for malicious viruses Download PDFInfo
- Publication number
- CN109145599B CN109145599B CN201710503889.9A CN201710503889A CN109145599B CN 109145599 B CN109145599 B CN 109145599B CN 201710503889 A CN201710503889 A CN 201710503889A CN 109145599 B CN109145599 B CN 109145599B
- Authority
- CN
- China
- Prior art keywords
- electronic device
- file
- bait
- protection program
- changed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
Abstract
The invention provides a protection method of malicious viruses, which comprises the following steps: establishing a bait file on a storage medium of an electronic device; checking whether the bait file is changed, and shutting down the electronic device when the bait file is changed. Therefore, after the bait file is changed, the malicious virus can be judged to start to operate, and the electronic device can be immediately shut down, so that the malicious virus can be prevented from continuously changing the file in the storage medium, and subsequent data rescue is facilitated.
Description
Technical Field
The invention relates to computer virus protection, in particular to a protection method for malicious viruses.
Background
Viruses on electronic devices can be classified into destructive viruses and malicious viruses, and most of the destructive viruses can cause the electronic devices to be inoperable. The malicious virus encrypts a specific file in the storage medium, such as a file, a picture file, a movie file, etc., but the malicious virus does not destroy the system files of the operating system, so that the user often finds that the file is encrypted late.
Hackers mostly use e-mails, web pages, etc. for users to download attachments, the users may poison the electronic devices after downloading, and most malicious viruses use the RSA algorithm of 2048bits to encrypt the files, so that the general users cannot decrypt the files unless the encrypted files obtain the decryption key.
However, in the early stage of the appearance of malicious viruses, the anti-virus programs are mostly unable to find the existence of the malicious viruses, so that the user can only take care to avoid the malicious viruses in the electronic device. In case of poisoning, the user can only pay for redemption to obtain the decryption key, or wait for the decryption key to be released, or abandon the encrypted file.
Disclosure of Invention
In view of the above, the present invention provides a method for protecting against malicious viruses, which can prevent the malicious viruses from continuously changing files.
In order to achieve the above object, the present invention provides a method for protecting against malicious viruses, comprising the following steps: A. establishing at least one bait file on a storage medium of an electronic device; B. checking whether the bait file is changed, and shutting down the electronic device when the bait file is changed.
The invention has the advantages that after the bait file is changed, the malicious virus can be judged to start to operate, and the electronic device can be immediately shut down, so that the malicious virus can be prevented from continuously changing the file in the storage medium, and the subsequent data rescue is facilitated.
Drawings
Fig. 1 is a flowchart of a method for protecting against malicious viruses according to a first preferred embodiment of the present invention.
Fig. 2 is a schematic view of an electronic device to which the protection method of the first preferred embodiment of the invention is applied.
FIG. 3 is a system diagram illustrating a second embodiment of the protection method according to the present invention.
FIG. 4 is a system diagram illustrating a protection method according to a third preferred embodiment of the present invention.
[ notation ] to show
10 electronic device 12 storage medium
2 System
20 network 22 server 24 mobile device
3 System
30 electronic device 32 local area network
Detailed Description
To illustrate the present invention more clearly, a preferred embodiment will now be described in detail with reference to the accompanying drawings. Referring to fig. 1, a flowchart of a malicious virus protection method according to a first preferred embodiment of the present invention is shown, where the protection method is applied to an electronic device 10 shown in fig. 2, and the electronic device 10 is exemplified by a computer and has a storage medium 12, and may also be a device having a storage medium, such as a smart phone. The storage medium 12 may include a fixed storage medium 12 or a removable storage medium 12, the fixed storage medium 12 includes at least one hard disk drive or at least one solid state drive, and the removable storage medium 12 includes at least one flash drive or at least one memory card. The protection method comprises the following steps:
at least one bait file is established in a predetermined data path of the storage medium 12 of the electronic device 10, wherein the bait file has a file name, the file name includes a main file name and an extension name, and a predetermined content is established in the bait file. In this embodiment, the bait file is a plain text file (with an extension of txt), but not limited thereto, and may also be a file, a picture file, a movie file, a sound file, a compressed file, and the like. The bait file is established in a predetermined data path of the storage medium 12 of the operating system of the electronic device 10, for example, a computer, and the malicious virus typically encrypts the file in sequence according to the code number and file name of the disk drive, so that the predetermined data path is preferably "C: \ or "D: preferably, the main file name of the bait file is set to a number, for example, 0.
In practice, the number of files in each of the plurality of data paths in the storage medium may also be checked, and the decoy file may be established in the data path having the highest number of files among the plurality of data paths. Of course, the data path may be designated by the user.
Whether the bait file is changed or not is checked by a protection program, and when the bait file is changed, the electronic device 10 is powered off by the protection program. In this embodiment, the protection program is executed after the electronic device 10 is powered on, and the bait file is checked once every predetermined time (e.g. 1 minute), and if the bait file is not changed, the bait file is checked again after the predetermined time. If the file name of the bait file is not in the preset data path or the bait file is in but the preset content is not contained in the bait file, the bait file is judged to be changed.
In practice, a plurality of the bait files may be established in a plurality of data paths in the storage medium 12; and checking whether the bait files of the data paths are changed or not at preset time intervals, and powering off the electronic device when any one of the bait files is changed.
Therefore, if the electronic device 10 contains a malicious virus and the malicious virus encrypts the bait file, the method of the embodiment can shut down the electronic device to prevent the malicious virus from continuously changing other files of the storage medium 12. The user can detach the storage medium 12 of the electronic device from the electronic device and connect to another electronic device to copy or move the file in the storage medium 12 that is not changed to another storage medium 12 for storage.
The protection method of the present embodiment further includes, after the electronic device 10 is powered on again, checking, by the protection program, whether a malicious virus remover with a predetermined file name exists in a removable storage medium (not shown) connected to the electronic device;
if so, executing a malicious virus removal program to remove the malicious viruses and recover the modified file;
if not, the electronic device is shut down.
Therefore, after the user obtains the malicious virus removal program, the malicious virus removal program is stored in a removable storage medium (such as a flash drive) and is renamed to a predetermined file name, the removable storage medium is connected to the electronic device 10, and the electronic device 10 is restarted.
Fig. 3 shows a system 2 to which the method for protecting against malicious viruses according to the second preferred embodiment of the present invention is applied, where the system 2 includes at least one electronic device 10 according to the first embodiment, and the electronic device 10 is connected to a server 22 through a network 20, where the network 20 may be the internet or a local area network.
The protection method of this embodiment has substantially the same steps as the first embodiment, except that before the protection program checks whether the bait file is changed, the method further comprises:
a mobile device 24 is connected to the server 22 through a network and a corresponding relationship between the electronic device 10 and the mobile device 24 is established in the server 22.
When the bait file is changed, the electronic device 10 transmits a first message to the server 22 before the electronic device 10 is powered off.
Then, the server 22 transmits a second message to the mobile device 24 according to the first message and the corresponding relationship, so that the user can know that the electronic device 10 has a malicious virus when seeing that the mobile device 24 receives the second message, and needs to perform subsequent processing.
Fig. 4 shows a system 3 applied in the method for protecting against malicious viruses according to the third preferred embodiment of the present invention, where the system 3 includes at least one electronic device 10 according to the second embodiment and at least one other electronic device 30, and the electronic devices 10 and 30 are connected to a local area network 32. In this embodiment, the at least one other electronic device 30 is plural in number and has a storage medium, a protection program and a bait file as the electronic device 10.
The protection method of the present embodiment has substantially the same steps as the first embodiment, except that when any one of the electronic devices 10, 30 (taking the electronic device 10 as an example) in the system 3 detects that the bait file is changed, the electronic device 10 first transmits a message to the other two electronic devices 30, and after receiving the message, the two electronic devices 30 block the connection with the local area network 32. Thereby, the files of the other two electronic devices 30 are prevented from being changed. Of course, the lan 32 of this embodiment may also be connected to the server 22 of the second embodiment, and any electronic device 10 with the modified bait file transmits the information to the server 22 and then to the other two electronic devices 30 through the server 22, so that the other two electronic devices 30 can block the connection with the lan 32.
The system 3 of the present embodiment can also cooperate with the system 2 of the second embodiment to connect the server 22 and the mobile device 24, and when the bait file is checked to be changed, the electronic device 10 first transmits the first message to the server 22, and then the electronic device 10 is powered off.
Accordingly, the method for protecting against malicious viruses of the present invention places the bait file in the storage medium 12 of the electronic device 10, and determines that the malicious viruses have started to operate after the bait file is changed, and immediately shuts down the electronic device 10, thereby avoiding the situation of disasters from expanding continuously, and facilitating subsequent data rescue.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the present invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (7)
1. A method for protecting against malicious viruses, comprising the steps of:
A. establishing at least one bait file on a storage medium of an electronic device; wherein, the electronic device is connected with a server;
connecting a mobile device to the server and establishing a corresponding relation between the electronic device and the mobile device in the server;
B. the electronic device executes a protection program after being started, the protection program checks whether the bait file is changed, the protection program checks the bait file once every preset time, and when the bait file is changed, the protection program shuts down the electronic device;
before the protection program shuts down the electronic device in step B, the method includes sending a first message to the server, and sending a second message to the mobile device by the server according to the first message and the corresponding relationship.
2. The method according to claim 1, wherein step a comprises creating a predetermined content in the bait file; when the bait file does not contain the predetermined content in step B, it is determined that the bait file is changed.
3. The method according to claim 1, wherein the bait file is determined to be changed when the file name of the bait file is checked in step B and is not stored in the storage medium.
4. The method according to claim 1, wherein a plurality of the bait files are respectively established in a plurality of data paths in the storage medium in step a; step B, checking whether the bait files of the data paths are changed or not, and powering off the electronic device when any one of the bait files is changed.
5. The method for protecting against malicious viruses of claim 1, wherein step a comprises checking the number of files in each of a plurality of data paths in the storage medium; and establishing the bait file in a data path with the largest number of files among the data paths.
6. A method for protecting against malicious viruses, comprising the steps of:
A. establishing at least one bait file on a storage medium of an electronic device; wherein the electronic device and at least one other electronic device are connected to a local area network;
B. the electronic device executes a protection program after being started, the protection program checks whether the bait file is changed, the protection program checks the bait file once every preset time, and when the bait file is changed, the protection program shuts down the electronic device;
wherein, before the protection program shuts down the electronic device in step B, the method further includes sending a message to the other electronic device, and after the other electronic device receives the message, the other electronic device blocks the connection with the local area network.
7. A method for protecting against malicious viruses, comprising the steps of:
A. establishing at least one bait file on a storage medium of an electronic device;
B. the electronic device executes a protection program after being started, the protection program checks whether the bait file is changed, the protection program checks the bait file once every preset time, and when the bait file is changed, the protection program shuts down the electronic device;
after the electronic device is started up again, the protection program checks whether a malicious virus removing program with a preset file name exists in a removable storage medium connected to the electronic device:
if yes, executing the malicious virus removal program by the protection program;
if not, the electronic device is shut down by the protection program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710503889.9A CN109145599B (en) | 2017-06-27 | 2017-06-27 | Protection method for malicious viruses |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710503889.9A CN109145599B (en) | 2017-06-27 | 2017-06-27 | Protection method for malicious viruses |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109145599A CN109145599A (en) | 2019-01-04 |
| CN109145599B true CN109145599B (en) | 2022-01-07 |
Family
ID=64805424
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710503889.9A Active CN109145599B (en) | 2017-06-27 | 2017-06-27 | Protection method for malicious viruses |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109145599B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI739405B (en) * | 2020-04-24 | 2021-09-11 | 新唐科技股份有限公司 | Anti-virus chip and anti-virus method |
| CN112560040A (en) * | 2020-12-25 | 2021-03-26 | 安芯网盾(北京)科技有限公司 | General detection method and device for computer infectious virus |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1314638A (en) * | 2001-04-29 | 2001-09-26 | 北京瑞星科技股份有限公司 | Method, system and medium for detecting and clearing known and anknown computer virus |
| CN1476554A (en) * | 2000-10-24 | 2004-02-18 | Vcis公司 | Analytical virtual machine |
| CN1761939A (en) * | 2003-03-17 | 2006-04-19 | 精工爱普生株式会社 | Method and system for preventing virus infection |
| CN102216900A (en) * | 2008-09-12 | 2011-10-12 | 马来西亚微电子系统有限公司 | A honeypot host |
| CN104484605A (en) * | 2014-12-10 | 2015-04-01 | 央视国际网络无锡有限公司 | Method of detecting viral sources in cloud storage environment |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020194490A1 (en) * | 2001-06-18 | 2002-12-19 | Avner Halperin | System and method of virus containment in computer networks |
| US8769684B2 (en) * | 2008-12-02 | 2014-07-01 | The Trustees Of Columbia University In The City Of New York | Methods, systems, and media for masquerade attack detection by monitoring computer user behavior |
| US8726032B2 (en) * | 2009-03-25 | 2014-05-13 | Pacid Technologies, Llc | System and method for protecting secrets file |
| CN104021344B (en) * | 2014-05-14 | 2015-06-24 | 南京大学 | Honey pot mechanism and method used for collecting and intercepting internal storage behaviors of computer |
-
2017
- 2017-06-27 CN CN201710503889.9A patent/CN109145599B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1476554A (en) * | 2000-10-24 | 2004-02-18 | Vcis公司 | Analytical virtual machine |
| CN1314638A (en) * | 2001-04-29 | 2001-09-26 | 北京瑞星科技股份有限公司 | Method, system and medium for detecting and clearing known and anknown computer virus |
| CN1761939A (en) * | 2003-03-17 | 2006-04-19 | 精工爱普生株式会社 | Method and system for preventing virus infection |
| CN102216900A (en) * | 2008-09-12 | 2011-10-12 | 马来西亚微电子系统有限公司 | A honeypot host |
| CN104484605A (en) * | 2014-12-10 | 2015-04-01 | 央视国际网络无锡有限公司 | Method of detecting viral sources in cloud storage environment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109145599A (en) | 2019-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7689835B2 (en) | Computer program product and computer system for controlling performance of operations within a data processing system or networks | |
| US8631494B2 (en) | Method and device for scanning data for signatures prior to storage in a storage device | |
| RU2617631C2 (en) | Method for detection working malicious software runned from client, on server | |
| US20150172304A1 (en) | Secure backup with anti-malware scan | |
| US9317686B1 (en) | File backup to combat ransomware | |
| US10193918B1 (en) | Behavior-based ransomware detection using decoy files | |
| US9256739B1 (en) | Systems and methods for using event-correlation graphs to generate remediation procedures | |
| EP3430559B1 (en) | Systems and methods for generating tripwire files | |
| US20090019547A1 (en) | Method and computer program product for identifying or managing vulnerabilities within a data processing network | |
| CN117040840A (en) | Anti-theft and tamper-proof data protection | |
| KR101768082B1 (en) | Securing method for protecting the ransomware | |
| CN105335654B (en) | Android malicious program detection and processing method, device and equipment | |
| CA3015352A1 (en) | Cybersecurity systems and techniques | |
| Popoola et al. | Ransomware: Current trend, challenges, and research directions | |
| CN109145599B (en) | Protection method for malicious viruses | |
| US8954624B2 (en) | Method and system for securing input from an external device to a host | |
| US10032022B1 (en) | System and method for self-protecting code | |
| US20080276299A1 (en) | Wireless terminal apparatus and method of protecting system resources | |
| Kaur et al. | An empirical analysis of crypto-ransomware behavior | |
| US10503898B2 (en) | Method for defending against malware | |
| TWI647585B (en) | Malicious virus protection method | |
| US10909245B1 (en) | Secure quarantine of potentially malicious content | |
| JP2007058862A (en) | Method and apparatus for managing server process, and computer program (method or apparatus for managing server process in computer system) | |
| CN117077180B (en) | Lesu encrypted data recovery feasibility assessment and processing device, method, electronic equipment and storage medium | |
| CN113312629A (en) | Safe operating system based on android operating system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |