CN110674500A - Storage medium virus searching and killing method and device, computer equipment and storage medium - Google Patents
Storage medium virus searching and killing method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN110674500A CN110674500A CN201910832028.4A CN201910832028A CN110674500A CN 110674500 A CN110674500 A CN 110674500A CN 201910832028 A CN201910832028 A CN 201910832028A CN 110674500 A CN110674500 A CN 110674500A
- Authority
- CN
- China
- Prior art keywords
- file
- killing
- virus
- antivirus
- storage medium
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/568—Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
Abstract
The application relates to a storage medium virus searching and killing method and device, computer equipment and a storage medium. The method comprises the following steps: the method comprises the steps of obtaining file data in a storage medium to be searched and killed, calculating file values of files in the file data to obtain an initial file value list, performing virus searching and killing on the storage medium to be searched and killed, monitoring a virus searching and killing process in real time according to the initial file value list, obtaining a virus searching and killing result when the virus searching and killing process is finished, generating a virus killing label file according to the virus searching and killing result, writing the virus killing label file into a preset hidden partition, and completing virus searching and killing. The method can improve the security of the storage medium and the access of the storage medium.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for searching and killing viruses in a storage medium, a computer device, and a storage medium.
Background
With the development of computer technology, a mobile storage medium appears, and the mobile storage medium (including a usb disk, a mobile hard disk, a floppy disk, an optical disk, a memory card, etc.) has the characteristics of small volume and large capacity, and is widely used nowadays as a convenient medium for information exchange, and is an essential tool in daily work and life, and the mobile storage medium is basically used when data interaction is involved in daily work and life.
However, with the use of the mobile storage medium, a large amount of mobile storage media are infected with viruses and trojans, which causes the data security risk of the mobile storage medium itself, and the mobile storage medium is used as a springboard to threaten the data security of a host or an intranet, which has the problem of low security.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a storage medium virus checking and killing method, apparatus, computer device and storage medium capable of improving security of a mobile storage medium and access thereof.
A storage medium virus searching and killing method, the method comprising:
acquiring file data in a storage medium to be checked and killed, and calculating the file value of each file in the file data to obtain an initial file value list;
virus searching and killing are carried out on the storage medium to be searched and killed, and the virus searching and killing process is monitored in real time according to the initial file value list;
when the virus searching and killing process is finished, a virus searching and killing result is obtained, and a virus killing label file is generated according to the virus searching and killing result;
and writing the antivirus label file into a preset hidden partition to finish virus searching and killing.
In one embodiment, before obtaining the file data in the storage medium to be checked and killed, the method further includes:
and carrying out formatting partition on the storage medium to be searched and killed to obtain a hidden partition.
In one embodiment, obtaining the initial file value list according to the file values of the files in the file data includes:
calculating the MD5 value of each file in the file data according to an MD5 message digest algorithm;
an initial file value list is obtained according to the MD5 value of each file.
In one embodiment, monitoring the virus-killing process in real-time according to the initial file value list comprises:
monitoring the reading and writing of the antivirus software to a storage medium to be searched and killed, and acquiring a searched and killed file set of the antivirus software;
calculating the file value of each searched and killed file in the searched and killed file set to obtain a file value list of the searched and killed file set;
comparing the file value list of the searched and killed file set with the initial file value list;
and when the comparison is consistent, determining that the virus killing software finishes virus searching and killing.
In one embodiment, generating the antivirus label file according to the virus searching and killing result includes:
according to the virus checking and killing result, determining the virus killing time, virus killing software version information and generating a virus killed mark;
and generating the antivirus label file according to the antivirus time, the antivirus software version information and the antivirus label.
In one embodiment, writing the antivirus tag file into a preset hidden partition, and after virus searching and killing are completed, the method further includes:
reading a preset hidden partition, and acquiring a antivirus label file from the hidden partition;
and verifying the virus searching and killing result of the storage medium to be searched and killed according to the virus killing tag file.
In one embodiment, verifying the virus killing result of the storage medium to be killed according to the virus killing tag file comprises:
detecting whether the antivirus label file has an antivirus label or not, and determining that the virus checking and killing result is that the virus checking and killing is not passed when the antivirus label file does not have the antivirus label;
when the antivirus label file has the antivirus label, acquiring antivirus software version information in the antivirus label file, comparing the antivirus software version information with preset required version information, and when the antivirus software version information is not matched with the preset required version information, determining that a virus checking and killing result is that the virus checking and killing is not passed;
and when the antivirus software version information is matched with the preset required version information, calculating the time difference value between the antivirus time in the antivirus tag file and the current time, and when the time difference value is less than or equal to a preset time difference value threshold, determining that the virus checking and killing result of the storage medium to be checked and killed is that the virus checking and killing is passed.
A storage medium virus searching and killing device, the device comprising:
the calculation module is used for acquiring file data in the storage medium to be checked and killed, calculating the file value of each file in the file data, and obtaining an initial file value list;
the virus searching and killing module is used for searching and killing viruses in the storage medium to be searched and killed and monitoring the virus searching and killing process in real time according to the initial file value list;
the first processing module is used for acquiring a virus searching and killing result when the virus searching and killing process is finished, and generating a virus killing label file according to the virus searching and killing result;
and the second processing module is used for writing the antivirus label file into a preset hidden partition to finish virus searching and killing.
A computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:
acquiring file data in a storage medium to be checked and killed, and calculating the file value of each file in the file data to obtain an initial file value list;
virus searching and killing are carried out on the storage medium to be searched and killed, and the virus searching and killing process is monitored in real time according to the initial file value list;
when the virus searching and killing process is finished, a virus searching and killing result is obtained, and a virus killing label file is generated according to the virus searching and killing result;
and writing the antivirus label file into a preset hidden partition to finish virus searching and killing.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of:
acquiring file data in a storage medium to be checked and killed, and calculating the file value of each file in the file data to obtain an initial file value list;
virus searching and killing are carried out on the storage medium to be searched and killed, and the virus searching and killing process is monitored in real time according to the initial file value list;
when the virus searching and killing process is finished, a virus searching and killing result is obtained, and a virus killing label file is generated according to the virus searching and killing result;
and writing the antivirus label file into a preset hidden partition to finish virus searching and killing.
The storage medium virus searching and killing method, the device, the computer equipment and the storage medium acquire the file data in the storage medium to be searched and killed, calculate the file value of each file in the file data to obtain an initial file value list, the virus searching and killing is carried out on the storage medium to be searched and killed, the safety of the storage medium is improved, the virus searching and killing process is monitored in real time according to the initial file value list, when the virus searching and killing process is finished, the virus searching and killing result is obtained, generating antivirus label files according to the virus checking and killing results, writing the antivirus label files into a preset hidden partition to finish virus checking and killing, therefore, when the storage medium is accessed to the host system, the host system can detect the security of the storage medium according to the antivirus label file in the hidden partition, and ensure that only the antivirus storage medium can access systems such as the host and the like, thereby improving the security of the storage medium access.
Drawings
FIG. 1 is a diagram illustrating an exemplary embodiment of a method for virus-based storage medium searching and killing;
FIG. 2 is a flowchart illustrating a method for virus-based storage medium killing in one embodiment;
FIG. 3 is a schematic flow chart of a method for virus-based virus-killing of a storage medium according to another embodiment;
FIG. 4 is a schematic flow chart illustrating a method for virus-based storage medium killing in accordance with yet another embodiment;
FIG. 5 is a schematic illustration of a sub-flow chart of step S204 in FIG. 2 according to an embodiment;
FIG. 6 is a flowchart illustrating a method for searching and killing viruses in a storage medium according to another embodiment;
FIG. 7 is a flowchart illustrating a method for virus-based storage medium killing in accordance with yet another embodiment;
FIG. 8 is a schematic sub-flow chart illustrating step S704 of FIG. 7 according to an embodiment;
FIG. 9 is a block diagram showing the structure of a virus searching and killing apparatus for a storage medium according to an embodiment;
FIG. 10 is a diagram showing an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The storage medium virus searching and killing method provided by the application can be applied to the application environment shown in FIG. 1. A user accesses a storage medium 102 to be checked and killed into a server 104, the server 104 acquires file data in the storage medium 102 to be checked and killed after detecting that the storage medium 102 to be checked and killed is accessed, calculates file values of files in the file data to obtain an initial file value list, performs virus checking and killing on the storage medium 102 to be checked and killed, monitors a virus checking and killing process in real time according to the initial file value list, acquires a virus checking and killing result when the virus checking and killing process is finished, generates a virus killing tag file according to the virus checking and killing result, writes the virus killing tag file into a preset hidden partition, and completes virus checking and killing. The server 104 may be implemented as a stand-alone server or a server cluster composed of a plurality of servers.
In one embodiment, as shown in fig. 2, a storage medium virus searching and killing method is provided, which is described by taking the method as an example applied to the server in fig. 1, and includes the following steps:
s202: acquiring file data in a storage medium to be checked and killed, and calculating the file value of each file in the file data to obtain an initial file value list.
The server obtains file data in the storage medium to be checked and killed, and calculates file values of files in the file data according to a preset consistency algorithm, such as an MD5 message digest algorithm, so as to obtain an initial file value list, wherein the initial file value list stores the file values of the files, and is used for comparing the initial file value list with a file value list of a set of checked and killed files after virus killing so as to determine a checking and killing process of virus killing software.
When the preset consistency algorithm is the MD5 message digest algorithm, the file value of each file refers to the MD5 value of each file. The MD5 message digest algorithm is a widely used cryptographic hash function that generates a 128-bit (16-byte) hash value (MD5 value) to ensure the integrity of the message transmission. A typical application of MD5 is to generate a message digest for a piece of information to prevent tampering. In particular the MD5 value of a file is like a "digital fingerprint" of this file. The MD5 value for each file is different, and if anyone makes any changes to the file, the MD5 value, i.e. the corresponding "digital fingerprint" changes.
S204: and carrying out virus killing on the storage medium to be killed, and monitoring the virus killing process in real time according to the initial file value list.
The server calls preset antivirus software to check and kill viruses of the storage medium to be checked and killed, and monitors the virus checking and killing process in real time according to the initial file value list. The real-time monitoring of the virus searching and killing process according to the initial file value list refers to monitoring reading and writing of the antivirus software to a storage medium to be searched and killed, checking whether a searched and killed file set of the antivirus software is consistent with file data before searching and killing, and when the antivirus software completes searching and killing and the searched and killed file set is consistent with file data of money to be searched and killed, considering that the antivirus software completes searching and killing.
Furthermore, the number of the preset antivirus software can be multiple, and the storage medium can be searched and killed more comprehensively by calling the plurality of preset antivirus software simultaneously, so that the safety of the storage medium can be improved.
S206: and when the virus searching and killing process is finished, acquiring a virus searching and killing result, and generating a virus killing label file according to the virus searching and killing result.
The virus killing result is generated after the antivirus software completes virus killing, and the virus killing result comprises the antivirus software completion antivirus time, version information of the antivirus software and the like. When the antivirus software finishes virus searching and killing, the server can obtain a virus searching and killing result and generate an antivirus label file according to the virus searching and killing result. The antivirus label file is used for recording the antivirus condition of the antivirus software, and comprises antivirus time, antivirus software version information and an antivirus mark.
S208: and writing the antivirus label file into a preset hidden partition to finish virus searching and killing.
After the antivirus tag file is generated, the server writes the antivirus tag file into a preset hidden partition to complete searching and killing. The antivirus label file is written into the preset hidden partition to record the searching and killing conditions of the storage medium, so that when the storage medium is accessed into the host system, the host system can detect the safety of the storage medium according to the antivirus label file in the hidden partition, the system such as the host and the like can be ensured to be accessed only by the sterilized storage medium, and the access safety of the storage medium is improved.
The storage medium virus checking and killing method includes the steps of obtaining file data in a storage medium to be checked and killed, calculating file values of all files in the file data to obtain an initial file value list, carrying out virus checking and killing on the storage medium to be checked and killed, improving safety of the storage medium, monitoring virus checking and killing processes in real time according to the initial file value list, obtaining virus checking and killing results when the virus checking and killing processes are finished, generating virus killing label files according to the virus checking and killing results, writing the virus killing label files into preset hidden partitions, completing virus checking and killing, and accordingly enabling a host system to detect safety of the storage medium according to the virus killing label files in the hidden partitions when the storage medium is accessed into the host system, ensuring that only the virus killed storage medium can access systems such as the host and the like, and improving safety of access of the storage medium.
In one embodiment, as shown in fig. 3, before S202, the method further includes:
s302: and carrying out formatting partition on the storage medium to be searched and killed to obtain a hidden partition.
Formatting refers to an operation that initializes a disk or a partition (partition) in a disk, which typically results in the removal of all files in an existing disk or partition. Database files can be written in the hidden partition and used for storing identification information such as authentication and antivirus. For example, the server may write the identifier of the storage medium into the database file in the hidden partition after performing encryption calculation by using a preset encryption algorithm. In addition, formatted data is defined for the disinfection token and storage space is reserved in the database file.
In one embodiment, as shown in fig. 4, S202 includes:
s402: calculating the MD5 value of each file in the file data according to an MD5 message digest algorithm;
s404: an initial file value list is obtained according to the MD5 value of each file.
The MD5 message digest algorithm is a widely used cryptographic hash function that generates a 128-bit (16-byte) hash value (MD5 value) to ensure the integrity of the message transmission. A typical application of MD5 is to generate a message digest for a piece of information to prevent tampering. In particular the MD5 value of a file is like a "digital fingerprint" of this file. The MD5 value for each file is different, and if anyone makes any changes to the file, the MD5 value, i.e. the corresponding "digital fingerprint" changes. The initial file value list stores the file values of the files, and is used for comparing with the file value list of the antivirus software searched and killed file set to determine the searching and killing process of the antivirus software.
In one embodiment, as shown in fig. 5, S204 includes:
s502: monitoring the reading and writing of the antivirus software to a storage medium to be searched and killed, and acquiring a searched and killed file set of the antivirus software;
s504: calculating the file value of each searched and killed file in the searched and killed file set to obtain a file value list of the searched and killed file set;
s506: comparing the file value list of the searched and killed file set with the initial file value list;
s508: and when the comparison is consistent, determining that the virus killing software finishes virus searching and killing.
The killed file refers to a file in the storage medium which is killed by the antivirus software. The server monitors the reading and writing of the antivirus software to the to-be-searched and killed storage medium, obtains a searched and killed file set of the antivirus software, calculates the file value of each searched and killed file in the searched and killed file set according to the searched and killed file and a preset algorithm, obtains a file value list of the searched and killed file set, and the file value list of the searched and killed file set stores the file value of each searched and killed file. Because each of the killed files in the killed file set is a file in the storage medium, the virus killing process can be monitored by comparing the file value of each of the killed files in the file value list of the killed file set according to the file value of each of the files in the initial file value list. When the antivirus software finishes virus killing and the file values are uniform, the files in the storage medium to be killed are considered to be not damaged or tampered, so that the antivirus software can be determined to finish virus killing.
In one embodiment, as shown in fig. 6, S206: the method comprises the following steps:
s602: according to the virus checking and killing result, determining the virus killing time, virus killing software version information and generating a virus killed mark;
s604: and generating the antivirus label file according to the antivirus time, the antivirus software version information and the antivirus label.
The virus killing result is generated after the antivirus software completes virus killing, and the virus killing result comprises the antivirus software completion antivirus time, version information of the antivirus software and the like. When the antivirus software finishes virus killing, the server acquires a virus killing result, determines antivirus time according to the antivirus software completing antivirus time in the virus killing result, takes version information of the antivirus software as corresponding antivirus software version information, generates an antivirus label file according to the antivirus time, the antivirus software version information and the antivirus label file. When the servers call a plurality of servers simultaneously to check and kill viruses, the antivirus time refers to the time when all antivirus software completes antivirus, and the version information of the antivirus software comprises the version information of each called antivirus software.
In one embodiment, as shown in fig. 7, after S208, the method further includes:
s702: reading a preset hidden partition, and acquiring a antivirus label file from the hidden partition;
s704: and verifying the virus searching and killing result of the storage medium to be searched and killed according to the virus killing tag file.
The virus killing label file is stored in the hidden partition, and after the virus killing is completed and before the storage medium to be killed is accessed to the host system, the server verifies the virus killing result of the storage medium to be killed. Specifically, the server reads the hidden partition, acquires the antivirus tag file from the hidden partition, and verifies the virus killing result of the storage medium to be killed according to the antivirus time, the antivirus software version information and the antivirus label in the antivirus tag file.
In one embodiment, as shown in fig. 8, S704 includes:
s802: detecting whether the antivirus label file has an antivirus label or not, and determining that the virus checking and killing result is that the virus checking and killing is not passed when the antivirus label file does not have the antivirus label;
s804: when the antivirus label file has the antivirus label, acquiring antivirus software version information in the antivirus label file, comparing the antivirus software version information with preset required version information, and when the antivirus software version information is not matched with the preset required version information, determining that a virus checking and killing result is that the virus checking and killing is not passed;
s806: and when the antivirus software version information is matched with the preset required version information, calculating the time difference value between the antivirus time in the antivirus tag file and the current time, and when the time difference value is less than or equal to a preset time difference value threshold, determining that the virus checking and killing result of the storage medium to be checked and killed is that the virus checking and killing is passed.
The server verifies the virus checking and killing result of the storage medium to be checked and killed, and the virus checking and killing result comprises the steps of detecting whether a virus killing mark exists in the virus killing label file, whether the virus killing software version information conforms to the preset required version information, whether the virus killing time conforms to the requirement and the like. The preset required version information can be set according to the needs, and the antivirus software of the old version cannot comprehensively check and kill viruses possibly existing in the storage medium to be checked and killed, so the version of the antivirus software is limited. The preset time difference threshold value can be set according to needs, when the time difference value is larger than the preset time threshold value, the storage medium to be checked and killed is not checked and killed for a long time, a great risk of virus infection exists, and at the moment, the storage medium to be checked and killed needs to be checked and killed again.
It should be understood that although the various steps in the flow charts of fig. 2-8 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-8 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternating with other steps or at least some of the sub-steps or stages of other steps.
In one embodiment, as shown in fig. 9, there is provided a storage medium virus killing apparatus, including: a calculation module 902, a killing module 904, a first processing module 906, and a second processing module 908, wherein:
a calculating module 902, configured to obtain file data in a storage medium to be checked and killed, and calculate a file value of each file in the file data to obtain an initial file value list;
the searching and killing module 904 is used for searching and killing viruses of the storage medium to be searched and killed and monitoring the virus searching and killing process in real time according to the initial file value list;
the first processing module 906 is configured to, when the virus searching and killing process is finished, obtain a virus searching and killing result, and generate a virus killing tag file according to the virus searching and killing result;
the second processing module 908 is configured to write the antivirus tag file into a preset hidden partition, so as to complete virus searching and killing.
The storage medium virus checking and killing device obtains file data in a storage medium to be checked and killed, calculates file values of all files in the file data to obtain an initial file value list, performs virus checking and killing on the storage medium to be checked and killed, improves the safety of the storage medium, monitors a virus checking and killing process in real time according to the initial file value list, obtains a virus checking and killing result when the virus checking and killing process is finished, generates a virus killing label file according to the virus checking and killing result, writes the virus killing label file into a preset hidden partition, completes virus checking and killing, and accordingly enables a host system to detect the safety of the storage medium according to the virus killing label file in the hidden partition when the storage medium is accessed into the host system, ensures that only the virus killed storage medium can access systems such as the host and the like, and improves the safety of storage medium access.
In one embodiment, the storage medium virus checking and killing device further comprises a partitioning module, and the partitioning module is used for performing formatting partitioning on the storage medium to be checked and killed to obtain the hidden partition.
In one embodiment, the calculation module is further configured to calculate an MD5 value of each file in the file data according to an MD5 message digest algorithm, and obtain an initial file value list according to an MD5 value of each file.
In one embodiment, the searching and killing module is further configured to monitor reading and writing of the antivirus software on a storage medium to be searched and killed, obtain a set of searched and killed files of the antivirus software, calculate a file value of each searched and killed file in the set of searched and killed files, obtain a file value list of the set of searched and killed files, compare the file value list of the set of searched and killed files with the initial file value list, and determine that the antivirus software completes virus searching and killing when the comparison is consistent.
In one embodiment, the first processing module is further configured to determine, according to the virus checking and killing result, antivirus time, antivirus software version information, and generate an antivirus label file according to the antivirus time, the antivirus software version information, and the antivirus label file.
In one embodiment, the storage medium virus checking and killing device further comprises a verification module, wherein the verification module is used for reading a preset hidden partition, acquiring the antivirus tag file from the hidden partition, and verifying the virus checking and killing result of the storage medium to be checked and killed according to the antivirus tag file.
In one embodiment, the verification module is further configured to detect whether a disinfection flag exists in the disinfection label file, when the antivirus label file does not have the antivirus label, determining that the virus checking and killing result is that the virus does not pass the checking and killing, when the antivirus label file has the antivirus label, acquiring antivirus software version information in the antivirus label file, comparing the antivirus software version information with preset required version information, when the antivirus software version information is not matched with the preset required version information, determining that the virus checking and killing result is that the virus does not pass the checking and killing, when the antivirus software version information is matched with the preset required version information, calculating the time difference value between the antivirus time in the antivirus tag file and the current time, and when the time difference is smaller than or equal to the preset time difference threshold, determining that the virus searching and killing result of the storage medium to be searched and killed is a passing searching and killing result.
For specific limitations of the storage medium virus killing device, reference may be made to the above limitations of the storage medium virus killing method, which are not described herein again. The modules in the storage medium virus checking and killing device can be wholly or partially realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 10. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing file data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to realize a virus searching and killing method for the storage medium.
Those skilled in the art will appreciate that the architecture shown in fig. 10 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, there is provided a computer device comprising a memory storing a computer program and a processor implementing the following steps when the processor executes the computer program:
acquiring file data in a storage medium to be checked and killed, and calculating the file value of each file in the file data to obtain an initial file value list;
virus searching and killing are carried out on the storage medium to be searched and killed, and the virus searching and killing process is monitored in real time according to the initial file value list;
when the virus searching and killing process is finished, a virus searching and killing result is obtained, and a virus killing label file is generated according to the virus searching and killing result;
and writing the antivirus label file into a preset hidden partition to finish virus searching and killing.
The computer equipment for virus searching and killing of the storage medium obtains file data in the storage medium to be searched and killed, calculates file values of all files in the file data to obtain an initial file value list, performs virus searching and killing on the storage medium to be searched and killed, improves the safety of the storage medium, monitors a virus searching and killing process in real time according to the initial file value list, obtains a virus searching and killing result when the virus searching and killing process is finished, generates a virus killing tag file according to the virus searching and killing result, writes the virus killing tag file into a preset hidden partition, and completes virus searching and killing, so that when the storage medium is accessed into a host system, the host system can detect the safety of the storage medium according to the virus killing tag file in the hidden partition, ensures that only the virus killed storage medium can access systems such as the host and the like, and improves the safety of storage medium access.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
and carrying out formatting partition on the storage medium to be searched and killed to obtain a hidden partition.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
calculating the MD5 value of each file in the file data according to an MD5 message digest algorithm;
an initial file value list is obtained according to the MD5 value of each file.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
monitoring the reading and writing of the antivirus software to a storage medium to be searched and killed, and acquiring a searched and killed file set of the antivirus software;
calculating the file value of each searched and killed file in the searched and killed file set to obtain a file value list of the searched and killed file set;
comparing the file value list of the searched and killed file set with the initial file value list;
and when the comparison is consistent, determining that the virus killing software finishes virus searching and killing.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
according to the virus checking and killing result, determining the virus killing time, virus killing software version information and generating a virus killed mark;
and generating the antivirus label file according to the antivirus time, the antivirus software version information and the antivirus label.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
reading a preset hidden partition, and acquiring a antivirus label file from the hidden partition;
and verifying the virus searching and killing result of the storage medium to be searched and killed according to the virus killing tag file.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
detecting whether the antivirus label file has an antivirus label or not, and determining that the virus checking and killing result is that the virus checking and killing is not passed when the antivirus label file does not have the antivirus label;
when the antivirus label file has the antivirus label, acquiring antivirus software version information in the antivirus label file, comparing the antivirus software version information with preset required version information, and when the antivirus software version information is not matched with the preset required version information, determining that a virus checking and killing result is that the virus checking and killing is not passed;
and when the antivirus software version information is matched with the preset required version information, calculating the time difference value between the antivirus time in the antivirus tag file and the current time, and when the time difference value is less than or equal to a preset time difference value threshold, determining that the virus checking and killing result of the storage medium to be checked and killed is that the virus checking and killing is passed.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
acquiring file data in a storage medium to be checked and killed, and calculating the file value of each file in the file data to obtain an initial file value list;
virus searching and killing are carried out on the storage medium to be searched and killed, and the virus searching and killing process is monitored in real time according to the initial file value list;
when the virus searching and killing process is finished, a virus searching and killing result is obtained, and a virus killing label file is generated according to the virus searching and killing result;
and writing the antivirus label file into a preset hidden partition to finish virus searching and killing.
The storage medium virus searching and killing storage medium obtains file data in the storage medium to be searched and killed, calculates file values of files in the file data to obtain an initial file value list, performs virus searching and killing on the storage medium to be searched and killed, improves the safety of the storage medium, monitors a virus searching and killing process in real time according to the initial file value list, obtains a virus searching and killing result when the virus searching and killing process is finished, generates a virus killing tag file according to the virus searching and killing result, writes the virus killing tag file into a preset hidden partition, and completes virus searching and killing, so that when the storage medium is accessed into a host system, the host system can detect the safety of the storage medium according to the virus killing tag file in the hidden partition, ensures that only the virus killed storage medium can access systems such as a host and the like, and improves the safety of access of the storage medium.
In one embodiment, the computer program when executed by the processor further performs the steps of:
and carrying out formatting partition on the storage medium to be searched and killed to obtain a hidden partition.
In one embodiment, the computer program when executed by the processor further performs the steps of:
calculating the MD5 value of each file in the file data according to an MD5 message digest algorithm;
an initial file value list is obtained according to the MD5 value of each file.
In one embodiment, the computer program when executed by the processor further performs the steps of:
monitoring the reading and writing of the antivirus software to a storage medium to be searched and killed, and acquiring a searched and killed file set of the antivirus software;
calculating the file value of each searched and killed file in the searched and killed file set to obtain a file value list of the searched and killed file set;
comparing the file value list of the searched and killed file set with the initial file value list;
and when the comparison is consistent, determining that the virus killing software finishes virus searching and killing.
In one embodiment, the computer program when executed by the processor further performs the steps of:
according to the virus checking and killing result, determining the virus killing time, virus killing software version information and generating a virus killed mark;
and generating the antivirus label file according to the antivirus time, the antivirus software version information and the antivirus label.
In one embodiment, the computer program when executed by the processor further performs the steps of:
reading a preset hidden partition, and acquiring a antivirus label file from the hidden partition;
and verifying the virus searching and killing result of the storage medium to be searched and killed according to the virus killing tag file.
In one embodiment, the computer program when executed by the processor further performs the steps of:
detecting whether the antivirus label file has an antivirus label or not, and determining that the virus checking and killing result is that the virus checking and killing is not passed when the antivirus label file does not have the antivirus label;
when the antivirus label file has the antivirus label, acquiring antivirus software version information in the antivirus label file, comparing the antivirus software version information with preset required version information, and when the antivirus software version information is not matched with the preset required version information, determining that a virus checking and killing result is that the virus checking and killing is not passed;
and when the antivirus software version information is matched with the preset required version information, calculating the time difference value between the antivirus time in the antivirus tag file and the current time, and when the time difference value is less than or equal to a preset time difference value threshold, determining that the virus checking and killing result of the storage medium to be checked and killed is that the virus checking and killing is passed.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A storage medium virus searching and killing method, the method comprising:
acquiring file data in a storage medium to be checked and killed, and calculating file values of files in the file data to obtain an initial file value list;
virus searching and killing are carried out on the storage medium to be searched and killed, and the virus searching and killing process is monitored in real time according to the initial file value list;
when the virus searching and killing process is finished, acquiring a virus searching and killing result, and generating a virus killing label file according to the virus searching and killing result;
and writing the antivirus label file into a preset hidden partition to finish virus searching and killing.
2. The method according to claim 1, wherein before the obtaining the file data in the storage medium to be checked and killed, the method further comprises:
and carrying out formatting partition on the storage medium to be searched and killed to obtain a hidden partition.
3. The method of claim 1, wherein the calculating the file value of each file in the file data to obtain an initial file value list comprises:
calculating an MD5 value of each file in the file data according to an MD5 message digest algorithm;
and obtaining an initial file value list according to the MD5 value of each file.
4. The method of claim 1, wherein the monitoring a virus-killing process in real-time according to the initial list of file values comprises:
monitoring the reading and writing of the antivirus software to the storage medium to be checked and killed, and acquiring a checked and killed file set of the antivirus software;
calculating the file value of each searched and killed file in the searched and killed file set to obtain a file value list of the searched and killed file set;
comparing the file value list of the searched and killed file set with the initial file value list;
and when the comparison is consistent, determining that the antivirus software finishes virus searching and killing.
5. The method of claim 1, wherein generating the antivirus label file according to the virus killing result comprises:
determining antivirus time and antivirus software version information according to the virus searching and killing result, and generating an antivirus mark;
and generating an antivirus label file according to the antivirus time, the antivirus software version information and the antivirus label.
6. The method according to claim 1, wherein after writing the anti-virus tag file into a preset hidden partition and completing virus killing, the method further comprises:
reading a preset hidden partition, and acquiring the antivirus label file from the hidden partition;
and verifying the virus searching and killing result of the storage medium to be searched and killed according to the virus killing label file.
7. The method of claim 6, wherein the verifying the virus killing result of the storage medium to be killed according to the antivirus label file comprises:
detecting whether an antivirus mark exists in the antivirus label file, and determining that the virus checking and killing result is that the virus checking and killing is not passed when the antivirus mark does not exist in the antivirus label file;
when the antivirus label file has the antivirus label, acquiring antivirus software version information in the antivirus label file, comparing the antivirus software version information with preset required version information, and when the antivirus software version information is not matched with the preset required version information, determining that the virus checking and killing result is that the virus checking and killing is not passed;
and when the antivirus software version information is matched with preset required version information, calculating a time difference value between the antivirus time in the antivirus tag file and the current time, and when the time difference value is less than or equal to a preset time difference value threshold, determining that the virus killing result of the storage medium to be tested and killed is that the virus killing is passed.
8. A storage medium virus searching and killing device, the device comprising:
the calculation module is used for acquiring file data in a storage medium to be checked and killed, calculating file values of all files in the file data and obtaining an initial file value list;
the searching and killing module is used for searching and killing the viruses of the storage medium to be searched and killed and monitoring the virus searching and killing process in real time according to the initial file value list;
the first processing module is used for acquiring a virus searching and killing result when the virus searching and killing process is finished, and generating a virus killing label file according to the virus searching and killing result;
and the second processing module is used for writing the antivirus label file into a preset hidden partition to finish virus searching and killing.
9. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910832028.4A CN110674500B (en) | 2019-09-04 | 2019-09-04 | Storage medium virus searching and killing method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910832028.4A CN110674500B (en) | 2019-09-04 | 2019-09-04 | Storage medium virus searching and killing method and device, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110674500A true CN110674500A (en) | 2020-01-10 |
| CN110674500B CN110674500B (en) | 2020-09-01 |
Family
ID=69076257
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910832028.4A Active CN110674500B (en) | 2019-09-04 | 2019-09-04 | Storage medium virus searching and killing method and device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110674500B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112214765A (en) * | 2020-09-29 | 2021-01-12 | 珠海豹好玩科技有限公司 | Virus checking and killing method and device, electronic equipment and storage medium |
| CN112528287A (en) * | 2020-12-29 | 2021-03-19 | 中国南方电网有限责任公司 | Computer virus searching and killing method with participation of multiple terminals |
| CN113392435A (en) * | 2021-05-24 | 2021-09-14 | 国网湖北省电力有限公司电力科学研究院 | Intelligent substation USB interface safety management and control system and method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100541509C (en) * | 2007-12-10 | 2009-09-16 | 上海北大方正科技电脑系统有限公司 | A kind of method of scanning and killing computer virus |
| CN104050417A (en) * | 2014-07-04 | 2014-09-17 | 北京奇虎科技有限公司 | Method and device for detecting software states at mobile terminal |
| CN104899510A (en) * | 2015-05-11 | 2015-09-09 | 国网甘肃省电力公司电力科学研究院 | Virus detecting and killing method for removable storage devices |
| CN105556532A (en) * | 2013-09-27 | 2016-05-04 | 迈克菲股份有限公司 | Digital protection that travels with data |
| CN108875373A (en) * | 2017-12-29 | 2018-11-23 | 北京安天网络安全技术有限公司 | Mobile memory medium file management-control method, device, system and electronic equipment |
-
2019
- 2019-09-04 CN CN201910832028.4A patent/CN110674500B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100541509C (en) * | 2007-12-10 | 2009-09-16 | 上海北大方正科技电脑系统有限公司 | A kind of method of scanning and killing computer virus |
| CN105556532A (en) * | 2013-09-27 | 2016-05-04 | 迈克菲股份有限公司 | Digital protection that travels with data |
| CN104050417A (en) * | 2014-07-04 | 2014-09-17 | 北京奇虎科技有限公司 | Method and device for detecting software states at mobile terminal |
| CN104899510A (en) * | 2015-05-11 | 2015-09-09 | 国网甘肃省电力公司电力科学研究院 | Virus detecting and killing method for removable storage devices |
| CN108875373A (en) * | 2017-12-29 | 2018-11-23 | 北京安天网络安全技术有限公司 | Mobile memory medium file management-control method, device, system and electronic equipment |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112214765A (en) * | 2020-09-29 | 2021-01-12 | 珠海豹好玩科技有限公司 | Virus checking and killing method and device, electronic equipment and storage medium |
| CN112528287A (en) * | 2020-12-29 | 2021-03-19 | 中国南方电网有限责任公司 | Computer virus searching and killing method with participation of multiple terminals |
| CN112528287B (en) * | 2020-12-29 | 2022-03-11 | 中国南方电网有限责任公司 | Computer virus searching and killing method with participation of multiple terminals |
| CN113392435A (en) * | 2021-05-24 | 2021-09-14 | 国网湖北省电力有限公司电力科学研究院 | Intelligent substation USB interface safety management and control system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110674500B (en) | 2020-09-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110602046B (en) | Data monitoring processing method and device, computer equipment and storage medium | |
| CN110674500B (en) | Storage medium virus searching and killing method and device, computer equipment and storage medium | |
| ES2804771T3 (en) | Method and system for providing terminal identifiers | |
| US7953980B2 (en) | Signed manifest for run-time verification of software program identity and integrity | |
| US10659482B2 (en) | Robotic process automation resource insulation system | |
| US8621282B1 (en) | Crash data handling | |
| US20090172814A1 (en) | Dynamic generation of integrity manifest for run-time verification of software program | |
| CN108256322B (en) | Security testing method and device, computer equipment and storage medium | |
| JP2019003598A (en) | System and method for detecting abnormal events | |
| CN110598409B (en) | Storage medium access method and device, computer equipment and storage medium | |
| CN113472803A (en) | Vulnerability attack state detection method and device, computer equipment and storage medium | |
| US10594693B2 (en) | Electronic device identification | |
| US20220027471A1 (en) | Advanced ransomware detection | |
| KR100954356B1 (en) | Detection system for malicious program considering code protection method and method thereof | |
| CN110868405B (en) | Malicious code detection method and device, computer equipment and storage medium | |
| US11349855B1 (en) | System and method for detecting encrypted ransom-type attacks | |
| CN110135154B (en) | Injection attack detection system and method for application program | |
| WO2016173267A1 (en) | Completeness checking method and apparatus | |
| US10049113B2 (en) | File scanning method and apparatus | |
| CN116094849B (en) | Application access authentication method, device, computer equipment and storage medium | |
| CN113849859A (en) | Linux kernel modification method, terminal device and storage medium | |
| CN114257404B (en) | Abnormal external connection statistical alarm method, device, computer equipment and storage medium | |
| CN112445705B (en) | Software running system, method and device based on trusted verification and computer equipment | |
| US11791986B2 (en) | Unauthorized use detection system, information processing apparatus, computer-readable recording medium and unauthorized use detection method | |
| CN110460585B (en) | Equipment identity identification method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230802 Address after: 518000 building 501, 502, 601, 602, building D, wisdom Plaza, Qiaoxiang Road, Gaofa community, Shahe street, Nanshan District, Shenzhen City, Guangdong Province Patentee after: China Southern Power Grid Digital Platform Technology (Guangdong) Co.,Ltd. Address before: Room 1301, Chengtou building, No. 106, Fengze East Road, Nansha District, Guangzhou City, Guangdong Province Patentee before: Southern Power Grid Digital Grid Research Institute Co.,Ltd. |