Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Virus precaution method and device

A virus and configuration file technology, applied in the network field, can solve problems such as the inability to quickly and effectively remove viruses, achieve the effect of improving efficiency and accuracy, and eliminating tedious operations

Active Publication Date: 2008-12-03
CHENGDU HUAWEI TECH
View PDF0 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In summary, the inventors have found that the above-mentioned prior art has at least the following common disadvantages: the virus cannot be removed quickly and effectively.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Virus precaution method and device
  • Virus precaution method and device
  • Virus precaution method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0027] figure 1 A schematic flow chart of Embodiment 1 of the virus prevention method provided by the present invention, the method includes:

[0028] S101. Detecting a network connection request message sent by the client, where the request message includes a first network address for which the client requests to connect;

[0029] For a virus program with an automatic update download mechanism, when the virus is running, it will trigger the client to automatically connect to the network resource preset by the virus program with a certain strategy (such as regular automatic detection of updates) to download the updated version or new variant of the virus . The client will try to connect to the default network address. According to the provisions of the network protocol, a network connection request must be sent, and the request includes the first network address.

[0030] S102. Determine whether the first network address is a network address used by viruses to update data; ...

Embodiment 2

[0037] This embodiment mainly introduces the specific application embodiment of step S103. Steps S101 and S102 can be implemented by conventional means in the field, and will not be repeated here. The following takes a virus Trojan-Downloader.Win32.QQHelper.ws as an example to introduce how to automatically clear the virus by configuring network parameters. According to the name, this virus is a Trojan horse downloader. After analysis, the behavioral characteristics of the virus include the content between the dotted lines as shown below:

[0038] -------------------------------------------------- ----------------------

[0039] (The number 70204 below may vary with different hosts)

[0040] Attempts to download the following four files in random order

[0041] http: / / install1.ring520.org / kkkk / mminstall.exe? queryid=70204

[0042] http: / / install2.ring520.org / kkkk / mminstall.exe? queryid=70204

[0043] http: / / install3.ring520.org / kkkk / mminstall.exe? queryid=70204

[004...

Embodiment 3

[0059] Taking the virus Trojan-Downloader.Win32.QQHelper.vn as an example, it introduces how to automatically clear the virus by configuring network parameters.

[0060] Behavioral characteristics of the virus include:

[0061] (1) First download the following configuration file:

[0062] http: / / up.bizmd.cn / software / update.txt

[0063] (2) Determine the next download content according to the content in the file subsequently, and the author of the virus can completely control the downloading behavior of the downloader by controlling and updating the content of this file. For example, at a certain stage, the content of the file looks like this between the dotted lines:

[0064] -------------------------------------------------- ----------------------

[0065] [PlugList]

[0066] Url=http: / / up.bizmd.cn / software / pluglist.xml

[0067] [Download]

[0068] Ver=42

[0069] Key=2

[0070] ic=1

[0071] URL=http: / / up.bizmd.cn / software / netdde32.exe, 0, 2, W, NULL

[0072] Ocx=...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a virus prevention method and a device, the method includes detecting a network connection request message transmitted from a client, the request message includes a first network address requested by the client for connection; judging if the first network address is utilized as the network address by the virus for updating data; if so, setting the network parameters to lead the client to be connected to a second network address, a server corresponding to the second network address stores a program for killing the virus. The virus prevention method provided by the embodiment utilizes the automatic updating mechanism of the virus to lead the virus to download virus-killing software during the automatic updating of the virus by setting the network parameters, thereby, the trouble of finding virus-killing programs by the customer can be saved, and at the same time, the efficiency and accuracy of the virus-killing software can be improved considerably.

Description

technical field [0001] The invention relates to the field of network technology, in particular to a virus prevention method and device. Background technique [0002] With the development of network technology, there have been many viruses that have invaded computers in various forms and violated the interests of computer users. Virus types include worms (worm), downloaders (downloaders), malicious software or codes (malware), and the like. Among them, worms generally refer to viruses that have network replication capabilities and can automatically spread through the network. At present, quite a few viruses belong to this category. Downloader, software with a download function, specifically refers to a type of virus classification in this article, which can connect to a preset specific server regularly or with a certain strategy, download malware and start execution. Malicious code or malicious software, software and codes that secretly or forcibly run on a computer and har...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L9/36H04L29/06G06F21/00G06F21/56
Inventor 李君生
Owner CHENGDU HUAWEI TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com