Method and system for preventing computer virus from frequently infecting systems

Abstract

The invention belongs to the technical field of computer defense, in particular relates to a method and a system for preventing computer virus from frequently infecting systems. The method comprises the following steps of: scanning and deleting the spite model of the computer virus in a computer, and then recording the information of the deleted spite model; generating an interception object list according to the information of the deleted spite model and transmitting the interception object list to a kernel driver; and adopting the kernel driver to prevent other programs from secondly building the spite model which is recorded in the deleted model. The model corresponding to the system of the invention comprises a virus scanning, deleting and recording model, an interception list generation model and a generation interception model of the spite model. The invention can effectively delete the spite virus which has generation capability; at the same time, for enterprise-level servers, the invention can effectively delete the damage of the virus under the condition that the system is not restarted so as to ensure the safety of data and service.

Description

technical field [0001] The invention belongs to the technical field of computer defense, and in particular relates to a method and a system for preventing computer viruses from repeatedly infecting a system. Background technique [0002] A computer virus is a set of computer instructions or program codes compiled or inserted into a computer program that destroys computer functions or data, affects computer use, and is capable of self-replication. It is destructive, replicable and infectious. It has always been an important topic in the field of computer security. With the development of anti-virus technology, computer viruses have also developed various techniques to fight against anti-virus products. Among them, an important method against anti-virus products is to inject malicious codes into important processes of the system, and this part of codes is executed in the system process space. [0003] The so-called process refers to an application program running in memory, a...

AI Technical Summary

Problems solved by technology

[0004] If a computer virus injects malicious code into an important process of the system, it is difficult to remove it from the memory safely and reliably, because closing the system process will directly affect the normal operation of the system

Since it is difficult to safely and reliably remove its malicious code from the memory, the current countermeasure of anti-virus products is to first remove other malicious modules corresponding to the virus, including files, registry and malicious processes, etc., and then restart the system to achieve the final removal of the virus the goal of

[0005] But the effectiveness of this removal strategy is very poor, the main reason is: computer viruses can often monitor other malicious modules through the malicious code injected into the system process, when other virus modules are found to be removed, these modules and modules will be released again. process, thereby achieving the ability to regenerate

Moreover, for enterprise users, the restart of some important servers will cause serious business interruption, so a more effective cleaning method is urgently needed

Images