Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for detecting and clearing infective virus in PE (portable executable) file

A technology for infecting viruses and executing files, which is applied in computer security devices, instruments, electronic digital data processing, etc., can solve the problems of long cycle time, difficulty in detecting and removing viruses, and achieve high efficiency and shorten the time for detecting and removing viruses The effect of simple time period, detection and removal process

Active Publication Date: 2017-01-04
BEIJING KINGSOFT SECURITY MANAGEMENT SYST TECH CO LTD
View PDF8 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of this, an object of the present invention is to propose a method for detecting and removing infectious viruses in portable executable files, to solve the problem of detecting and removing infectious viruses in existing portable executable files. And the difficulty of removing the virus, the problem of a long cycle

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting and clearing infective virus in PE (portable executable) file
  • Method and device for detecting and clearing infective virus in PE (portable executable) file

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] The following description and drawings illustrate specific embodiments of the invention sufficiently to enable those skilled in the art to practice them. The examples merely represent possible variations. Individual components and functions are optional unless explicitly required, and the order of operations may vary. Portions and features of some embodiments may be included in or substituted for those of other embodiments. The scope of embodiments of the present invention includes the full scope of the claims, and all available equivalents of the claims. These embodiments of the present invention may be referred to herein, individually or collectively, by the term "invention", which is for convenience only and is not intended to automatically limit the application if in fact more than one invention is disclosed The scope is any individual invention or inventive concept.

[0023] Now illustrate in conjunction with accompanying drawing, figure 1 Shown is a flow chart...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a device for detecting and clearing an infective virus in a PE (portable executable) file. The method comprises the following steps of judging whether an PE file head of a target PE file contains a preset feature which is suspected to infect with the infective virus or not; when the PE file head of the target PE file contains the preset feature, preprocessing the target PE file; executing the corresponding file in a debug type, and setting an int3 breakpoint at an entrance point of the corresponding file; when the file is executed to the entrance point, if an invalid API (application program interface) call is detected, removing the call; processing a debug event, and finishing the executing process until the abnormal condition occurs and the debug event cannot be processed; matching the content of a final valid byte in the PE structure of the target PE file in a current memory and the virus feature of a preset virus base; according to the matching result, determining whether the target PE file is infected with the infectious virus or not, and clearing the virus of the target PE file infected with the infective virus. The method has the advantage the virus defection efficiency is improved.

Description

technical field [0001] The invention belongs to the technical field of safety defense, and in particular relates to a method and a device for detecting and removing infectious viruses in portable executable files. Background technique [0002] Usually, when an infectious virus infects a normal portable executable PE (Portable Executable, PE) file, the codes implanted in different PE files may be different, and the shape is changeable, and when the infectious virus infects a PE file, Usually a section of code at the entry point of the original PE file is overwritten, and the overwritten code at the entry point of the original PE file is encrypted and stored in the infected PE file. In this way, on the one hand, the infected virus When an infected PE file is executed, the encrypted code needs to be decrypted first, which makes it difficult for traditional signature-based scanning and killing techniques to extract general signatures for this type of infected virus. On the othe...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/566G06F21/568
Inventor 颜华甲秦伟杰
Owner BEIJING KINGSOFT SECURITY MANAGEMENT SYST TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com