CN105653953B - A kind of checking and killing virus method and device - Google Patents
A kind of checking and killing virus method and device Download PDFInfo
- Publication number
- CN105653953B CN105653953B CN201510983364.0A CN201510983364A CN105653953B CN 105653953 B CN105653953 B CN 105653953B CN 201510983364 A CN201510983364 A CN 201510983364A CN 105653953 B CN105653953 B CN 105653953B
- Authority
- CN
- China
- Prior art keywords
- virus
- file
- information
- lua script
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 241000700605 Viruses Species 0.000 title claims abstract description 443
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000013515 script Methods 0.000 claims abstract description 352
- 230000006870 function Effects 0.000 claims description 181
- 238000012217 deletion Methods 0.000 claims description 18
- 230000037430 deletion Effects 0.000 claims description 18
- 238000012545 processing Methods 0.000 claims description 13
- 230000003612 virological effect Effects 0.000 abstract 2
- 230000000644 propagated effect Effects 0.000 abstract 1
- 238000010586 diagram Methods 0.000 description 12
- 238000004891 communication Methods 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 6
- 230000007123 defense Effects 0.000 description 5
- 238000004422 calculation algorithm Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/564—Static detection by virus signature recognition
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/568—Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Virology (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a kind of checking and killing virus methods, comprising: receives the LUA script for killing target viral that server issues;By calling the power function corresponding with the LUA script registered in the LUA script engine built in advance to run the LUA script, to carry out killing to the target viral.The embodiment of the invention also discloses a kind of checking and killing virus devices.Using the embodiment of the present invention, propagated when being able to solve appearance virus it is very fast and the problem of terminal can not be protected in time.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a virus searching and killing method and device.
Background
With the development of internet technology, more and more functions can be realized on a terminal, and meanwhile, the security threat faced by the terminal is also greater and greater. If the terminal faces the novel virus, the virus searching and killing client of the terminal can not timely search and kill the virus, and the virus can not be cleared in time, so that the virus is rapidly spread, and the terminal can not be protected in time.
Disclosure of Invention
The technical problem to be solved by the embodiments of the present invention is to provide a method and an apparatus for searching and killing viruses, which are used to solve the problem that a terminal cannot be protected in time because the viruses are spread quickly when the viruses appear.
In order to solve the above technical problem, an embodiment of the present invention provides a virus searching and killing method, including:
receiving an LUA script which is issued by a server and used for searching and killing a target virus;
and operating the LUA script by calling a function which is registered in a preset LUA script engine and corresponds to the LUA script so as to check and kill the target virus.
Optionally, before receiving the LUA script issued by the server for searching and killing the target virus, the method further includes:
when a target virus is detected, acquiring information of the target virus;
and sending the information of the target virus to a server so that the server generates an LUA script for searching and killing the target virus according to the information of the target virus.
Optionally, the LUA script engine is registered with function functions, where the function functions include any one or more of a file deletion function, a file creation function, a file time obtaining function, a function for determining whether a file exists, and a key value obtaining function of a registry.
Optionally, a function for judging whether a file exists or not and a file deletion function are registered in the LUA script engine; the operating the LUA script by calling a function which is registered in a pre-established LUA script engine and corresponds to the LUA script so as to check and kill the target virus comprises the following steps:
analyzing the LUA script to obtain target file information included by the LUA script, wherein the target file information includes a file path and a file name of a file carrying the target virus;
calling the function for judging whether the file exists to determine whether the file corresponding to the target file information exists;
and if so, calling the file deleting function to delete the file corresponding to the target file information.
Optionally, the LUA script includes a plurality of script files; the method for operating the LUA script by calling the functional function which is registered in the pre-established LUA script engine and corresponds to the LUA script comprises the following steps:
analyzing the LUA script to obtain a plurality of script files included by the LUA script;
and when the plurality of script files are operated, the script files are operated by calling the function which is registered in the preset LUA script engine and corresponds to each script file.
Optionally, when a target virus is detected, acquiring information of the target virus includes:
when a virus is detected, acquiring information of the virus;
detecting whether the information of the viruses is matched with the information of the viruses in a preset virus library, wherein the preset virus library comprises information of at least one virus associated with a virus searching and killing file;
and if the information of the virus is not matched with the virus information in the preset virus library, taking the virus as a target virus and taking the information of the virus as the information of the target virus.
Correspondingly, the embodiment of the invention also provides a virus searching and killing method, which comprises the following steps:
receiving information of a target virus needing to be searched and killed, which is sent by a client, wherein the information of the target virus is obtained when the client detects the target virus;
generating an LUA script for searching and killing the target virus according to the information of the target virus;
and sending the LUA script to the client so that the client runs the LUA script through a pre-established LUA script engine to check and kill the target virus.
Correspondingly, the embodiment of the invention also provides a virus searching and killing device, which comprises:
the receiving module is used for receiving the LUA script which is sent by the server and used for searching and killing the target virus;
and the processing module is used for operating the LUA script by calling a functional function which is registered in a pre-established LUA script engine and corresponds to the LUA script so as to check and kill the target virus.
Optionally, the apparatus further comprises:
the information acquisition module is used for acquiring the information of the target virus when the target virus is detected;
and the sending module is used for sending the information of the target virus acquired by the information acquisition module to a server so that the server generates an LUA script for killing the target virus according to the information of the target virus.
Optionally, the LUA script engine is registered with function functions, where the function functions include any one or more of a file deletion function, a file creation function, a file time obtaining function, a function for determining whether a file exists, and a key value obtaining function of a registry.
Optionally, a function for judging whether a file exists or not and a file deletion function are registered in the LUA script engine; the processing module comprises:
the analysis unit is used for analyzing the LUA script to obtain target file information included by the LUA script, wherein the target file information includes a file path and a file name of a file carrying the target virus;
the function calling unit is used for calling the function for judging whether the file exists to determine whether the file corresponding to the target file information exists;
the function calling unit is further configured to call the file deleting function to delete the file corresponding to the target file information when the file corresponding to the target file information exists.
Optionally, the LUA script includes a plurality of script files; the processing module is specifically configured to:
analyzing the LUA script to obtain a plurality of script files included by the LUA script;
and when the plurality of script files are operated, the script files are operated by calling the function corresponding to each script file registered in the preset LUA script engine so as to check and kill the target viruses.
Optionally, the information obtaining module includes:
the acquisition unit is used for acquiring the information of the virus when the virus is detected;
the matching unit is used for detecting whether the information of the viruses is matched with the information of the viruses in a preset virus library, and the preset virus library comprises at least one virus information associated with a virus searching and killing file;
and the determining unit is used for taking the virus as a target virus and taking the information of the virus as the information of the target virus when the matching unit detects that the information of the virus is not matched with the information of the virus in the preset virus library.
Correspondingly, the embodiment of the invention also provides a virus searching and killing device, which comprises:
the system comprises an information receiving module, a virus searching module and a virus searching module, wherein the information receiving module is used for receiving information of a target virus needing to be searched and killed, which is sent by a client, and the information of the target virus is obtained when the client detects the target virus;
the script generating module is used for generating an LUA script for searching and killing the target virus according to the information of the target virus received by the information receiving module;
and the information sending module is used for sending the LUA script to the client so that the client runs the LUA script through a pre-established LUA script engine to check and kill the target virus.
The embodiment of the invention has the following beneficial effects:
in the embodiment of the invention, the LUA script which is issued by the server and used for searching and killing the target virus can be received, and the LUA script can be operated by calling the functional function which is registered in the pre-established LUA script engine and corresponds to the LUA script, so that the target virus can be quickly searched and killed, namely, the flexible expansion and customization functions of virus searching and killing can be realized by the LUA script engine technology, thus various expansion requirements of the client on defense can be emergently processed, and the problem that the terminal cannot be protected in time due to the fact that the client is fast in propagation when the virus appears is solved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic flow chart of a virus searching and killing method according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart of another virus searching and killing method according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart of another virus searching and killing method according to an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of a virus searching and killing apparatus according to an embodiment of the present invention;
FIG. 5 is a schematic structural diagram of another virus searching and killing apparatus according to an embodiment of the present invention;
FIG. 6 is a schematic structural diagram of another virus searching and killing apparatus according to an embodiment of the present invention;
FIG. 7 is a schematic structural diagram of a virus searching and killing system according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a terminal device according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of a server according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention discloses a virus checking and killing method, a device and a system, which can solve the problem that a terminal cannot be protected in time because the virus is spread quickly when the virus appears. The details are described below.
Referring to fig. 1, fig. 1 is a schematic flow chart of a virus searching and killing method according to an embodiment of the present invention. Specifically, as shown in fig. 1, the virus searching and killing method according to the embodiment of the present invention may include the following steps:
101. and receiving the LUA script which is sent by the server and used for searching and killing the target virus.
It should be understood that the method according to the embodiment of the present invention may be specifically applied to terminal Devices, such as terminal Devices configured with a virus killing client, such as smart phones (e.g., Android phones, iOS phones, etc.), tablet computers, Mobile Internet Devices (MID), personal computers, etc., and the embodiment of the present invention is not limited thereto. Therefore, virus of the terminal equipment is searched and killed.
It should be noted that the LUA script is a small script language, and is written by the LUA script language, and the design purpose of the LUA script is to embed in an application program, so as to provide flexible extension and customized functions for the application program. Thus, the virus killing function can be flexibly expanded and customized by the LUA script by embedding the LUA script into a virus killing client (hereinafter referred to as a "client") in the terminal device.
Specifically, the LUA script may be compiled by a script designer on the server side according to collected virus information, such as information of a currently-occurring novel virus, and issued to the client through the server, or may be generated by the server according to virus information reported by the client and according to a preset template or rule, and sent to the client. The virus information may include, but is not limited to, a file name, a file path, a file digital signature of a registry key causing the virus, a registry key initiating a virus file, and the like. The target virus is an object to be cleared by the issued LUA script, such as a new virus currently appearing.
102. And operating the LUA script by calling a function which is registered in a preset LUA script engine and corresponds to the LUA script so as to check and kill the target virus.
In a specific embodiment, a LUA script engine is pre-built in a client, and various function functions are registered in the LUA script engine, including a file deletion function, a file creation function, a file time acquisition function, a function for judging whether a file exists, a key value acquisition function of a registry, and the like. After the client receives the LUA script issued by the server, the LUA script may call a function registered in the LUA script engine to implement a specific extended function, so as to perform virus killing, for example, delete a specific file (e.g., a registry entry causing a virus).
In the embodiment of the invention, the LUA script which is issued by the server and used for searching and killing the target virus can be received, and the functional function which is registered in the pre-established LUA script engine and corresponds to the LUA script is called to run the LUA script, so that the target virus can be quickly searched and killed, namely, the flexible expansion and customization functions of virus searching and killing can be realized through the LUA script engine technology, various expansion requirements of the client on defense can be emergently processed, and the problem that the client cannot be protected in time due to the fact that the client is fast to transmit when the virus appears is solved.
Further, referring to fig. 2, fig. 2 is a schematic flow chart of another virus searching and killing method according to an embodiment of the present invention. Specifically, as shown in fig. 2, the virus searching and killing method according to the embodiment of the present invention may include the following steps:
201. and building an LUA script engine.
Specifically, the LUA script engine may be implemented by writing a C + + code, and may implement a function by calling any function name of the LUA native code function luaL _ register registry, where the function registered by the LUA script engine includes function functions of deleting a file, creating a file, obtaining a file time, determining whether a file exists, obtaining a key value of the registry, and the like, and the embodiment of the present invention is not limited. For example, assume that the LUA script engine registers and implements the following functions:
KLENGINE_API_DECLARE(KFile,DeleteFile)
KLENGINE_API_DECLARE(KFile,CreateFile)
KLENGINE_API_DECLARE(KFile,CalcFileSign)
KLENGINE_API_DECLARE(KFile,GetSpecialExtFileList)
KLENGINE_API_DECLARE(KFile,GetFileTime)
KLENGINE_API_DECLARE(KFile,IsShadeAttribute)
KLENGINE_API_DECLARE(KFile,GetPrivateProfileString)
KLENGINE_API_DECLARE(KFile,GetPrivateProfileSection)
KLENGINE_API_DECLARE(KFile,GetFileVersionInfo)
KLENGINE_API_DECLARE(KFile,IsExist)
KLENGINE_API_DECLARE(KReg,GetKeyValue)
KLENGINE_API_DECLARE(KReg,ParseRegFileList)
KLENGINE_API_DECLARE(KReg,GetKeyValueName)
KLENGINE_API_DECLARE(KReg,GetClsidNameString)
KLENGINE_API_DECLARE(KReg,GetPendingFileList)
KLENGINE_API_DECLARE(KReg,GetPendingFileListEx)
KLENGINE_API_DECLARE(KReg,GetServiceName)
KLENGINE_API_DECLARE(KReg,IsKeyExist)
KLENGINE_API_DECLARE(KReg,SetLiebaoUninstalTime)
KLENGINE_API_DECLARE(KReg,GetDefaultIeSE)
KLENGINE_API_DECLARE(KReg,ParseIeSE)
KLENGINE_API_DECLARE(KEng,LogMsg)
KLENGINE_API_DECLARE(KEng,ScanFileSyn)
KLENGINE_API_DECLARE(KEng,ScanFileAsyn)
KLENGINE_API_DECLARE(KEng,DeleteVirus)
KLENGINE_API_DECLARE(KEng,KillVirus)
KLENGINE_API_DECLARE(KEng,OnFindVirus)
KLENGINE_API_DECLARE(KEng,AddToSecondProc)
KLENGINE_API_DECLARE(KEng,AddToAsynProc)
KLENGINE_API_DECLARE(KEng,IsNeedTip)
KLENGINE_API_DECLARE(KEng,QueryURLSecurityInfo)
KLENGINE_API_DECLARE(KEng,QueayIEWhiteUrl)
KLENGINE_API_DECLARE(KEng,AddRiskFile)
202. and when the target virus is detected, acquiring the information of the target virus.
The acquired information of the target virus (hereinafter referred to as "virus information") may include information of a file in which the virus is detected, such as a file name, a file path, a file digital signature of a registry key in which the virus is caused, a registry start key of a start key virus file, and the like.
203. And sending the information of the target virus to a server so that the server generates an LUA script for searching and killing the target virus according to the information of the target virus.
Optionally, when the target virus is detected, the obtaining of the information of the target virus may specifically be: when a virus is detected, acquiring information of the virus; detecting whether the information of the viruses is matched with the information of the viruses in a preset virus library, wherein the preset virus library comprises information of at least one virus associated with a virus searching and killing file; and if the information of the virus is not matched with the virus information in the preset virus library, taking the virus as a target virus and taking the information of the virus as the information of the target virus.
In a specific embodiment, the client may be configured with a virus library including a plurality of virus information in advance, where each kind of virus information is associated with a file for searching and killing a virus corresponding to the virus information, that is, a virus searching and killing file. Therefore, when the virus information is obtained, virus checking and killing can be carried out through whether the virus information is matched with virus information in a preset virus library. Specifically, when the detected virus information is matched with the virus information of any virus in the virus library, the virus searching and killing file associated with the matched virus information is directly called to search and kill the virus; when the detected virus information is not matched with the virus information in the virus library, for example, a client cannot search and kill a novel virus, the virus can be used as a target virus, information of the target virus, such as a file path and a file name of a registry entry causing the virus, is obtained, and the information of the target virus is uploaded to a server. The server may generate a LUA script according to the information of the target virus, such as the LUA script for instructing to delete the registry key causing the virus, and send the LUA script to each client.
204. And receiving the LUA script issued by the server.
205. And operating the LUA script by calling a function which is registered in a preset LUA script engine and corresponds to the LUA script so as to check and kill the target virus.
In a specific embodiment, when receiving the LUA script sent by the server, the client may run the received LUA script through a pre-established LUA script engine, and specifically, run the LUA script by calling a function corresponding to the LUA script registered in the LUA script engine, so as to timely and effectively check and kill the target virus, such as a novel virus, and quickly clear the virus. Wherein the LUA script includes data that needs to be executed by a function registered in the LUA script engine.
Optionally, the LUA script may include a plurality of script files; the running of the LUA script by calling a function corresponding to the LUA script registered in a pre-established LUA script engine may specifically be: analyzing the LUA script to obtain a plurality of script files included by the LUA script; and when the plurality of script files are operated, the script files are operated by calling the function which is registered in the preset LUA script engine and corresponds to each script file. Specifically, the LUA script may be sent to the client after the server encrypts a plurality of LUA script files (script files for short), where the plurality of script files may be respectively used to kill different viruses, such as virus files located at different positions. After receiving the LUA script returned by the server, the client side can decrypt the LUA script to obtain the multiple script files, and respectively run the multiple script files to perform virus checking and killing. When any script file in the plurality of script files is run, the script file can be run by calling the function which is registered in the LUA script engine and corresponds to the script file, so as to kill the virus corresponding to the script file. Further, the running time of the LUA script, such as running the plurality of script files every 24 hours, may be set to ensure effective protection of the terminal. The encryption may be performed by encrypting the LUA script through a preset encryption algorithm or key, where the encryption algorithm or key may be determined by the client and the server through pre-negotiation.
For example, assuming that the LUA script received by the client is luarp, the virus killing client is configured to execute the luarp once a day, and when executing the luarp, the luarp needs to be decrypted into a plurality of LUA files, such as the luarp. The a.lua script file may be executed by calling luaL _ profile (lua _ state, "a.lua") for the decrypted a.lua, and the b.lua script file may be executed by calling luaL _ profile (lua _ state, "b.lua") for the decrypted b.lua. That is, after the luarp is issued to the client, the LUA script engine can execute the a.lua and b.lua files once a day to clear viruses, thereby realizing effective protection of the terminal.
Further optionally, it is assumed that a function for determining whether a file exists and a file deletion function are indicated in the LUA script issued by the server, and the function for determining whether the file exists and the file deletion function are registered in the LUA script engine; the LUA script is operated by calling a function corresponding to the LUA script registered in a pre-established LUA script engine to check and kill the target virus, which may specifically be: analyzing the LUA script to obtain target file information included by the LUA script, wherein the target file information includes a file path and a file name of a file carrying the target virus; calling the function for judging whether the file exists to determine whether the file corresponding to the target file information exists; and if so, calling the file deleting function to delete the file corresponding to the target file information.
For example, functions of function KFile. The client can operate the LUA script by calling the KFile. The LUA script can call functions as long as the LUA script engine implements the functions.
Referring to fig. 3, fig. 3 is a schematic flow chart of another virus searching and killing method according to an embodiment of the present invention. Specifically, the virus searching and killing method according to the embodiment of the present invention may be specifically applied to the server described above, and as shown in fig. 3, the virus searching and killing method according to the embodiment of the present invention may include the following steps:
301. and receiving the information of the target virus needing to be killed, which is sent by the client.
Specifically, the information of the target virus may be obtained by the client when the client detects the target virus.
302. And generating an LUA script for killing the target virus according to the information of the target virus.
Specifically, the LUA script is written by the LUA script language, and after the LUA script engine is built on a client, the flexible expansion and customization functions of virus checking and killing can be realized by writing LUA script codes.
303. And sending the LUA script to a client so that the client runs the LUA script through a pre-established LUA script engine to check and kill the target virus.
Further optionally, after generating the LUA script file according to the virus information, if a plurality of LUA script files (referred to as script files for short) are included, the server may further encrypt the plurality of LUA script files into one LUA script, for example, into a luarp. And because the writing of the LUA script is light, the emergency requirement of various virus killing can be quickly realized.
For example, functions of KFile. IsExist, KFile. DeleteFile and the like are realized in an LUA script engine built by a client, and the information of the target virus indicates that the file name of the registry key causing the virus is 'abc' and the file path is C: \. The server may generate an LUA script for deleting the registry key according to the virus information and issue the LUA script to each client installed in each terminal, and the LUA script may directly call the functions to implement a specific extended function. Specifically, after receiving the LUA script issued by the server, the client can call the KFile. Further, the server may generate other LUA scripts to implement more functions, such as registry creation deletion, etc., which the LUA script can call as long as the client LUA script engine registers and implements the relevant function.
In the embodiment of the invention, the client can acquire the information of the virus when detecting the virus and send the virus information to the server, so that the server generates the LUA script for searching and killing the virus according to the virus information and sends the LUA script to each client. After the client receives the LUA script issued by the server, the LUA script can be operated through the LUA script engine built in advance, so that the virus can be quickly checked and killed, flexible expansion and customization functions of virus checking and killing can be realized through the LUA script engine technology, various expansion requirements of the client on defense can be met through emergency treatment, and the problem that the client can not timely protect the terminal due to the fact that the client can not check and kill the virus such as a novel virus can be quickly spread is solved.
Referring to fig. 4, fig. 4 is a schematic structural diagram of a virus searching and killing apparatus according to an embodiment of the present invention. Specifically, as shown in fig. 4, the virus killing apparatus according to the embodiment of the present invention may include a receiving module 11 and a processing module 12. Wherein,
the receiving module 11 is configured to receive an LUA script issued by a server and used for searching and killing a target virus.
It should be understood that the apparatus according to the embodiment of the present invention may be specifically disposed in a terminal device, such as a terminal device configured with a virus killing client, such as a smart phone (e.g., an Android phone, an iOS phone, etc.), a tablet computer, a Mobile Internet Device (MID), a personal computer, etc., and the embodiment of the present invention is not limited thereto. Therefore, virus of the terminal equipment is searched and killed.
Specifically, the LUA script may be compiled by a script designer on the server side according to collected virus information, such as information of a currently-occurring novel virus, and issued to the client through the server, or may be generated by the server according to virus information reported by the client and according to a preset template or rule, and sent to the client. The virus information may include, but is not limited to, a file name, a file path, a file digital signature of a registry key causing the virus, a registry key initiating a virus file, and the like. The target virus is an object to be cleared by the issued LUA script, such as a new virus currently appearing.
The processing module 12 is configured to invoke a function corresponding to the LUA script registered in a pre-established LUA script engine to run the LUA script, so as to kill the target virus.
In a specific embodiment, a LUA script engine is pre-built in a client, and various function functions are registered in the LUA script engine, including a file deletion function, a file creation function, a file time acquisition function, a function for judging whether a file exists, a key value acquisition function of a registry, and the like. After the receiving module 11 receives the LUA script issued by the server, the processing module 12 may call a function corresponding to the LUA script registered in the LUA script engine to implement a specific extended function, so as to perform virus checking and killing, for example, a registry entry for triggering a virus.
In the embodiment of the invention, the LUA script which is issued by the server and used for searching and killing the target virus can be received, and the functional function which is registered in the pre-established LUA script engine and corresponds to the LUA script is called to run the LUA script, so that the target virus can be quickly searched and killed, namely, the flexible expansion and customization functions of virus searching and killing can be realized through the LUA script engine technology, various expansion requirements of the client on defense can be emergently processed, and the problem that the client cannot be protected in time due to the fact that the client is fast to transmit when the virus appears is solved.
Further, please refer to fig. 5, fig. 5 is a schematic structural diagram of another virus searching and killing apparatus according to an embodiment of the present invention. Specifically, as shown in fig. 5, the apparatus according to the embodiment of the present invention may include the receiving module 11 and the processing module 12 of the virus searching and killing apparatus in the embodiment corresponding to fig. 4, which are not described herein again. Further, in the embodiment of the present invention, the apparatus may further include:
the information obtaining module 13 is configured to obtain information of the target virus when the target virus is detected.
The acquired information of the target virus (hereinafter referred to as "virus information") may include information of a file in which the virus is detected, such as a file name, a file path, a file digital signature of a registry key in which the virus is caused, a registry start key of a start key virus file, and the like.
A sending module 14, configured to send the information of the target virus acquired by the information acquiring module 13 to a server, so that the server generates an LUA script for killing the target virus according to the information of the target virus.
After the sending module 14 sends the information of the target virus to the server, the receiving module 11 may also be notified to prepare to receive the LUA script returned by the server for the information of the target virus.
Optionally, in an embodiment of the present invention, the information obtaining module 13 may include (not shown in the figure):
an obtaining unit 131, configured to obtain information of a virus when the virus is detected;
the matching unit 132 is configured to detect whether the information of the virus matches virus information in a preset virus library, where the preset virus library includes information of at least one virus associated with a virus searching and killing file;
a determining unit 133, configured to, when the matching unit 132 detects that the information of the virus does not match with the virus information in the preset virus library, take the virus as a target virus, and take the information of the virus as the information of the target virus.
In a specific embodiment, the client may be configured with a virus library including a plurality of virus information in advance, where each kind of virus information is associated with a file for searching and killing a virus corresponding to the virus information, that is, a virus searching and killing file. Therefore, when the obtaining unit 131 obtains the virus information, the matching unit 132 may detect whether the virus information matches with virus information in a preset virus library, and the determining unit 133 may directly call a virus killing file associated with the matched virus information to perform virus killing when the virus information detected by the matching unit 132 matches with virus information of any virus in the virus library; when the virus information detected by the matching unit 132 is not matched with the virus information in the virus library, for example, when the client cannot search and kill a new virus, the determining unit 133 may use the virus as a target virus, and obtain information of the target virus, such as a file path and a file name of a registry entry causing the virus, and upload the information of the target virus to the server through the sending module 14. Therefore, the server can generate a LUA script according to the information of the target virus, such as the LUA script for instructing to delete the registry key causing the virus, and send the LUA script to each client to check and kill the target virus.
Optionally, in this embodiment of the present invention, the LUA script may include a plurality of script files; the processing module 12 may be used in particular (not shown):
analyzing the LUA script to obtain a plurality of script files included by the LUA script;
and when the plurality of script files are operated, the script files are operated by calling the function corresponding to each script file registered in the preset LUA script engine so as to check and kill the target viruses.
Specifically, the LUA script may be sent to the client after the server encrypts a plurality of LUA script files (script files for short), where the plurality of script files may be used to kill different viruses or virus files in different locations, respectively. After the receiving module 11 receives the LUA script returned by the server, the processing module 12 may decrypt the LUA script to obtain the plurality of script files, so as to run the plurality of script files respectively for virus killing. When any script file in the plurality of script files is operated, the script file can be operated by calling the function registered in the LUA script engine and corresponding to the script file, so as to kill the virus corresponding to the script file. The encryption may be performed by encrypting the LUA script through a preset encryption algorithm or key, where the encryption algorithm or key may be determined by the client and the server through pre-negotiation.
Further optionally, a function for judging whether a file exists or not and a file deletion function are registered in the LUA script engine; the processing module 12 may include:
an analyzing unit 121, configured to analyze the LUA script to obtain target file information included in the LUA script, where the target file information includes a file path and a file name of a file carrying the target virus;
a function calling unit 122, configured to call the function for determining whether the file exists, to determine whether the file corresponding to the target file information exists;
the function calling unit 122 is further configured to call the file deleting function to delete the file corresponding to the target file information when the file corresponding to the target file information exists.
For example, assume that functions of function kfile. When a certain LUA script file needs to be run, if the parsing unit 121 parses to obtain that the name of the registry file indicating that the virus is caused in the LUA script issued by the server is "abc" and the file path is C: \ abc.txt, the function calling unit 122 can judge whether the C: -abc.txt file exists by calling the kfile. As long as the LUA script engine implements the relevant function functions, the function call unit 122 may call the function functions to implement the corresponding functions.
Further, please refer to fig. 6, fig. 6 is a schematic structural diagram of another virus searching and killing apparatus according to an embodiment of the present invention. Specifically, as shown in fig. 6, the virus searching and killing apparatus according to the embodiment of the present invention may be specifically disposed in the server, and the apparatus may include an information receiving module 21, a script generating module 22, and an information sending module 23. Wherein,
the information receiving module 21 is configured to receive information of a target virus that needs to be killed and is sent by a client.
Specifically, the information of the target virus may be obtained by the client when the client detects the target virus.
The script generating module 22 is configured to generate an LUA script for searching and killing the target virus according to the information of the target virus received by the information receiving module 21.
Specifically, the LUA script is written by LUA script language, and after the client builds the LUA script engine, the script generating module 22 can generate LUA script codes to implement flexible expansion and customization functions of virus killing.
The information sending module 23 is configured to send the LUA script to the client, so that the client runs the LUA script through a pre-established LUA script engine to check and kill the target virus.
Further optionally, after the script generating module 22 generates the LUA script file according to the virus information, if a plurality of LUA script files (referred to as script files for short) are included, the information sending module 23 may further encrypt the plurality of LUA script files into one LUA script, for example, into a luarp file, and issue the LUA script file to the client, so that the LUA script engine decrypts the LUA script and executes the plurality of script files, specifically, by calling a function corresponding to each script file registered in the LUA script engine to execute the script file. And because the writing of the LUA script is light, the emergency requirement of various virus killing can be quickly realized.
In the embodiment of the invention, the client can acquire the information of the virus when detecting the virus and send the virus information to the server, so that the server generates the LUA script for searching and killing the virus according to the virus information and sends the LUA script to each client. After the client receives the LUA script issued by the server, the LUA script can be operated through the LUA script engine built in advance, so that the virus can be quickly checked and killed, flexible expansion and customization functions of virus checking and killing can be realized through the LUA script engine technology, various expansion requirements of the client on defense can be met through emergency treatment, and the problem that the client can not timely protect the terminal due to the fact that the client can not check and kill the virus such as a novel virus can be quickly spread is solved.
Referring to fig. 7, fig. 7 is a schematic structural diagram of a virus searching and killing system according to an embodiment of the present invention. Specifically, the virus searching and killing system according to the embodiment of the present invention may include a server 1 and at least one client 2. As shown in fig. 7, it is assumed that a virus searching and killing system includes a server 1 and 3 clients 2 respectively installed in different terminal devices; wherein,
the client 2 is used for acquiring the information of the target virus when the target virus is detected and sending the information of the target virus to the server 1;
the server 1 is used for receiving the information of the target viruses needing to be killed and searched and sent by the client 2; generating an LUA script for searching and killing the target virus according to the information of the target virus; sending the LUA script to each client 2;
the client 2 is further configured to receive an LUA script issued by the server 2 and used for searching and killing the target virus; and operating the LUA script by calling a function which is registered in a preset LUA script engine and corresponds to the LUA script so as to check and kill the target virus.
The client 2 that sends the information of the target virus to the server 1 may be a client installed in any terminal device. After generating the LUA script according to the virus information, the server 1 may issue the LUA script to the client installed in each terminal device, so as to protect and quickly kill the virus.
For example, assume that functions of kfile.isexists, kfile.deletefile, and the like are implemented in the LUA script engine built by the client 2, and the obtained information of the target virus indicates that the file name of the registry key causing the virus is "abc" and the file path is C: \. After obtaining the information of the target virus, the server 1 may generate an LUA script for deleting the registry key according to the virus information, and issue the LUA script to each client 2. After receiving the LUA script issued by the server 1, the client 2 can call the kfile. As long as the LUA script engine built by the client 2 realizes related function functions, the server can generate the LUA script to call the functions, so that virus killing is realized.
Specifically, the client 2 may refer to the related description of the embodiment corresponding to fig. 1-2, and the server 1 may refer to the related description of the embodiment corresponding to fig. 3, which is not described herein again.
Please refer to fig. 8, which is a schematic structural diagram of a terminal device according to an embodiment of the present invention, and specifically, as shown in fig. 8, the terminal device according to the embodiment of the present invention includes: a communication interface 300, a memory 200 and a processor 100, wherein the processor 100 is connected to the communication interface 300 and the memory 200 respectively. The memory 200 may be a high-speed RAM memory or a non-volatile memory (non-volatile memory), such as at least one disk memory. The communication interface 300, the memory 200 and the processor 100 may be connected by a bus, or may be connected by other methods. In this embodiment, a bus connection is described. Specifically, the terminal device in the embodiment of the present invention may correspond to the virus searching and killing apparatus corresponding to fig. 4 to 5, and refer to the related description of the corresponding embodiment of fig. 4 to 5. Wherein,
the memory 200 is used for storing driving software;
the processor 100 reads the driver software from the memory and executes under the action of the driver software:
receiving, through the communication interface 300, an LUA script issued by a server for searching and killing a target virus;
and operating the LUA script by calling a function which is registered in a preset LUA script engine and corresponds to the LUA script so as to check and kill the target virus.
Optionally, before executing the LUA script sent by the receiving server for searching and killing the target virus, the processor 100 is further configured to execute the following steps:
when a target virus is detected, acquiring information of the target virus;
and sending the information of the target virus to a server through the communication interface 300, so that the server generates an LUA script for killing the target virus according to the information of the target virus.
Optionally, the LUA script engine is registered with function functions, where the function functions include any one or more of a file deletion function, a file creation function, a file time obtaining function, a function for determining whether a file exists, and a key value obtaining function of a registry.
Optionally, a function for judging whether a file exists or not and a file deletion function are registered in the LUA script engine; the processor 100 executes the LUA script by calling a function corresponding to the LUA script registered in the pre-established LUA script engine to check and kill the target virus, and specifically executes the following steps:
analyzing the LUA script to obtain target file information included by the LUA script, wherein the target file information includes a file path and a file name of a file carrying the target virus;
calling the function for judging whether the file exists to determine whether the file corresponding to the target file information exists;
and if so, calling the file deleting function to delete the file corresponding to the target file information.
Optionally, the LUA script includes a plurality of script files; the processor 100 executes the LUA script by calling a function corresponding to the LUA script registered in the pre-established LUA script engine, and specifically executes the following steps:
analyzing the LUA script to obtain a plurality of script files included by the LUA script;
and when the plurality of script files are operated, the script files are operated by calling the function which is registered in the preset LUA script engine and corresponds to each script file.
Optionally, the processor 100, when executing the step of obtaining the information of the target virus when the target virus is detected, specifically executes the following steps:
when a virus is detected, acquiring information of the virus;
detecting whether the information of the viruses is matched with the information of the viruses in a preset virus library, wherein the preset virus library comprises information of at least one virus associated with a virus searching and killing file;
and if the information of the virus is not matched with the virus information in the preset virus library, taking the virus as a target virus and taking the information of the virus as the information of the target virus.
Further, referring to fig. 9, fig. 9 is a schematic structural diagram of a server according to an embodiment of the present invention, and specifically, as shown in fig. 9, the server according to the embodiment of the present invention includes: a communication interface 600, a memory 500 and a processor 400, wherein the processor 400 is connected with the communication interface 600 and the memory 500 respectively. The memory 500 may be a high-speed RAM memory or a non-volatile memory (non-volatile memory), such as at least one disk memory. The communication interface 600, the memory 500 and the processor 400 may be connected by a bus, or may be connected by other methods. In this embodiment, a bus connection is described. Specifically, the server in the embodiment of the present invention may specifically refer to the related description of the server in the above embodiment. Wherein,
the memory 500 is used for storing driving software;
the processor 400 reads the driver software from the memory and executes under the action of the driver software:
receiving information of a target virus to be searched and killed, which is sent by a client, through the communication interface 600, wherein the information of the target virus is obtained when the client detects the target virus;
generating an LUA script for searching and killing the target virus according to the information of the target virus;
and sending the LUA script to the client through the communication interface 600, so that the client runs the LUA script through a pre-established LUA script engine to check and kill the target virus.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "a specific embodiment," "an example," "a specific example," or "some examples" or the like, mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
The logic and/or steps represented in the flowcharts or otherwise described herein, e.g., an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc. Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.
Claims (10)
1. A virus searching and killing method is characterized by comprising the following steps:
receiving an LUA script which is issued by a server and used for searching and killing a target virus, wherein the LUA script is sent after the server encrypts one or more LUA script files;
decrypting the LUA script to obtain one or more LUA script files;
the method comprises the steps that a function corresponding to each LUA script file registered in a pre-built LUA script engine is called to run the LUA script files so as to check and kill the target viruses;
a function for judging whether a file exists or not and a file deletion function are registered in the LUA script engine; the method for operating the LUA script file by calling the functional function corresponding to the LUA script file registered in the pre-established LUA script engine so as to check and kill the target virus comprises the following steps:
analyzing the LUA script file to obtain target file information included by the LUA script file, wherein the target file information includes a file path and a file name of a file carrying the target virus;
calling the function for judging whether the file exists to determine whether the file corresponding to the target file information exists;
and if so, calling the file deleting function to delete the file corresponding to the target file information.
2. The method according to claim 1, wherein before receiving the LUA script issued by the server for killing the target virus, the method further comprises:
when a target virus is detected, acquiring information of the target virus;
and sending the information of the target virus to a server so that the server generates an LUA script for searching and killing the target virus according to the information of the target virus.
3. The method according to claim 1 or 2, wherein the LUA script engine registers function functions, and the function functions include any one or more of a file deletion function, a file creation function, a file time acquisition function, a function for determining whether a file exists, and a key value acquisition function of a registry.
4. The method of claim 2, wherein the obtaining information of the target virus when the target virus is detected comprises:
when a virus is detected, acquiring information of the virus;
detecting whether the information of the viruses is matched with the information of the viruses in a preset virus library, wherein the preset virus library comprises information of at least one virus associated with a virus searching and killing file;
and if the information of the virus is not matched with the virus information in the preset virus library, taking the virus as a target virus and taking the information of the virus as the information of the target virus.
5. A virus searching and killing method is characterized by comprising the following steps:
receiving information of a target virus needing to be searched and killed, which is sent by a client, wherein the information of the target virus is obtained when the client detects the target virus;
generating an LUA script for searching and killing the target virus according to the information of the target virus;
sending the LUA script to the client, wherein the LUA script is sent after encrypting one or more LUA script files so that the client decrypts the LUA script to obtain the one or more LUA script files, and running the LUA script files through a function which is registered in a pre-established LUA script engine and corresponds to each LUA script file to check and kill the target virus;
the LUA script file comprises target file information, the target file information comprises a file path and a file name of a file carrying the target virus, and a function for judging whether the file exists or not and a file deletion function are registered in the LUA script engine; and the client determines whether the file corresponding to the target file information exists by calling the function for judging whether the file exists or not, and calls the file deleting function to delete the file corresponding to the target file information when the file exists so as to realize the killing of the target virus.
6. A virus killing device, comprising:
the system comprises a receiving module, a judging module and a judging module, wherein the receiving module is used for receiving an LUA script which is issued by a server and used for searching and killing a target virus, and the LUA script is sent by the server after one or more LUA script files are encrypted;
the processing module is used for operating the LUA script files by calling the functional functions which are registered in the pre-established LUA script engine and correspond to each LUA script file so as to check and kill the target viruses;
a function for judging whether a file exists or not and a file deletion function are registered in the LUA script engine; the processing module comprises:
the analysis unit is used for analyzing the LUA script file to obtain target file information included by the LUA script file, wherein the target file information includes a file path and a file name of a file carrying the target virus;
the function calling unit is used for calling the function for judging whether the file exists to determine whether the file corresponding to the target file information exists;
the function calling unit is further configured to call the file deleting function to delete the file corresponding to the target file information when the file corresponding to the target file information exists.
7. The apparatus of claim 6, further comprising:
the information acquisition module is used for acquiring the information of the target virus when the target virus is detected;
and the sending module is used for sending the information of the target virus acquired by the information acquisition module to a server so that the server generates an LUA script for killing the target virus according to the information of the target virus.
8. The apparatus according to claim 6 or 7, wherein the LUA script engine has registered therein function functions, and the function functions include any one or more of a file deletion function, a file creation function, a file time acquisition function, a function of determining whether a file exists, and a key value acquisition function of a registry.
9. The apparatus of claim 7, wherein the information obtaining module comprises:
the acquisition unit is used for acquiring the information of the virus when the virus is detected;
the matching unit is used for detecting whether the information of the viruses is matched with the information of the viruses in a preset virus library, and the preset virus library comprises at least one virus information associated with a virus searching and killing file;
and the determining unit is used for taking the virus as a target virus and taking the information of the virus as the information of the target virus when the matching unit detects that the information of the virus is not matched with the information of the virus in the preset virus library.
10. A virus killing device, comprising:
the system comprises an information receiving module, a virus searching module and a virus searching module, wherein the information receiving module is used for receiving information of a target virus needing to be searched and killed, which is sent by a client, and the information of the target virus is obtained when the client detects the target virus;
the script generating module is used for generating an LUA script for searching and killing the target virus according to the information of the target virus received by the information receiving module;
an information sending module, configured to send the LUA script to the client, where the LUA script is sent after encrypting one or more LUA script files, so that the client decrypts the LUA script to obtain the one or more LUA script files, and runs the LUA script file through a function corresponding to each LUA script file registered in a pre-established LUA script engine, so as to check and kill the target virus;
the LUA script file comprises target file information, the target file information comprises a file path and a file name of a file carrying the target virus, and a function for judging whether the file exists or not and a file deletion function are registered in the LUA script engine; and the client determines whether the file corresponding to the target file information exists by calling the function for judging whether the file exists or not, and calls the file deleting function to delete the file corresponding to the target file information when the file exists so as to realize the killing of the target virus.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510983364.0A CN105653953B (en) | 2015-12-24 | 2015-12-24 | A kind of checking and killing virus method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510983364.0A CN105653953B (en) | 2015-12-24 | 2015-12-24 | A kind of checking and killing virus method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105653953A CN105653953A (en) | 2016-06-08 |
| CN105653953B true CN105653953B (en) | 2019-04-26 |
Family
ID=56477098
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510983364.0A Active CN105653953B (en) | 2015-12-24 | 2015-12-24 | A kind of checking and killing virus method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105653953B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109032607B (en) * | 2018-07-25 | 2022-03-15 | 广州广知建信息科技有限公司 | Machine room monitoring real-time data analysis engine based on lua script and script debugging tool |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104134039A (en) * | 2014-07-24 | 2014-11-05 | 北京奇虎科技有限公司 | Virus checking and killing method, virus checking and killing client, virus checking and killing server and virus checking and killing system |
| CN104200164A (en) * | 2014-09-10 | 2014-12-10 | 北京金山安全软件有限公司 | Loader virus searching and killing method, device and terminal |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB0918478D0 (en) * | 2009-10-22 | 2009-12-09 | Qinetiq Ltd | Checking data content |
-
2015
- 2015-12-24 CN CN201510983364.0A patent/CN105653953B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104134039A (en) * | 2014-07-24 | 2014-11-05 | 北京奇虎科技有限公司 | Virus checking and killing method, virus checking and killing client, virus checking and killing server and virus checking and killing system |
| CN104200164A (en) * | 2014-09-10 | 2014-12-10 | 北京金山安全软件有限公司 | Loader virus searching and killing method, device and terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105653953A (en) | 2016-06-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9734337B1 (en) | Behavior-based ransomware detection | |
| US10503904B1 (en) | Ransomware detection and mitigation | |
| TWI678616B (en) | File detection method, device and system | |
| US11361083B1 (en) | Method and apparatus for securing embedded device firmware | |
| US10193918B1 (en) | Behavior-based ransomware detection using decoy files | |
| US10339300B2 (en) | Advanced persistent threat and targeted malware defense | |
| US20150172304A1 (en) | Secure backup with anti-malware scan | |
| US9686303B2 (en) | Web page vulnerability detection method and apparatus | |
| US9100426B1 (en) | Systems and methods for warning mobile device users about potentially malicious near field communication tags | |
| CN111143869B (en) | Application package processing method and device, electronic equipment and storage medium | |
| CN105339890A (en) | Framework for running untrusted code | |
| IL267241B2 (en) | System and methods for detection of cryptoware | |
| US20160275019A1 (en) | Method and apparatus for protecting dynamic libraries | |
| WO2017012241A1 (en) | File inspection method, device, apparatus and non-volatile computer storage medium | |
| EP3270318B1 (en) | Dynamic security module terminal device and method for operating same | |
| CN111163095B (en) | Network attack analysis method, network attack analysis device, computing device, and medium | |
| KR101695639B1 (en) | Method and system for providing application security service based on cloud | |
| CN110417768B (en) | Botnet tracking method and device | |
| WO2017107896A1 (en) | Document protection method and device | |
| US20160321450A1 (en) | Method and Apparatus for Managing Super User Password on Smart Mobile Terminal | |
| US8448243B1 (en) | Systems and methods for detecting unknown malware in an executable file | |
| KR20180122249A (en) | Position-fixed iot device for protecting secure storage access information and method for protecting secure storage access information for position-fixed iot device | |
| CN111049897A (en) | Method, device, equipment and medium for encrypted uploading and decrypted deployment of small program package | |
| CN111737718A (en) | Encryption and decryption method and device for jar packet, terminal equipment and storage medium | |
| US8918653B2 (en) | Protection of interpreted source code in virtual appliances |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20181203 Address after: Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province Applicant after: Zhuhai Leopard Technology Co.,Ltd. Address before: 100085 East District, Second Floor, 33 Xiaoying West Road, Haidian District, Beijing Applicant before: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |