CN111552962A - 一种基于Windows操作***的U盘PE格式文件病毒的拦截方法 - Google Patents
一种基于Windows操作***的U盘PE格式文件病毒的拦截方法 Download PDFInfo
- Publication number
- CN111552962A CN111552962A CN202010215519.7A CN202010215519A CN111552962A CN 111552962 A CN111552962 A CN 111552962A CN 202010215519 A CN202010215519 A CN 202010215519A CN 111552962 A CN111552962 A CN 111552962A
- Authority
- CN
- China
- Prior art keywords
- file
- opened
- path name
- protection
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 241000700605 Viruses Species 0.000 title claims abstract description 26
- 238000001914 filtration Methods 0.000 claims abstract description 8
- 230000001681 protective effect Effects 0.000 claims abstract description 7
- GNFTZDOKVXKIBK-UHFFFAOYSA-N 3-(2-methoxyethoxy)benzohydrazide Chemical compound COCCOC1=CC=CC(C(=O)NN)=C1 GNFTZDOKVXKIBK-UHFFFAOYSA-N 0.000 claims description 4
- FGUUSXIOTUKUDN-IBGZPJMESA-N C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 Chemical compound C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 FGUUSXIOTUKUDN-IBGZPJMESA-N 0.000 claims description 4
- 230000009385 viral infection Effects 0.000 description 5
- 208000015181 infectious disease Diseases 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 230000036039 immunity Effects 0.000 description 1
- 230000002458 infectious effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (1)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010215519.7A CN111552962B (zh) | 2020-03-25 | 2020-03-25 | 一种基于Windows操作***的U盘PE格式文件病毒的拦截方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010215519.7A CN111552962B (zh) | 2020-03-25 | 2020-03-25 | 一种基于Windows操作***的U盘PE格式文件病毒的拦截方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111552962A true CN111552962A (zh) | 2020-08-18 |
CN111552962B CN111552962B (zh) | 2024-03-01 |
Family
ID=71999880
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010215519.7A Active CN111552962B (zh) | 2020-03-25 | 2020-03-25 | 一种基于Windows操作***的U盘PE格式文件病毒的拦截方法 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111552962B (zh) |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20030090568A (ko) * | 2003-11-07 | 2003-11-28 | 이동범 | 단말기 내의 자원 보호 시스템 및 방법 |
EP1684151A1 (en) * | 2005-01-20 | 2006-07-26 | Grant Rothwell William | Computer protection against malware affection |
CN1885224A (zh) * | 2005-06-23 | 2006-12-27 | 福建东方微点信息安全有限责任公司 | 计算机反病毒防护***和方法 |
CN101826139A (zh) * | 2009-12-30 | 2010-09-08 | 厦门市美亚柏科信息股份有限公司 | 一种非可执行文件挂马检测方法及其装置 |
CN102609667A (zh) * | 2012-02-22 | 2012-07-25 | 浙江机电职业技术学院 | 基于过滤驱动程序的文件自动加解密***和方法 |
CN102663067A (zh) * | 2012-03-31 | 2012-09-12 | 中标软件有限公司 | 一种基于Linux操作***终端的文件打开方法 |
US20140068774A1 (en) * | 2012-08-28 | 2014-03-06 | Alibaba Group Holding Limited | Detecting a malware process |
CN107563199A (zh) * | 2017-09-04 | 2018-01-09 | 郑州云海信息技术有限公司 | 一种基于文件请求监控的勒索软件实时检测与防御方法 |
EP3293660A1 (en) * | 2016-09-08 | 2018-03-14 | Kaspersky Lab AO | System and method of detecting malicious code in files |
KR20200013013A (ko) * | 2020-01-28 | 2020-02-05 | (주)나무소프트 | 피싱 또는 랜섬웨어 공격을 차단하는 방법 및 시스템 |
CN110874474A (zh) * | 2018-12-21 | 2020-03-10 | 北京安天网络安全技术有限公司 | 勒索者病毒防御方法、装置、电子设备及存储介质 |
-
2020
- 2020-03-25 CN CN202010215519.7A patent/CN111552962B/zh active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20030090568A (ko) * | 2003-11-07 | 2003-11-28 | 이동범 | 단말기 내의 자원 보호 시스템 및 방법 |
EP1684151A1 (en) * | 2005-01-20 | 2006-07-26 | Grant Rothwell William | Computer protection against malware affection |
CN1885224A (zh) * | 2005-06-23 | 2006-12-27 | 福建东方微点信息安全有限责任公司 | 计算机反病毒防护***和方法 |
CN101826139A (zh) * | 2009-12-30 | 2010-09-08 | 厦门市美亚柏科信息股份有限公司 | 一种非可执行文件挂马检测方法及其装置 |
CN102609667A (zh) * | 2012-02-22 | 2012-07-25 | 浙江机电职业技术学院 | 基于过滤驱动程序的文件自动加解密***和方法 |
CN102663067A (zh) * | 2012-03-31 | 2012-09-12 | 中标软件有限公司 | 一种基于Linux操作***终端的文件打开方法 |
US20140068774A1 (en) * | 2012-08-28 | 2014-03-06 | Alibaba Group Holding Limited | Detecting a malware process |
EP3293660A1 (en) * | 2016-09-08 | 2018-03-14 | Kaspersky Lab AO | System and method of detecting malicious code in files |
CN107563199A (zh) * | 2017-09-04 | 2018-01-09 | 郑州云海信息技术有限公司 | 一种基于文件请求监控的勒索软件实时检测与防御方法 |
CN110874474A (zh) * | 2018-12-21 | 2020-03-10 | 北京安天网络安全技术有限公司 | 勒索者病毒防御方法、装置、电子设备及存储介质 |
KR20200013013A (ko) * | 2020-01-28 | 2020-02-05 | (주)나무소프트 | 피싱 또는 랜섬웨어 공격을 차단하는 방법 및 시스템 |
Non-Patent Citations (3)
Title |
---|
曹成龙;傅德胜;曹凤艳;: "基于文件过滤驱动的移动存储控制方法", 计算机应用, no. 06, pages 1498 - 1501 * |
马莉;杨文茵;谢奕智;: "基于行为策略的主动防御***设计", 佛山科学技术学院学报(自然科学版), no. 04, pages 38 - 43 * |
鲁婷婷;王俊峰;: "Windows内存防护机制研究", 网络与信息安全学报, no. 10, pages 1 - 15 * |
Also Published As
Publication number | Publication date |
---|---|
CN111552962B (zh) | 2024-03-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2541453B1 (en) | System and method for malware protection using virtualization | |
KR101122787B1 (ko) | 보안관련 프로그래밍 인터페이스 | |
EP3180732B1 (en) | Method of malware detection and system thereof | |
EP3113063B1 (en) | System and method for detecting malicious code in random access memory | |
US9684785B2 (en) | Providing multiple isolated execution environments for securely accessing untrusted content | |
EP3462358B1 (en) | System and method for detection of malicious code in the address space of processes | |
US20070283444A1 (en) | Apparatus And System For Preventing Virus | |
US8578345B1 (en) | Malware detection efficacy by identifying installation and uninstallation scenarios | |
US20110209219A1 (en) | Protecting User Mode Processes From Improper Tampering or Termination | |
JP2007534039A (ja) | パーソナルコンピュータインターネットセキュリティシステム | |
CN102263773B (zh) | 实时防护的方法和装置 | |
CN113051034B (zh) | 一种基于kprobes的容器访问控制方法与*** | |
CN105335197A (zh) | 终端中应用程序的启动控制方法和装置 | |
CN114065196A (zh) | Java内存马检测方法、装置、电子设备与存储介质 | |
CN101414329B (zh) | 删除正在运行中的病毒的方法 | |
CN104252594A (zh) | 病毒检测方法和装置 | |
US20110047305A1 (en) | Apparatus and method for securing data of usb devices | |
CN107203410B (zh) | 一种基于***调用重定向的vmi方法及*** | |
CN111552962B (zh) | 一种基于Windows操作***的U盘PE格式文件病毒的拦截方法 | |
CN110414220B (zh) | 沙箱内程序动态执行过程中的操作文件提取方法及装置 | |
KR20110057297A (ko) | 악성 봇 동적 분석 시스템 및 방법 | |
WO2009104720A1 (ja) | リソース利用制御システム、リソース利用制御方法及びリソース利用制御用プログラム | |
CN113836529A (zh) | 进程检测方法、装置、存储介质以及计算机设备 | |
RU2592383C1 (ru) | Способ формирования антивирусной записи при обнаружении вредоносного кода в оперативной памяти | |
TWI789944B (zh) | 基於不同掃描方案之應用程式控管方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20210719 Address after: 100020 1773, 15 / F, 17 / F, building 3, No.10, Jiuxianqiao Road, Chaoyang District, Beijing Applicant after: Beijing Hongteng Intelligent Technology Co.,Ltd. Address before: 110179 No.11, Lane 3, Wenhua Road, Heping District, Shenyang City, Liaoning Province Applicant before: SHENYANG GENERALSOFT Co.,Ltd. |
|
TA01 | Transfer of patent application right | ||
CB02 | Change of applicant information |
Address after: 100020 1773, 15 / F, 17 / F, building 3, No.10, Jiuxianqiao Road, Chaoyang District, Beijing Applicant after: Sanliu0 Digital Security Technology Group Co.,Ltd. Address before: 100020 1773, 15 / F, 17 / F, building 3, No.10, Jiuxianqiao Road, Chaoyang District, Beijing Applicant before: Beijing Hongteng Intelligent Technology Co.,Ltd. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |