| 发明名称 | Operating system bootstrap failure detection | ||
| 摘要 | During a bootstrapping process, path names of necessary bootstrap modules are collected and stored into a file. When an infected bootstrap component is detected, the method initiates emulation of the bootstrapping process within a virtual machine rather than directly cleaning malware from the infected bootstrap component. A settings file is copied into the virtual machine indicating the necessary bootstrap components in the host computer (including the infected component). Alternatively, the actual components are copied into the virtual machine. A clean version of the infected bootstrap component is made available to the virtual machine. The virtual machine is launched using the bootstrap components (including the clean version of the infected bootstrap component) and it emulates the bootstrapping process of the operating system. A successful bootstrap indicates the infected bootstrap component may be cleaned on the host computer. An unsuccessful bootstrap indicates the infected bootstrap component should not be cleaned of malware. | ||
| 申请公布号 | US8918879(B1) | 申请公布日期 | 2014.12.23 |
| 申请号 | US201213470551 | 申请日期 | 2012.05.14 |
| 申请人 | Trend Micro Inc. | 发明人 | Li Yuefeng;Gan Hongbo;Ye Hua |
| 分类号 | G06F21/00;G06F9/00;G06F12/14;G06F21/57;G06F21/56 | 主分类号 | G06F21/00 |
| 代理机构 | Beyer Law Group LLP | 代理人 | Beyer Law Group LLP |
| 主权项 | 1. A method of cleaning malware from bootstrap components of an operating system on a host computer while ensuring a successful bootstrap of the operating system, said method comprising: detecting a malware infection in a bootstrap component of said host computer, said bootstrap component being necessary in a bootstrapping process of an operating system of said host computer; copying a file into a virtual machine of said host computer, said file indicating computer modules necessary for said bootstrapping process; passing an indication of a clean version of said bootstrap component to said virtual machine; and launching said virtual machine and emulating said bootstrapping process of said operating system using said computer modules and said clean version of said bootstrap component to determine whether or not cleaning said malware infection from said infected bootstrap component of said host computer results in a bootstrapping failure, wherein said infected bootstrap component is not used in said emulation. | ||
| 地址 | Tokyo JP | ||