| 摘要 |
<p>The invention relates to the field of anti-virus protection. The technical result of the invention lies in providing possibility for unblocking the computer with no data loss and computer resetting, for increasing the antivirus systems operation efficiency and consequently improving the computer systems security. A method for neutralizing malicious software blocking computer operation, the method being performed by means of a separate antivirus activation device developed for the antimalware procedure activation to be run by a PC user, the device comprising connectors for connection to a control bus, a controller and an activation unit. Computer unblocking and malware neutralizing procedure is activated after receiving an activation signal from the antivirus activation device. Whereby said unblocking and malware neutralizing procedure includes: examining OS graphics subsystem state, searching for all the created windows and desktops viewed by the user; analyzing all the processes and flows executed with the PC at the time of infection; creating bindings on the collected data basis for each said window and desktop to a particular process and/or process hierarchy; analyzing the obtained data on the processes and identifying in each of them loaded modules involved in the process running; searching for the software automatically run in the course of OS start-up; compiling a list of the objects considered as malicious; isolating each malicious object, deleting its links out of OS configuration files, and aborting the malicious process produced by the object.</p> |
