METHOD AND APPARATUS FOR DIAGNOSING AND REMOVING MALWARE IN PORTABLE DEVICE

摘要

A method for diagnosing and removing malware in a portable terminal according to the present invention includes the steps of: monitoring whether a new file is generated or read in a specific directory path by monitoring a kernel system call function; inspecting whether the generated or read new file is a black application or a black file registered in a blacklist DB, or a malware application or a malware file registered in a pattern DB; and forcedly deleting the new file when the new file is one of the black application, the black file, the malware application, and the malware file which are registered. [Reference numerals] (102) Kernel monitoring unit; (104) Library monitoring unit; (106) First application inspection unit; (108) Second application inspection unit; (110) Malware application DB; (112) Blacklist DB; (114) Application deleting unit; (116) File deleting unit; (118) Message generating unit; (AA) Generate or open a file; (BB) Deletion error message