| 摘要 |
The present invention is directed to a method for detecting unwanted executables and preventing the damage thereof, comprising: defining at least one API call as suspicious (101); scanning an executable for detecting suspicious API calls (102); and upon detecting a suspicious API call within said executable (103), either just determining said executable as unwanted or inspecting said executable. Following inspection, if said executable is indicated as unwanted and/or malicious (105), the damage thereof is prevented by eliminating the suspicious calls from said executable, discarding said executable, etc.
|
