| 摘要 |
A method and system for detecting a compressed pestware executable object is described. In an illustrative embodiment, while a computer is booting up, an attempt by a running process to exit is detected. The running process is prevented from exiting until a pestware detection procedure has been performed. In one embodiment, the pestware detection procedure includes scanning for pestware signatures the portion of executable program memory associated with the suspended running process. In a different embodiment, the pestware detection procedure includes writing to a file at least the portion of executable program memory associated with the running process, after which the running process is permitted to exit. The file can then be scanned for pestware signatures at a convenient time. |
