System and method for neutralizing locked pestware files
First Claim
1. A method for removing pestware files located on a storage device of a protected computer, the method comprising:
- detecting a presence of a pestware file on the storage device while the operating system of the protected computer is limiting access to the pestware file via the operating system;
altering, while the operating system continues to limit access to the file via the operating system, at least a portion of a listing of a plurality of pointers, wherein each of the plurality of pointers in the listing points to a corresponding one of a plurality of locations on the storage device, and the storage device stores each of a plurality of portions of data for the pestware file at a corresponding one of each of the plurality of locations; and
removing, while the operating system continues to limit access to the file via the operating system, the name of the pestware file from a directory entry of the pestware file.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for scanning and deleting pestware on a protected computer are described. In one variation, the presence of a pestware file on the storage device is detected while an operating system of the protected computer is limiting access to the pestware file via the operating system. In order mitigate any undesirable consequences the pestware might cause, a listing of a plurality of pointers to data for the pestware file is altered while the operating system continues to limit access to the file via the operating system. In this way, the operating system will be unable to locate and launch the pestware file. In variations, the name of the pestware file from a directory entry of the pestware file. In systems where the files are organized in an NTFS format, an MFT bitmap may be removed as well.
-
Citations
21 Claims
-
1. A method for removing pestware files located on a storage device of a protected computer, the method comprising:
-
detecting a presence of a pestware file on the storage device while the operating system of the protected computer is limiting access to the pestware file via the operating system;
altering, while the operating system continues to limit access to the file via the operating system, at least a portion of a listing of a plurality of pointers, wherein each of the plurality of pointers in the listing points to a corresponding one of a plurality of locations on the storage device, and the storage device stores each of a plurality of portions of data for the pestware file at a corresponding one of each of the plurality of locations; and
removing, while the operating system continues to limit access to the file via the operating system, the name of the pestware file from a directory entry of the pestware file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 19)
-
-
9. A system for removing pestware files from a file storage device of a protected computer, the protected computer including an operating system, the system comprising:
-
a pestware detection module configured to identify a file stored in the file storage device of the protected computer as a pestware file; and
a file removal module configured to;
alter, while the operating system prevents access to the pestware file via the operating system, a listing of a plurality of pointers, wherein each of the plurality of pointers in the listing points to a corresponding one of a plurality of locations on the file storage device, and the file storage device stores each of a plurality of portions of data for the pestware file at a corresponding one of each of the plurality of locations, wherein the altered listing of pointers prevents the operating system from accessing the pestware file. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A computer readable medium encoded with instructions for removing pestware files from a storage device of a protected computer, the instructions including instructions for:
-
detecting a presence of a pestware file on the storage device while the operating system of the protected computer is limiting access to the pestware file via the operating system;
altering, while the operating system continues to limit access to the file via the operating system, a listing of a plurality of pointers, wherein each of the plurality of pointers in the listing points to a corresponding one of a plurality of locations on the storage device, and the storage device stores each of a plurality of portions of data for the pestware file at a corresponding one of each of the plurality of locations; and
removing, while the operating system continues to limit access to the file via the operating system, the name of the pestware file from the directory entry of the pestware file. - View Dependent Claims (15, 16, 17, 18, 20, 21)
-
Specification