System and method for neutralizing pestware residing in executable memory
First Claim
Patent Images
1. A method for neutralizing pestware, comprising:
- identifying a pestware construct;
accessing at least one function exported by the pestware construct; and
writing an instruction into the memory for the at least one exported function that renders the at least one exported function substantially ineffective.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for managing pestware on a protected computer are described. In one implementation, a pestware construct is identified. Functions exported by the pestware process are identified, and neutralization of the pestware process is accomplished by skipping a portion of the executed code for pestware functions exported by the pestware process. Registry entries associated with the pestware process are detected and deleted, and the pestware process is scheduled for deletion after the next reboot of a protected computer.
-
Citations
24 Claims
-
1. A method for neutralizing pestware, comprising:
-
identifying a pestware construct;
accessing at least one function exported by the pestware construct; and
writing an instruction into the memory for the at least one exported function that renders the at least one exported function substantially ineffective. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-readable medium comprising executable instructions to:
-
identify a pestware construct;
access at least one function exported by the pestware construct; and
write an instruction into the memory for the at least one exported function that renders the at least one exported function substantially ineffective. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system of removing pestware, comprising:
-
a detection module configured to;
identify a pestware construct; and
a removal module configured to;
access at least one function exported by the pestware construct; and
write an instruction into the memory for the at least one exported function that renders the at least one exported function substantially ineffective. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification