Method and system for detecting a compressed pestware executable object
First Claim
1. A method for detecting a compressed pestware executable object on a computer, the method comprising:
- detecting, during startup of the computer, that a running process is attempting to exit; and
preventing the running process from exiting until a pestware detection procedure has been performed.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and system for detecting a compressed pestware executable object is described. In an illustrative embodiment, while a computer is booting up, an attempt by a running process to exit is detected. The running process is prevented from exiting until a pestware detection procedure has been performed. In one embodiment, the pestware detection procedure includes scanning for pestware signatures the portion of executable program memory associated with the suspended running process. In a different embodiment, the pestware detection procedure includes writing to a file at least the portion of executable program memory associated with the running process, after which the running process is permitted to exit. The file can then be scanned for pestware signatures at a convenient time.
64 Citations
20 Claims
-
1. A method for detecting a compressed pestware executable object on a computer, the method comprising:
-
detecting, during startup of the computer, that a running process is attempting to exit; and
preventing the running process from exiting until a pestware detection procedure has been performed. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for detecting a compressed pestware executable object on a computer, the system comprising:
-
a driver configured to;
detect, during startup of the computer, that a running process is attempting to exit; and
prevent the running process from exiting until a pestware detection procedure has been performed. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system for detecting a compressed pestware executable object on a computer, the system comprising:
-
means for determining, during startup of the computer, that a running process is attempting to exit; and
means for preventing the running process from exiting until a pestware detection procedure has been performed. - View Dependent Claims (14, 15, 16)
-
-
17. A computer-readable storage medium containing program instructions to detect a compressed pestware executable object on a computer, the computer-readable storage medium comprising:
-
a first code segment configured to detect, during startup of the computer, that a running process is attempting to exit; and
a second code segment configured to prevent the running process from exiting until a pestware detection procedure has been performed. - View Dependent Claims (18, 19, 20)
-
Specification