Method and system for detecting and removing hidden pestware files
First Claim
1. A method for detecting and removing a hidden pestware file on a storage device of a computer, the method comprising:
- detecting, using direct drive access, a file on the storage device, the direct drive access bypassing standard file Application-Program-Interface (API) function calls of an operating system of the computer;
determining whether the file is detectable by the operating system by attempting to access the file using a standard file API function call of the operating system, the file being detectable by the operating system when the attempt to access the file using the standard file API function call is successful, the file being undetectable by the operating system when the attempt to access the file using the standard file API function call is unsuccessful;
identifying the file as a potential hidden pestware file, when the file is undetectable by the operating system;
confirming through an automated pestware-signature scan of the potential hidden pestware file that the potential hidden pestware file is a hidden pestware file; and
removing automatically, using direct drive access, the hidden pestware file from the storage device.
9 Assignments
0 Petitions
Accused Products
Abstract
A method and system for detecting and removing a hidden pestware file is described. One illustrative embodiment detects, using direct drive access, a file on a computer storage device; determines whether the file is also detectable by the operating system by attempting to access the file using a standard file Application-Program-Interface (API) function call of the operating system; identifies the file as a potential hidden pestware file, when the file is undetectable by the operating system; confirms through an automated pestware-signature scan of the potential hidden pestware file that the potential hidden pestware file is a hidden pestware file; and removes automatically, using direct drive access, the hidden pestware file from the storage device.
60 Citations
17 Claims
-
1. A method for detecting and removing a hidden pestware file on a storage device of a computer, the method comprising:
-
detecting, using direct drive access, a file on the storage device, the direct drive access bypassing standard file Application-Program-Interface (API) function calls of an operating system of the computer; determining whether the file is detectable by the operating system by attempting to access the file using a standard file API function call of the operating system, the file being detectable by the operating system when the attempt to access the file using the standard file API function call is successful, the file being undetectable by the operating system when the attempt to access the file using the standard file API function call is unsuccessful; identifying the file as a potential hidden pestware file, when the file is undetectable by the operating system; confirming through an automated pestware-signature scan of the potential hidden pestware file that the potential hidden pestware file is a hidden pestware file; and removing automatically, using direct drive access, the hidden pestware file from the storage device. - View Dependent Claims (2, 3, 4)
-
-
5. A method for detecting a potential hidden pestware file on a storage device of a computer, the method comprising:
-
detecting, using direct drive access, a file on the storage device, the direct drive access bypassing standard file Application-Program-Interface (API) function calls of an operating system of the computer; determining whether the file is detectable by the operating system by attempting to access the file using a standard file API function call of the operating system, the file being detectable by the operating system when the attempt to access the file using the standard file API function call is successful, the file being undetectable by the operating system when the attempt to access the file using the standard file API function call is unsuccessful; identifying the file as a potential hidden pestware file, when the file is undetectable by the operating system; and performing the following when the file has been identified as a potential hidden pestware file; notifying a user that the file is a potential hidden pestware file; presenting to the user an option to remove automatically the potential hidden pestware file from the storage device; and removing, using direct drive access, the potential hidden pestware file from the storage device automatically in response to an input from the user. - View Dependent Claims (6)
-
-
7. A method for scanning a storage device of a computer for hidden pestware files, the method comprising:
-
reading a data-bearing portion of the storage device, the reading being performed sequentially in sector order using direct drive access, the direct drive access substantially bypassing standard file Application-Program-Interface (API) function calls of an operating system of the computer; identifying, through the reading, files on the storage device; determining, for each identified file, whether that identified file is detectable by the operating system by attempting to access that identified file using a standard file API function call of the operating system, an identified file being detectable by the operating system when the attempt to access that identified file using the standard file API function call is successful, an identified file being undetectable by the operating system when the attempt to access that identified file using the standard file API function call is unsuccessful; flagging each identified file that is undetectable to the operating system as a potential hidden pestware file; performing an automated pestware-signature scan of each identified file flagged as a potential hidden pestware file to determine whether that identified file is indeed a hidden pestware file; and removing from the storage device automatically, using direct drive access, each identified file determined to be a hidden pestware file. - View Dependent Claims (8, 9)
-
-
10. A system for detecting and removing a hidden pestware file on a storage device of a computer, the system comprising:
-
a file-detection module configured to detect, using direct drive access, a file on the storage device, the direct drive access bypassing standard file Application-Program-Interface (API) function calls of an operating system of the computer; a file-analysis module configured to determine whether the file is detectable by the operating system by attempting to access the file using a standard file API function call of the operating system, the file being detectable by the operating system when the attempt to access the file using the standard file API function call is successful, the file being undetectable by the operating system when the attempt to access the file using the standard file API function call is unsuccessful; a file-classification module configured to flag the file as a potential hidden pestware file, when the file is undetectable by the operating system; a pestware-scanning module configured to confirm, through an automated pestware-signature scan of the potential hidden pestware file, that the potential hidden pestware file is a hidden pestware file; and a pestware-removal module configured to remove automatically, using direct drive access, the hidden pestware file from the storage device. - View Dependent Claims (11, 12, 13)
-
-
14. A system for detecting a potential hidden pestware file on a storage device of a computer, the system comprising:
-
a file-detection module configured to detect, using direct drive access, a file on the storage device, the direct drive access bypassing standard file Application-Program-Interface (API) function calls of an operating system of the computer; a file-analysis module configured to determine whether the file is detectable by the operating system by attempting to access the file using a standard file API function call of the operating system, the file being detectable by the operating system when the attempt to access the file using the standard file API function call is successful, the file being undetectable by the operating system when the attempt to access the file using the standard file API function call is unsuccessful; a file-classification module configured to flag the file as a potential hidden pestware file, when the file is undetectable by the operating system; a notification module configured, when the file has been flagged as a potential hidden pestware file, to; notify a user that the file has been flagged as a potential hidden pestware file; and present to the user an option to remove automatically the potential hidden pestware file from the storage device; and a pestware-removal module configured to remove automatically, using direct drive access, the potential hidden pestware file from the storage device in response to an input from the user. - View Dependent Claims (15)
-
-
16. A computer-readable storage medium containing program instructions executable by a processor to detect and remove a hidden pestware file on a storage device of a computer, the program instructions comprising:
-
a first instruction segment configured to detect, using direct drive access, a file on the storage device, the direct drive access bypassing standard file Application-Program-Interface (API) function calls of an operating system of the computer; a second instruction segment configured to determine whether the file is detectable by the operating system by attempting to access the file using a standard file API function call of the operating system, the file being detectable by the operating system when the attempt to access the file using the standard file API function call is successful, the file being undetectable by the operating system when the attempt to access the file using the standard file API function call is unsuccessful; a third instruction segment configured to flag the file as a potential hidden pestware file, when the file is undetectable by the operating system; a fourth instruction segment configured to confirm, through an automated pestware-signature scan of the potential hidden pestware file, that the potential hidden pestware file is a hidden pestware file; and a fifth instruction segment configured to remove automatically, using direct drive access, the hidden pestware file from the storage device.
-
-
17. A computer-readable storage medium containing program instructions executable by a processor to detect a potential hidden pestware file on a storage device of a computer, the program instructions comprising:
-
a first instruction segment configured to detect, using direct drive access, a file on the storage device, the direct drive access bypassing standard file Application-Program-Interface (API) function calls of an operating system of the computer; a second instruction segment configured to determine whether the file is detectable by the operating system by attempting to access the file using a standard file API function call of the operating system, the file being detectable by the operating system when the attempt to access the file using the standard file API function call is successful, the file being undetectable by the operating system when the attempt to access the file using the standard file API function call is unsuccessful; a third instruction segment configured to flag the file as a potential hidden pestware file, when the file is undetectable by the operating system; a fourth instruction segment configured, when the file has been flagged as a potential hidden pestware file, to; notify a user that the file has been flagged as a potential hidden pestware file; and present to the user an option to remove automatically the potential hidden pestware file from the storage device; and a fifth instruction segment configured to remove automatically, using direct drive access, the hidden pestware file from the storage device in response to an input from the user.
-
Specification