×

Polymorphic virus detection module

  • US 5,696,822 A
  • Filed: 09/28/1995
  • Issued: 12/09/1997
  • Est. Priority Date: 09/28/1995
  • Status: Expired due to Term
First Claim
Patent Images

1. A computer implemented method for detecting polymorphic viruses in a computer file, the method comprising the steps of;

  • fetching an instruction from the computer file;

    determining whether the instruction is used in any decryption loop generated by a known polymorphic virus on a list;

    delisting the known polymorphic virus if the instruction is not used in any decryption loop generated by the known polymorphic virus;

    repeating the determining and delisting steps for each known polymorphic virus on the list;

    emulating the instruction;

    tagging a memory location associated with the instruction when at least one known polymorphic virus remains on the list;

    repeating the above said steps when at least one known polymorphic virus remains on the list; and

    scanning the tagged locations for virus signatures.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×