Method of managing computer virus infected files
First Claim
Patent Images
1. In a processing system, a method of managing virus infected files comprising:
- obtaining, from a user of the processing system, a selected option for handling a virus infected file;
scanning files of the processing system and detecting a virus infected file;
when the selected option comprises moving the virus infected file to a virus file repository, automatically and without user interaction performing;
copying the entire contents of the virus infected file to a first file in the virus file repository, wherein the automatic copying of the virus infected file to the virus file repository is implemented as a scan option in a local area network-based anti-virus process;
scrambling contents of the first file during the copy operation, such that the first file is inoperable and no longer accessible by the user of the processing system;
storing the first file in the virus file repository for subsequent recovery; and
deleting the virus infected file from the processing system.
1 Assignment
0 Petitions
Accused Products
Abstract
Management of files infected by computer viruses is accomplished by creating a first file in a directory, copying a virus infected file to the first file, scrambling contents of the first file, and deleting the virus infected file. A system for managing computer virus infected files includes scrambler logic to scramble the contents of a virus infected file to produce a scrambled virus infected file, a virus bin to safely store the scrambled virus infected file, and unscrambler logic to unscramble the scrambled virus infected file to reproduce the virus infected file for further analysis or cleaning.
112 Citations
16 Claims
-
1. In a processing system, a method of managing virus infected files comprising:
-
obtaining, from a user of the processing system, a selected option for handling a virus infected file;
scanning files of the processing system and detecting a virus infected file;
when the selected option comprises moving the virus infected file to a virus file repository, automatically and without user interaction performing;
copying the entire contents of the virus infected file to a first file in the virus file repository, wherein the automatic copying of the virus infected file to the virus file repository is implemented as a scan option in a local area network-based anti-virus process;
scrambling contents of the first file during the copy operation, such that the first file is inoperable and no longer accessible by the user of the processing system;
storing the first file in the virus file repository for subsequent recovery; and
deleting the virus infected file from the processing system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
opening the first file;
reading information describing the virus infected file from the first file;
creating a second file using the information;
copying selected contents of the first file to the second file; and
unscrambling contents of the second file.
-
-
5. The method of claim 4, wherein unscrambling contents comprises unscrambling contents during copying operations on a byte by byte basis.
-
6. The method of claim 3, further comprising:
-
enumerating each file in the directory;
opening each enumerated file and reading the information describing the virus infected file stored in each enumerated file; and
displaying the information.
-
-
7. The method of claim 1, wherein scrambling contents comprises performing an exclusive OR operation applied to selected bytes of the first file with a OFF value.
-
8. The method of claim 1, wherein scrambling contents comprises encrypting selected contents of the first file.
-
9. An article comprising:
a machine readable medium having a plurality of machine readable instructions stored therein, wherein when the instructions are executed by a processor the instructions cause the processor to obtain, from a user of the processing system, a selected option for handling a virus infected file, to scan files of the processing system and detect a virus infected file, and when the selected option comprises moving the virus infected file to a virus file repository, to automatically and without user interaction perform;
copying the entire contents of the virus infected file to a first file in a virus file repository, the automatic copying of the virus infected file to the virus file repository are implemented as a scan option in a local area network-based anti-virus process, scrambling contents of the first file during the copy operation, such that the first file is inoperable and no longer accessible by the user of the processing system, storing the first file in the virus file repository for subsequent recovery, and deleting the virus infected file from the processing system.- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeIntel Corporation
-
Original AssigneeIntel Corporation
-
InventorsTempleton, Randall F.
-
Primary Examiner(s)Hayes, Gail
-
Assistant Examiner(s)SONG, HOSUK
-
Application NumberUS09/159,311Time in Patent Office1,350 DaysField of Search713/200, 713/201, 713/188, 713/187, 714/38, 714/26, 714/39, 714/36US Class Current726/24CPC Class CodesG06F 21/56 Computer malware detection ...
