Methods and arrangement for efficiently detecting and removing malware
First Claim
1. A system for detecting malware in a computer storage drive that stores computer readable code implementing at least a first operating system, said computer storage drive being installed in a computer system, the system comprising:
- a second operating system different from said first operating system;
an analysis module configured to execute under said second operating system, said analysis module being further configured to ascertain, while said first operating system is inactive, at least a first boot-up parameter of said first operating system that would be involved in booting up said computer system if said first operating system had been activated instead, said analysis module being further configured to identify at least one of a first file and a first folder that said first boot-up parameter refers to; and
a malware scanning engine configured for scanning, while said first operating system is inactive, said at least one of said first file and said first folder after said at least one of said first file and said first folder has been identified by said analysis module, said malware scanning engine being further configured for neutralizing said malware responsive to said scanning if said at least one of said first file and said first folder includes said malware, wherein said second operating system is configured to become dormant after said malware is neutralized in order to enable said first operating system to boot up said computer system.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for detecting malware in a computer that employs a production operating system during normal use is provided. The method includes activating on the computer a first operating system while the production operating system is dormant and ascertaining at least a portion of the production operating system that would be involved in booting up the computer if the production operating system had been activated instead. The method further includes scanning, while the first operating system is activated and while the production operating system is dormant, the portion of the production operating system. The method further includes neutralizing, while the first operating system is activated and while the production operating system is dormant, the malware responsive to the scanning.
58 Citations
20 Claims
-
1. A system for detecting malware in a computer storage drive that stores computer readable code implementing at least a first operating system, said computer storage drive being installed in a computer system, the system comprising:
-
a second operating system different from said first operating system; an analysis module configured to execute under said second operating system, said analysis module being further configured to ascertain, while said first operating system is inactive, at least a first boot-up parameter of said first operating system that would be involved in booting up said computer system if said first operating system had been activated instead, said analysis module being further configured to identify at least one of a first file and a first folder that said first boot-up parameter refers to; and a malware scanning engine configured for scanning, while said first operating system is inactive, said at least one of said first file and said first folder after said at least one of said first file and said first folder has been identified by said analysis module, said malware scanning engine being further configured for neutralizing said malware responsive to said scanning if said at least one of said first file and said first folder includes said malware, wherein said second operating system is configured to become dormant after said malware is neutralized in order to enable said first operating system to boot up said computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for detecting malware in a computer storage drive that stores computer readable code implementing at least a first operating system, said computer storage drive being installed in a computer system, the method comprising:
-
activating a second operating system different from said first operating system; ascertaining, using an analysis module executing under said second operating system while said first operating system is inactive, at least a first boot-up parameter of said first operating system that would be involved in booting up said computer system if said first operating system had been activated instead; identifying, using said analysis module, at least one of a first file and a first folder that said first boot-up parameter refers to; after said identifying, scanning, using a malware scanning engine executing under said second operating system while said first operating system is inactive, said at least one of said first file and said first folder; and if said at least one of said first file and said first folder includes said malware, neutralizing said malware responsive to said scanning while said first operating system is inactive, wherein said scanning is performed while said computer storage drive remains installed in said computer system. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for detecting malware in a computer that employs a production operating system during normal use, the method comprising:
-
activating on said computer a first operating system different from said production operating system, said activating being performed while said production operating system is dormant; ascertaining, while said first operating system is activated and while said production operating system is dormant, at least a first boot-up parameter of said production operating system that would be involved in booting up said computer if said production operating system had been activated instead; identifying, using said analysis module, at least one of a first file and a first folder that said first boot-up parameter refers to; after said identifying, scanning, while said first operating system is activated and while said production operating system is dormant, said at least one of said first file and said first folder; and if said at least one of said first file and said first folder includes said malware, neutralizing, while said first operating system is activated and while said production operating system is dormant, said malware responsive to said scanning. - View Dependent Claims (20)
-
Specification