Method and system for rendering harmless a locked pestware executable object
First Claim
Patent Images
1. A method, comprising:
- detecting a locked pestware executable object on a storage device of a computer, the locked pestware executable object being inaccessible via an operating system of the computer;
accessing the locked pestware executable object through direct drive access, the direct drive access bypassing standard file Application-Program-Interface (API) function calls of the operating system;
modifying data in the locked pestware executable object in a manner that renders it harmless to the computer, wherein modifying includes rendering the locked pestware executable object invalid, to the operating system, as an executable object, wherein rendering the locked pestware executable object invalid includes inverting the order of two initial bytes of a DOS header of the locked pestware executable object; and
deleting the locked pestware executable object from the storage device automatically, after data in the locked pestware executable object has been modified and the computer has been rebooted.
9 Assignments
0 Petitions
Accused Products
Abstract
A method and system for rendering harmless a locked pestware executable object is described. In one illustrative embodiment, a locked pestware executable object is detected on a storage device of a computer, the locked pestware executable object being inaccessible via the computer'"'"'s operating system; the locked pestware executable object is accessed through direct drive access; and data in the locked pestware executable object is modified in a manner that renders it harmless to the computer.
64 Citations
8 Claims
-
1. A method, comprising:
-
detecting a locked pestware executable object on a storage device of a computer, the locked pestware executable object being inaccessible via an operating system of the computer; accessing the locked pestware executable object through direct drive access, the direct drive access bypassing standard file Application-Program-Interface (API) function calls of the operating system; modifying data in the locked pestware executable object in a manner that renders it harmless to the computer, wherein modifying includes rendering the locked pestware executable object invalid, to the operating system, as an executable object, wherein rendering the locked pestware executable object invalid includes inverting the order of two initial bytes of a DOS header of the locked pestware executable object; and deleting the locked pestware executable object from the storage device automatically, after data in the locked pestware executable object has been modified and the computer has been rebooted. - View Dependent Claims (2)
-
-
3. A system, comprising:
-
a computer comprising a processor unit and memory, the computer being configured to execute a plurality of software modules, including; a detection module configured to detect a locked pestware executable object on a storage device of a computer, the locked pestware executable object being inaccessible via an operating system of the computer, the detection module being hosted by the computer; a direct-access module configured to access the locked pestware executable object through direct drive access, the direct drive access bypassing standard file Application-Program-Interface (API) function calls of the operating system, the direct-access module being hosted by the computer; and a neutralization module configured to modify data in the locked pestware executable object in a manner that renders the locked pestware executable object harmless to the computer, the neutralization module being hosted by the computer, wherein the neutralization module is configured to render the locked pestware executable object invalid, to the operating system, as an executable object including inverting the order of two initial bytes of a DOS header of the locked pestware executable object, the neutralization module being further configured to delete the locked pestware executable object from the storage device automatically, after the neutralization module has modified data in the locked pestware executable object and the computer has been rebooted. - View Dependent Claims (4)
-
-
5. A system, comprising:
-
A computer comprising a processor unit and memory; means for detecting a locked pestware executable object on a storage device of a computer, the locked pestware executable object being inaccessible via an operating system of the computer; means for direct drive access to access the locked pestware executable object; means for modifying data in the locked pestware executable object in a manner that renders the locked pestware executable object harmless to the computer, wherein the means for modifying is configured to render the locked pestware executable object invalid, to the operating system, as an executable object including inverting the order of two initial bytes of a DOS header of the locked pestware executable object; and means for deleting the locked pestware executable object from the storage device automatically, after the means for modifying has modified data in the locked pestware executable object and the computer has been rebooted. - View Dependent Claims (6)
-
-
7. A non-transitory computer-readable storage medium containing program instructions, comprising:
-
a first instruction segment configured to detect a locked pestware executable object on a storage medium of a computer, the locked pestware executable object being inaccessible via an operating system of the computer; a second instruction segment configured to access the locked pestware executable object through direct drive access, the direct drive access bypassing standard file Application-Program-Interface (API) function calls of the operating system; and a third instruction segment configured to modify data in the locked pestware executable object in a manner that renders the locked pestware executable object harmless to the computer, wherein the third instruction segment is configured to render the locked pestware executable object invalid, to the operating system, as an executable object including inverting the order of two initial bytes of a DOS header of the locked pestware executable object, the third instruction segment being further configured to delete the locked pestware executable object from the storage device automatically, after the third instruction segment has modified data in the locked pestware executable object and the computer had been rebooted. - View Dependent Claims (8)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCarbonite LLC (Open Text Corporation)
-
Original AssigneeWebroot Software Incorporated (Open Text Corporation)
-
InventorsNichols, Tony
-
Primary Examiner(s)An, Meng
-
Assistant Examiner(s)WAI, ERIC CHARLES
-
Application NumberUS11/386,590Publication NumberTime in Patent Office2,092 DaysField of Search726/24, 718/100US Class Current718/100CPC Class CodesG06F 21/56 Computer malware detection ...
