Method and system for detecting and removing hidden pestware files
First Claim
1. A method for scanning a storage device of a computer for hidden pestware files, the method comprising:
- reading a data-bearing portion of the storage device, the reading being performed sequentially in sector order using direct drive access, the direct drive access substantially bypassing standard file Application-Program-Interface (API) function calls of an operating system of the computer;
identifying, through the reading, files on the storage device;
determining whether an identified file is detectable by the operating system by attempting to access the identified file using a standard file API function call of the operating system, the identified file being detectable by the operating system when the attempt to access the identified file using the standard file API function call is successful, the identified file being undetectable by the operating system when the attempt to access that identified file using the standard file API function call is unsuccessful;
in response to determining that the identified file is undetectable, flagging the identified file to the operating system as a potential hidden pestware file;
performing an automated pestware-signature scan of the identified file flagged as a potential hidden pestware file to determine whether that identified file is indeed a hidden pestware file; and
in response to determining that the identified file is a hidden pestware file, removing from the storage device automatically, using direct drive access, the identified file determined to be a hidden pestware file.
9 Assignments
0 Petitions
Accused Products
Abstract
A method and system for detecting and removing a hidden pestware file is described. One illustrative embodiment detects, using direct drive access, a file on a computer storage device; determines whether the file is also detectable by the operating system by attempting to access the file using a standard file Application-Program-Interface (API) function call of the operating system; identifies the file as a potential hidden pestware file, when the file is undetectable by the operating system; confirms through an automated pestware-signature scan of the potential hidden pestware file that the potential hidden pestware file is a hidden pestware file; and removes automatically, using direct drive access, the hidden pestware file from the storage device.
93 Citations
4 Claims
-
1. A method for scanning a storage device of a computer for hidden pestware files, the method comprising:
-
reading a data-bearing portion of the storage device, the reading being performed sequentially in sector order using direct drive access, the direct drive access substantially bypassing standard file Application-Program-Interface (API) function calls of an operating system of the computer; identifying, through the reading, files on the storage device; determining whether an identified file is detectable by the operating system by attempting to access the identified file using a standard file API function call of the operating system, the identified file being detectable by the operating system when the attempt to access the identified file using the standard file API function call is successful, the identified file being undetectable by the operating system when the attempt to access that identified file using the standard file API function call is unsuccessful; in response to determining that the identified file is undetectable, flagging the identified file to the operating system as a potential hidden pestware file; performing an automated pestware-signature scan of the identified file flagged as a potential hidden pestware file to determine whether that identified file is indeed a hidden pestware file; and in response to determining that the identified file is a hidden pestware file, removing from the storage device automatically, using direct drive access, the identified file determined to be a hidden pestware file. - View Dependent Claims (2, 3, 4)
-
Specification