×

Removal of fake anti-virus software

  • US 9,152,791 B1
  • Filed: 05/11/2011
  • Issued: 10/06/2015
  • Est. Priority Date: 05/11/2011
  • Status: Active Grant
First Claim
Patent Images

1. A method of detecting fake antivirus software, said method comprising:

  • collecting keywords that are comprehensible words by scanning a plurality of executing fake antivirus software samples in a second memory of a second computer and storing said keywords in a keyword database;

    identifying an executing process in a computer;

    retrieving a rule from a rule database, said rule using two or more of said keywords to identify fake software;

    retrieving said keywords from said keyword database, each of said keywords being indicative of fake antivirus software;

    applying said rule to said executing process and determining that said keywords of said rule match data in said process executing in a memory of said computer by scanning said process in said memory;

    determining, after said step of applying, that said process is not a legitimate process when a digital certificate of said process is nonexistent or is invalid, when an identification of said process does not exist in a white list of valid processes, or when a company name associated with said process does not exist in a white list of valid company names; and

    displaying, on said computer, an indication that said process is fake antivirus software based on said applying and said determining.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×