专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08387139B2 Thread scanning and patching to disable injected malware threats 有权
标题翻译：线程扫描和修补以禁用注入的恶意软件威胁
公开(公告)号：US08387139B2
公开(公告)日：2013-02-26
申请号：US12025142
申请日：2008-02-04
申请人： Michael S. Jarrett , Adrian M Marinescu , Marius Gheorghe Gheorghescu , George C. Chicioreanu
发明人： Michael S. Jarrett , Adrian M Marinescu , Marius Gheorghe Gheorghescu , George C. Chicioreanu
IPC分类号： G06F12/14 , G06F12/16 , G06F11/00
CPC分类号： G06F21/566
摘要： An arrangement for scanning and patching injected malware code that is executing in otherwise legitimate processes running on a computer system is provided in which malware code is located in the memory of processes by extracting the start addresses of processes' threads and then searching near these addresses. Additional blocks of code in memory that are invoked by the code identified by each start address are also identified and the blocks are then matched against scanning signatures associated with known malware threads. If the entire signature can be matched against a subset of the blocks, then the thread is determined to be infected. The infected thread is suspended and in-memory modifications are performed to patch the injected code to render it harmless. The thread can be resumed or terminated to disable the protection mechanisms of the malware without causing any harm to the process in which the thread is injected.
摘要翻译：提供扫描和修补在计算机系统上运行的其他合法进程中执行的注入的恶意软件代码的布置，其中通过提取进程的线程的开始地址然后在这些地址附近进行搜索，其中恶意代码位于进程的存储器中。由每个起始地址识别的代码调用的内存中的其他代码块也被识别，然后将块与已知恶意软件线程相关的扫描签名进行匹配。如果整个签名可以与块的子集进行匹配，则确定线程被感染。受感染的线程被暂停，并且执行内存中的修改来修补注入的代码以使其无害化。可以恢复或终止线程以禁用恶意软件的保护机制，而不会对注入线程的进程造成任何损害。

2. 发明授权

US07877802B2 System and method for proactive computer virus protection 有权
标题翻译：主动计算机病毒保护的系统和方法
公开(公告)号：US07877802B2
公开(公告)日：2011-01-25
申请号：US12019479
申请日：2008-01-24
申请人： Adrian M. Marinescu
发明人： Adrian M. Marinescu
IPC分类号： G06F11/00
CPC分类号： G06F21/566
摘要： A system, method, and computer readable medium for the proactive detection of malware in operating systems that receive application programming interface (API) calls is provided. A virtual operating environment for simulating the execution of programs and determining if the programs are malware is created. The virtual operating environment confines potential malware so that the systems of the host operating environment will not be adversely effected. During simulation, a behavior signature is generated based on the API calls issued by potential malware. The behavior signature is suitable for analysis to determine whether the simulated executable is malware.
摘要翻译：提供了用于在接收应用程序接口（API）调用的操作系统中主动检测恶意软件的系统，方法和计算机可读介质。用于模拟程序的执行并确定程序是否是恶意软件的虚拟操作环境被创建。虚拟操作环境限制潜在的恶意软件，使得主机操作环境的系统不会受到不利影响。在仿真期间，根据潜在恶意软件发出的API调用生成行为签名。行为签名适用于分析，以确定模拟的可执行文件是否为恶意软件。

3. 发明授权

US07844700B2 Latency free scanning of malware at a network transit point 有权
标题翻译：在网络转接点，不间断地扫描恶意软件
公开(公告)号：US07844700B2
公开(公告)日：2010-11-30
申请号：US11097060
申请日：2005-03-31
申请人： Adrian M Marinescu , Marc E Seinfeld , Michael Kramer , Yigal Edery
发明人： Adrian M Marinescu , Marc E Seinfeld , Michael Kramer , Yigal Edery
IPC分类号： G06F15/173 , G06F11/30
CPC分类号： H04L63/0209 , H04L63/1416 , H04L63/145
摘要： In accordance with the present invention, a system, method, and computer-readable medium for identifying malware at a network transit point such as a computer that serves as a gateway to an internal or private network is provided. A network transmission is scanned for malware at a network transit point without introducing additional latency to the transmission of data over the network. In accordance with one aspect of the present invention, a computer-implemented method for identifying malware at a network transit point is provided. More specifically, when a packet in a transmission is received at the network transit point, the packet is immediately forwarded to the target computer. Simultaneously, the packet and other data in the transmission are scanned for malware by an antivirus engine. If malware is identified in the transmission, the target computer is notified that the transmission contains malware.
摘要翻译：根据本发明，提供了一种系统，方法和计算机可读介质，用于在诸如用作内部或专用网络的网关的计算机之类的网络转接点处识别恶意软件。在网络传输点扫描网络传输恶意软件，而不会对网络上的数据传输造成额外的延迟。根据本发明的一个方面，提供了一种用于在网络中转点识别恶意软件的计算机实现的方法。更具体地，当在网络转接点接收到传输中的分组时，该分组立即被转发到目标计算机。同时，传输中的数据包和其他数据由防病毒引擎扫描恶意软件。如果在传输中识别到恶意软件，则通知目标计算机该传输包含恶意软件。

4. 发明授权

US07730530B2 System and method for gathering exhibited behaviors on a .NET executable module in a secure manner 失效
标题翻译：以安全的方式收集.NET可执行模块的行为的系统和方法
公开(公告)号：US07730530B2
公开(公告)日：2010-06-01
申请号：US10769097
申请日：2004-01-30
申请人： Daniel M. Bodorin , Adrian M. Marinescu
发明人： Daniel M. Bodorin , Adrian M. Marinescu
IPC分类号： G06F11/00
CPC分类号： H04L63/1408 , G06F21/563 , G06F21/564 , G06F21/566
摘要： A system and method for gathering exhibited behaviors of a .NET executable module in a secure manner is presented. In operation, a .NET behavior evaluation module presents a virtual .NET environment to a Microsoft Corporation .NET code module. The .NET behavior evaluation module implements a sufficient number of aspects of an actual Microsoft Corporation .NET environment that a .NET code module can execute. As the .NET code module executes, the .NET behavior evaluation module records some of the exhibited behaviors, i.e., .NET system supplied libraries/subroutines, that are associated with known malware. The recorded behaviors are placed in a behavior signature for an external determination as to whether the .NET code module is malware, i.e., an unwanted computer attack.
摘要翻译：提出了以安全的方式收集.NET可执行模块的展示行为的系统和方法。在运行中，.NET行为评估模块向Microsoft Corporation .NET代码模块呈现虚拟.NET环境。 .NET行为评估模块实现.NET代码模块可以执行的实际Microsoft Corporation .NET环境的足够数量的方面。当.NET代码模块执行时，.NET行为评估模块记录与已知恶意软件相关联的一些展示行为，即.NET系统提供的库/子程序。记录的行为被放置在行为签名中，以便外部确定.NET代码模块是否是恶意软件，即不需要的计算机攻击。

5. 发明授权

US07660797B2 Scanning data in an access restricted file for malware 有权
标题翻译：在恶意软件的访问限制文件中扫描数据
公开(公告)号：US07660797B2
公开(公告)日：2010-02-09
申请号：US11139409
申请日：2005-05-27
申请人： Adrian M Marinescu , George C Chicioreanu , Marius Gheorghe Gheorghescu , Scott A Field
发明人： Adrian M Marinescu , George C Chicioreanu , Marius Gheorghe Gheorghescu , Scott A Field
IPC分类号： G06F7/00 , G06F17/30 , G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00
CPC分类号： G06F21/56
摘要： The present invention is directed toward a system, method, and computer-readable medium that scan a file for malware that maintains a restrictive access attribute that limits access to the file. In accordance with one aspect of the present invention, a method for performing a scan for malware is provided when antivirus software on a computer encounters a file with a restrictive access attribute that prevents the file from being scanned. More specifically, the method includes identifying the restrictive access attribute that limits access to the file; bypassing the restrictive access attribute to access data in the file; and using a scan engine to scan the data in the file for malware.
摘要翻译：本发明涉及一种系统，方法和计算机可读介质，其扫描文件以维护限制对该文件的访问的限制性访问属性的恶意软件。根据本发明的一个方面，当计算机上的防病毒软件遇到具有阻止文件被扫描的限制性访问属性的文件时，提供了用于执行恶意软件扫描的方法。更具体地，该方法包括识别限制对文件的访问的限制性访问属性; 绕过限制访问属性访问文件中的数据; 并使用扫描引擎来扫描文件中的恶意软件数据。

6. 发明授权

US07624443B2 Method and system for a self-heating device 有权
标题翻译：自加热装置的方法和系统
公开(公告)号：US07624443B2
公开(公告)日：2009-11-24
申请号：US11018412
申请日：2004-12-21
申请人： Michael Kramer , Scott A. Field , Marc E. Seinfeld , Carl Carter-Schwendler , Paul Luber , Adrian M. Marinescu
发明人： Michael Kramer , Scott A. Field , Marc E. Seinfeld , Carl Carter-Schwendler , Paul Luber , Adrian M. Marinescu
IPC分类号： G06F11/00 , G06F17/30 , G06F15/177 , G06F1/24 , H04L29/06 , G06F11/30 , G06F15/173 , G06F12/00
CPC分类号： G06F21/568 , G06F21/554 , Y10S707/99953
摘要： A self-healing device is provided in which changes made between the time that an infection resulting from an attack on the device was detected and an earlier point in time to which the device is capable of being restored may be recovered based, at least in part, on what kinds of changes were made, whether the changes were bona fide or malware induced, whether the changes were made after the time that the infection likely occurred, and whether new software was installed.
摘要翻译：提供了一种自愈设备，其中，可以在至少部分地恢复在检测到由设备的攻击引起的感染的时间与设备能够恢复到的较早时间点之间进行的改变关于什么样的变化，这些变化是真正的还是恶意软件引起的，这些变化是否在感染可能发生的时间之后进行，以及是否安装了新的软件。

7. 发明授权

US07478237B2 System and method of allowing user mode applications with access to file data 有权
标题翻译：允许用户模式应用访问文件数据的系统和方法
公开(公告)号：US07478237B2
公开(公告)日：2009-01-13
申请号：US10984207
申请日：2004-11-08
申请人： Mihai Costea , David Allen Goebel , Adrian M Marinescu , Anil Francis Thomas
发明人： Mihai Costea , David Allen Goebel , Adrian M Marinescu , Anil Francis Thomas
IPC分类号： H04L9/00 , H04L9/32 , G06F11/30
CPC分类号： G06F21/566 , G06F21/564
摘要： In accordance with this invention, a system, method, and computer-readable medium that aggregates the knowledge base of a plurality of antivirus software applications are provided. User mode applications, such as antivirus software applications, gain access to file system operations through a common information model, which obviates the need for antivirus software vendors to create kernel mode filters. When file system operations are available to antivirus software applications, the present invention may cause each antivirus software application installed on a computing device to perform a scan to determine if the data is malware.
摘要翻译：根据本发明，提供了聚合多个防病毒软件应用的知识库的系统，方法和计算机可读介质。诸如防病毒软件应用程序之类的用户模式应用程序通过通用信息模型获得对文件系统操作的访问，从而避免了防病毒软件供应商创建内核模式过滤器的需要。当文件系统操作可用于防病毒软件应用时，本发明可以使得安装在计算设备上的每个防病毒软件应用程序执行扫描以确定数据是否是恶意软件。

8. 发明授权

US08973135B2 Selectively scanning objects for infection by malware 有权
标题翻译：选择性扫描物体感染恶意软件
公开(公告)号：US08973135B2
公开(公告)日：2015-03-03
申请号：US13248867
申请日：2011-09-29
申请人： Anil Francis Thomas , Adrian M. Marinescu , Ajith Kumar , Jonathan M. Keller , Omer Ben Bassat
发明人： Anil Francis Thomas , Adrian M. Marinescu , Ajith Kumar , Jonathan M. Keller , Omer Ben Bassat
IPC分类号： G06F12/14 , G06F21/00
CPC分类号： G06F21/00 , G06F21/564 , G06F21/568
摘要： Techniques are described herein that are capable of selectively scanning objects for infection by malware (i.e., to determine whether one or more of the objects are infected by malware). For instance, metadata that is associated with the objects may be reviewed to determine whether update(s) have been made with regard to the objects since a determination was made that the objects were not infected by malware. An update may involve increasing a number of the objects, modifying one of the objects, etc. Objects that have been updated (e.g., added and/or modified) since the determination may be scanned. Objects that have not been updated since the determination need not necessarily be scanned. For instance, an allowance may be made to perform operations with respect to the objects that have not been updated since the determination without first scanning the objects for infection by malware.
摘要翻译：本文描述了能够选择性地扫描物体以感染恶意软件（即，确定一个或多个对象是否被恶意软件感染）的技术。例如，可以检查与对象相关联的元数据，以确定是否已经对对象进行了更新，因为确定对象未被恶意软件感染。更新可以涉及增加对象的数量，修改对象之一等。可以扫描自确定以来已被更新（例如，添加和/或修改）的对象。自确定以来尚未更新的对象不必一定被扫描。例如，可以在不首先扫描物体以感染恶意软件的情况下，进行从确定以来未进行更新的对象的操作。

9. 发明授权

US08799190B2 Graph-based malware classification based on file relationships 有权
标题翻译：基于图形的恶意软件分类基于文件关系
公开(公告)号：US08799190B2
公开(公告)日：2014-08-05
申请号：US13163010
申请日：2011-06-17
申请人： Jack W. Stokes , Nikos Karampatziakis , John C. Platt , Anil Francis Thomas , Adrian M. Marinescu
发明人： Jack W. Stokes , Nikos Karampatziakis , John C. Platt , Anil Francis Thomas , Adrian M. Marinescu
IPC分类号： G06F21/56 , G06K9/62
CPC分类号： G06K9/62 , G06F21/56 , G06F21/563 , G06K9/6224 , Y10S707/952
摘要： A reliable automated malware classification approach with substantially low false positive rates is provided. Graph-based local and/or global file relationships are used to improve malware classification along with a feature selection algorithm. File relationships such as containing, creating, copying, downloading, modifying, etc. are used to assign malware probabilities and simultaneously reduce the false positive and false negative rates on executable files.
摘要翻译：提供了一种可靠的自动恶意软件分类方法，具有极低的假阳性率。基于图形的本地和/或全局文件关系用于改进恶意软件分类以及特征选择算法。使用诸如包含，创建，复制，下载，修改等的文件关系来分配恶意软件概率，并同时减少可执行文件上的假正负率。

10. 发明申请

US20130160126A1 MALWARE REMEDIATION SYSTEM AND METHOD FOR MODERN APPLICATIONS 审中-公开
标题翻译：恶意修复系统及现代应用方法
公开(公告)号：US20130160126A1
公开(公告)日：2013-06-20
申请号：US13327223
申请日：2011-12-15
申请人： Vishal Kapoor , Jason J. Joyce , Gregory W. Nichols , Joshua W. Dunn , Michael S. Jarrett , Adrian M. Marinescu , Marc E. Seinfeld , Axel Andrejs , Jayaraman Kalyana Sundaram
发明人： Vishal Kapoor , Jason J. Joyce , Gregory W. Nichols , Joshua W. Dunn , Michael S. Jarrett , Adrian M. Marinescu , Marc E. Seinfeld , Axel Andrejs , Jayaraman Kalyana Sundaram
IPC分类号： G06F21/00 , G06F15/16
CPC分类号： G06F21/568 , G06F2221/2115
摘要： A system is described for remediating a malicious modern application installed on an end user device. In an embodiment, the system includes an antimalware program executing on the end user device that can detect and attempt to remediate the malicious modern application, an operating system executing on the end user device that is configured to interact with the antimalware program for the purpose of facilitating the establishment of a connection between the end user device and an application support system in response to determining that the antimalware program has detected and attempted to remediate the malicious modern application, and the application support system that can perform remediation operations beyond those that can be performed by the antimalware program.
摘要翻译：描述了一种用于修复安装在最终用户设备上的恶意现代应用程序的系统。在一个实施例中，系统包括在最终用户设备上执行的可以检测并尝试修复恶意现代应用的反恶意软件程序，该终端用户设备上执行的被配置为与反恶意软件程序交互的操作系统，响应于确定反恶意软件程序已经检测并尝试修复恶意现代应用程序，以及能够执行补救操作的应用程序支持系统，超出可以执行的修复操作，便于建立最终用户设备和应用程序支持系统之间的连接由反恶意程序执行。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式