专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08065664B2 System and method for defining and detecting pestware 有权
标题翻译：用于定义和检测有害生物的系统和方法
公开(公告)号：US08065664B2
公开(公告)日：2011-11-22
申请号：US11462956
申请日：2006-08-07
申请人： Michael Burtscher
发明人： Michael Burtscher
IPC分类号： G06F9/44
CPC分类号： G06F21/563 , G06F9/4484
摘要： A system and method for defining and detecting pestware is described. One embodiment includes receiving a file and placing at least a portion of the file into a processor-readable memory of a computer. A plurality of execution paths within code of the pestware file are followed and particular instructions within the execution paths are identified. A representation of the relative locations of each of the particular instructions within the code of the file are compared against a pestware-definition file so as to determine whether the file is a potential pestware file.
摘要翻译：描述了用于定义和检测有害生物的系统和方法。一个实施例包括接收文件并将文件的至少一部分放置在计算机的处理器可读存储器中。跟踪农药文件代码内的多个执行路径，并且识别执行路径内的特定指令。将文件代码中的每个特定指令的相对位置的表示与有害生物定义文件进行比较，以便确定该文件是否是潜在的有害物品文件。

2. 发明授权

US07721333B2 Method and system for detecting a keylogger on a computer 有权
标题翻译：用于检测计算机上的键盘记录器的方法和系统
公开(公告)号：US07721333B2
公开(公告)日：2010-05-18
申请号：US11334318
申请日：2006-01-18
申请人： Jefferson Delk Horne
发明人： Jefferson Delk Horne
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00 , G06F21/00 , G06F11/30
CPC分类号： G06F21/552 , G06F21/566 , G06F21/568 , G06F21/83 , G06F2221/031 , G06F2221/2107
摘要： A method and system for detecting a keylogger on a computer is described. One illustrative embodiment creates, in a memory of the computer, a hidden window; generates a unique, unpredictable data pattern; inputs, to the hidden window, the unique, unpredictable data pattern in a manner that mimics keyboard input from a user; scans running processes in the memory other than a keylogger detection process for the unique, unpredictable data pattern; and performs a secondary scan of a suspect process, the suspect process having an associated buffer that contains the unique, unpredictable data pattern.
摘要翻译：描述了一种在计算机上检测键盘记录器的方法和系统。一个说明性的实施例在计算机的存储器中产生隐藏的窗口; 产生一个独特的，不可预知的数据模式; 以模拟用户的键盘输入的方式向隐藏窗口输入唯一的，不可预测的数据模式; 扫描存储器中的运行进程，而不是用于唯一的，不可预测的数据模式的键盘记录器检测过程; 并执行可疑进程的二次扫描，该可疑进程具有包含唯一的，不可预测的数据模式的关联缓冲器。

3. 发明申请

US20090144826A2 Systems and Methods for Identifying Malware Distribution 审中-公开
标题翻译：识别恶意软件分发的系统和方法
公开(公告)号：US20090144826A2
公开(公告)日：2009-06-04
申请号：US11171924
申请日：2005-06-30
申请人： Paul Piccard
发明人： Paul Piccard
IPC分类号： G06F12/14
CPC分类号： G06F21/552 , G06F21/562
摘要： Systems and methods for identifying malware distribution sites are described. In one embodiment, a system includes a malware detection module configured to analyze a file of a protected computer to determine that the file is associated with malware. The system also includes a Web site identification module configured to search a download history log of the protected computer to identify a Web site from which the file was downloaded.
摘要翻译：描述用于识别恶意软件分发站点的系统和方法。在一个实施例中，系统包括恶意软件检测模块，其被配置为分析受保护计算机的文件以确定该文件与恶意软件相关联。该系统还包括一个网站识别模块，用于搜索受保护计算机的下载历史日志，以识别从该文件下载的网站。

4. 发明申请

US20120005752A1 Method and system for detecting and removing hidden pestware files 有权
标题翻译：检测和删除隐藏的虫害文件的方法和系统
公开(公告)号：US20120005752A1
公开(公告)日：2012-01-05
申请号：US13184931
申请日：2011-07-18
申请人： Patrick Sprowls
发明人： Patrick Sprowls
IPC分类号： G06F21/00
CPC分类号： G06F21/78 , G06F21/568
摘要： A method and system for detecting and removing a hidden pestware file is described. One illustrative embodiment detects, using direct drive access, a file on a computer storage device; determines whether the file is also detectable by the operating system by attempting to access the file using a standard file Application-Program-Interface (API) function call of the operating system; identifies the file as a potential hidden pestware file, when the file is undetectable by the operating system; confirms through an automated pestware-signature scan of the potential hidden pestware file that the potential hidden pestware file is a hidden pestware file; and removes automatically, using direct drive access, the hidden pestware file from the storage device.
摘要翻译：描述了用于检测和去除隐藏的有害物品文件的方法和系统。一个说明性实施例使用直接驱动器访问来检测计算机存储设备上的文件; 通过使用操作系统的标准文件应用程序接口（API）函数调用来尝试访问文件来确定操作系统是否也可以检测该文件; 将文件识别为潜在的隐藏的有害物品文件，当文件由操作系统检测不到时; 通过对潜在的隐藏的有害物品文件进行自动化的杀虫剂签名扫描来确认潜在的隐藏的虫害文件是一个隐藏的有毒物品文件; 并使用直接驱动器访问从存储设备中自动删除隐藏的有害生物文件。

5. 发明授权

US08079032B2 Method and system for rendering harmless a locked pestware executable object 有权
标题翻译：方法和系统，使无害的锁定的有害物品可执行对象
公开(公告)号：US08079032B2
公开(公告)日：2011-12-13
申请号：US11386590
申请日：2006-03-22
申请人： Tony Nichols
发明人： Tony Nichols
IPC分类号： G06F9/46 , G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00
CPC分类号： G06F21/56
摘要： A method and system for rendering harmless a locked pestware executable object is described. In one illustrative embodiment, a locked pestware executable object is detected on a storage device of a computer, the locked pestware executable object being inaccessible via the computer's operating system; the locked pestware executable object is accessed through direct drive access; and data in the locked pestware executable object is modified in a manner that renders it harmless to the computer.
摘要翻译：描述了用于使无害的锁定的有害物可执行对象的方法和系统。在一个说明性实施例中，在计算机的存储设备上检测到锁定的有害物质可执行对象，所述锁定的有害物体可执行对象不能通过计算机的操作系统访问; 锁定的有害物品可执行对象通过直接驱动器访问访问; 并且以使得对计算机无害的方式修改锁定的有害物质可执行对象中的数据。

6. 发明授权

US07571476B2 System and method for scanning memory for pestware 有权
标题翻译：用于扫描杀虫剂内存的系统和方法
公开(公告)号：US07571476B2
公开(公告)日：2009-08-04
申请号：US11106122
申请日：2005-04-14
申请人： Jefferson Delk Horne
发明人： Jefferson Delk Horne
IPC分类号： G06F11/00
CPC分类号： G06F21/57 , G06F21/562
摘要： Systems and methods for managing multiple related pestware processes on a protected computer are described. One embodiment is configured to identify a location of each of a plurality of files in at least one file storage device of the protected computer and store a list of the location of each of the plurality of files. The list of the plurality of files is then sorted so as to generate a sorted list. Each of the plurality of files is then sequentially accessed as listed in the sorted list so as to retrieve information from each of the plurality of files. Information from the plurality of files is then analyzed to determine whether any of the plurality of files are potential pestware files. In variations, the files in the file storage device are enumerated, and information from the files is accessed, by circumventing the operating system of the protected computer.
摘要翻译：描述了在受保护的计算机上管理多个相关的有害物件进程的系统和方法。一个实施例被配置为识别受保护计算机的至少一个文件存储设备中的多个文件中的每一个的位置，并且存储多个文件中的每一个的位置的列表。然后对多个文件的列表进行排序，以便生成排序列表。然后，如排序列表中列出的那样顺序访问多个文件中的每一个，以便从多个文件中的每个文件中检索信息。然后分析来自多个文件的信息，以确定多个文件中的任何一个是潜在的有害物品文件。在变体中，枚举文件存储设备中的文件，并且通过绕过受保护计算机的操作系统来访问来自文件的信息。

7. 发明授权

US07533131B2 System and method for pestware detection and removal 有权
标题翻译：用于检测和清除污染物的系统和方法
公开(公告)号：US07533131B2
公开(公告)日：2009-05-12
申请号：US10956574
申请日：2004-10-01
申请人： Steve Thomas , Bradley D. Stowers , Kevin Barton , Jeffery Herman
发明人： Steve Thomas , Bradley D. Stowers , Kevin Barton , Jeffery Herman
IPC分类号： G06F12/00 , G06F17/30 , G06F11/00
CPC分类号： G06F21/56 , G06F21/55
摘要： Systems and methods for managing pestware are described. One system includes a pestware shield configured to detect pestware activity on a protected computer; a heuristics engine configured to identify repeat pestware activity; a drive scan module configured to scan files stored on the storage device and to identify pestware in the scanned files; a program memory scan module configured to scan programs running in the program memory of the protected computer and to identify pestware in the scanned programs; a registry scan module configured to identify any attempts to change data in the registry file; and a quarantine module configured to quarantine the pestware identified by either the drive scan module or the program memory module.
摘要翻译：描述了用于管理害虫的系统和方法。一个系统包括被配置为检测被保护计算机上的有害物质活动的防虫罩; 配置为识别重复的有害生物活动的启发式引擎; 驱动器扫描模块，被配置为扫描存储在所述存储设备上的文件，并识别所述扫描文件中的所述有害物; 程序存储器扫描模块，被配置为扫描在受保护的计算机的程序存储器中运行的程序并识别所扫描的程序中的有害物品; 注册表扫描模块被配置为识别改变注册表文件中的数据的任何尝试; 以及被配置为隔离由驱动器扫描模块或程序存储器模块识别的有害物质的隔离模块。

8. 发明授权

US07346611B2 System and method for accessing data from a data storage medium 有权
标题翻译：用于从数据存储介质访问数据的系统和方法
公开(公告)号：US07346611B2
公开(公告)日：2008-03-18
申请号：US11104201
申请日：2005-04-12
申请人： Michael Burtscher
发明人： Michael Burtscher
IPC分类号： G06F7/10
CPC分类号： G06F21/562 , Y10S707/952 , Y10S707/99933
摘要： Systems and methods for managing multiple related pestware processes on a protected computer are described. One embodiment is configured to identify a location of each of a plurality of files in at least one file storage device of the protected computer and store a list of the location of each of the plurality of files. The list of the plurality of files is then sorted so as to generate a sorted list. Each of the plurality of files is then sequentially accessed as listed in the sorted list so as to retrieve information from each of the plurality of files. Information from the plurality of files is then analyzed to determine whether any of the plurality of files are potential pestware files. In variations, the files in the file storage device are enumerated, and information from the files is accessed, by circumventing the operating system of the protected computer.
摘要翻译：描述了在受保护的计算机上管理多个相关的有害物件进程的系统和方法。一个实施例被配置为识别受保护计算机的至少一个文件存储设备中的多个文件中的每一个的位置，并且存储多个文件中的每一个的位置的列表。然后对多个文件的列表进行排序，以便生成排序列表。然后，如排序列表中列出的那样顺序访问多个文件中的每一个，以便从多个文件中的每个文件中检索信息。然后分析来自多个文件的信息，以确定多个文件中的任何一个是潜在的有害物品文件。在变体中，枚举文件存储设备中的文件，并且通过绕过受保护计算机的操作系统来访问来自文件的信息。

9. 发明申请

US20110239298A1 CONCURRENT AND DELAYED PROCESSING OF MALWARE WITH REDUCED I/O INTERFERENCE 有权
标题翻译：减少I / O干扰的恶意程序的并发和延迟处理
公开(公告)号：US20110239298A1
公开(公告)日：2011-09-29
申请号：US12731537
申请日：2010-03-25
申请人： Michael Burtscher
发明人： Michael Burtscher
IPC分类号： G06F11/00 , G06F21/00
CPC分类号： G06F21/564
摘要： Systems, methods and non-transitory, tangible computer readable storage mediums encoded with processor readable instructions to scan files for malware are disclosed. An exemplary method includes writing, via a communication pathway, a first file to a storage medium that is utilized by the computer, requesting access to the first file so as to enable the first file to be scanned for malware, and delaying, when the first file resides on the storage medium, access to the first file while there is at least one I/O operation relative to the storage medium that has a higher priority level than a priority level of the request to access the first file. In addition, except to enable the first file to be scanned for malware, access to the first file is prevented until the first file has been scanned for malware.
摘要翻译：公开了用处理器可读指令编码的用于扫描恶意软件的文件的系统，方法和非暂时的有形计算机可读存储介质。一种示例性方法包括：经由通信路径将第一文件写入由计算机利用的存储介质，请求访问第一文件，以便使第一文件能够被扫描恶意软件，并且当第一文件第一文件驻留在存储介质上，而存在与存储介质相比具有比访问第一文件的请求的优先级更高的优先级的至少一个I / O操作的访问。此外，除了启用第一个文件扫描恶意软件外，防止访问第一个文件，直到扫描第一个文件为恶意软件。

10. 发明申请

US20110197272A1 Low-Latency Detection of Scripting-Language-Based Exploits 有权
标题翻译：脚本语言漏洞的低延迟检测
公开(公告)号：US20110197272A1
公开(公告)日：2011-08-11
申请号：US12703074
申请日：2010-02-09
申请人： Rajesh Mony
发明人： Rajesh Mony
IPC分类号： G06F21/00 , G06F9/44 , G06F9/455
CPC分类号： H04L63/1416 , G06F21/566 , H04L63/0281
摘要： Systems and methods for protecting client computers are described. One method includes receiving webpage data at a proxy from a webpage before the data reaches an intended recipient; gathering scripting-language-data from the webpage data; normalizing the scripting-language-data so as to generate normalized data; emulating execution of the normalized scripting-language-data with a inspection-point-script-execution engine that that is adapted to provide inspection points instead of effectuating particular functions, and determining whether to block the data from the intended recipient by analyzing inspection-data collected from the inspection points.
摘要翻译：描述了用于保护客户端计算机的系统和方法。一种方法包括在数据到达预期接收者之前从网页在代理处接收网页数据; 从网页数据收集脚本语言数据; 规范化脚本语言数据，以便生成规范化数据; 使用适于提供检查点而不是实现特定功能的检查点脚本执行引擎来仿真执行标准化脚本语言数据，并且通过分析检查数据来确定是否阻止来自预期接收者的数据从检查点收集。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式