CA2069239A1 - Method for recovery of a computer program infected by a computer virus - Google Patents

Method for recovery of a computer program infected by a computer virus

Info

Publication number
CA2069239A1
CA2069239A1 CA002069239A CA2069239A CA2069239A1 CA 2069239 A1 CA2069239 A1 CA 2069239A1 CA 002069239 A CA002069239 A CA 002069239A CA 2069239 A CA2069239 A CA 2069239A CA 2069239 A1 CA2069239 A1 CA 2069239A1
Authority
CA
Canada
Prior art keywords
program
infected
fingerprint
computer
string
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CA002069239A
Other languages
French (fr)
Other versions
CA2069239C (en
Inventor
Omri Mann
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NortonLifeLock Inc
Original Assignee
Omri Mann
Brm Technologies Ltd.
Symantec Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Omri Mann, Brm Technologies Ltd., Symantec Corporation filed Critical Omri Mann
Publication of CA2069239A1 publication Critical patent/CA2069239A1/en
Application granted granted Critical
Publication of CA2069239C publication Critical patent/CA2069239C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/565Static detection by checking file integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/568Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying

Abstract

A recovery technique allows a computer program to be recovered from a program which has been infected with a computer virus. Prior to the program being infected, a unique fingerprint of the program is taken and stored along with data relating to the beginning portion of the program at a location separate from the program. A
program thought to be infected is processed by generating a fingerprint of a string in the program utilizing the stored data. The fingerprint that is generated is compared with the stored fingerprint to determine whether or not the two fingerprints match. If the fingerprints match, the program is restored from the stored information and the string. If the fingerprints do not match, the value utilized to select the string can be incremented and the process repeated.
CA002069239A 1991-05-24 1992-05-22 Method for recovery of a computer program infected by a computer virus Expired - Lifetime CA2069239C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US705,390 1991-05-24
US07/705,390 US5408642A (en) 1991-05-24 1991-05-24 Method for recovery of a computer program infected by a computer virus

Publications (2)

Publication Number Publication Date
CA2069239A1 true CA2069239A1 (en) 1992-11-25
CA2069239C CA2069239C (en) 2005-04-12

Family

ID=24833252

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002069239A Expired - Lifetime CA2069239C (en) 1991-05-24 1992-05-22 Method for recovery of a computer program infected by a computer virus

Country Status (6)

Country Link
US (2) US5408642A (en)
EP (1) EP0514815B1 (en)
AT (1) ATE160638T1 (en)
CA (1) CA2069239C (en)
DE (1) DE69223275D1 (en)
IL (1) IL101983A (en)

Families Citing this family (113)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5721788A (en) 1992-07-31 1998-02-24 Corbis Corporation Method and system for digital image signatures
US5448668A (en) * 1993-07-08 1995-09-05 Perelson; Alan S. Method of detecting changes to a collection of digital signals
US5398196A (en) * 1993-07-29 1995-03-14 Chambers; David A. Method and apparatus for detection of computer viruses
JPH07177142A (en) * 1993-10-27 1995-07-14 Hitachi Ltd Message guarantee system
US5862260A (en) 1993-11-18 1999-01-19 Digimarc Corporation Methods for surveying dissemination of proprietary empirical data
US5748763A (en) 1993-11-18 1998-05-05 Digimarc Corporation Image steganography system featuring perceptually adaptive and globally scalable signal embedding
US5832119C1 (en) 1993-11-18 2002-03-05 Digimarc Corp Methods for controlling systems using control signals embedded in empirical data
US6983051B1 (en) 1993-11-18 2006-01-03 Digimarc Corporation Methods for audio watermarking and decoding
US6408082B1 (en) 1996-04-25 2002-06-18 Digimarc Corporation Watermark detection using a fourier mellin transform
US5841886A (en) 1993-11-18 1998-11-24 Digimarc Corporation Security system for photographic identification
US6424725B1 (en) 1996-05-16 2002-07-23 Digimarc Corporation Determining transformations of media signals with embedded code signals
US6580819B1 (en) 1993-11-18 2003-06-17 Digimarc Corporation Methods of producing security documents having digitally encoded data and documents employing same
US6122403A (en) 1995-07-27 2000-09-19 Digimarc Corporation Computer system linked by using information in data objects
US6614914B1 (en) 1995-05-08 2003-09-02 Digimarc Corporation Watermark embedder and reader
US5822436A (en) 1996-04-25 1998-10-13 Digimarc Corporation Photographic products and methods employing embedded information
US6611607B1 (en) 1993-11-18 2003-08-26 Digimarc Corporation Integrating digital watermarks in multimedia content
US7171016B1 (en) 1993-11-18 2007-01-30 Digimarc Corporation Method for monitoring internet dissemination of image, video and/or audio files
US5768426A (en) 1993-11-18 1998-06-16 Digimarc Corporation Graphics processing system employing embedded code signals
US6516079B1 (en) 2000-02-14 2003-02-04 Digimarc Corporation Digital watermark screening and detecting strategies
US5509120A (en) * 1993-11-30 1996-04-16 International Business Machines Corporation Method and system for detecting computer viruses during power on self test
US6522770B1 (en) 1999-05-19 2003-02-18 Digimarc Corporation Management of documents and other objects using optical devices
US5572590A (en) * 1994-04-12 1996-11-05 International Business Machines Corporation Discrimination of malicious changes to digital information using multiple signatures
US5835953A (en) * 1994-10-13 1998-11-10 Vinca Corporation Backup system that takes a snapshot of the locations in a mass storage device that has been identified for updating prior to updating
US6560349B1 (en) 1994-10-21 2003-05-06 Digimarc Corporation Audio monitoring using steganographic information
US5485575A (en) * 1994-11-21 1996-01-16 International Business Machines Corporation Automatic analysis of a computer virus structure and means of attachment to its hosts
US5613002A (en) * 1994-11-21 1997-03-18 International Business Machines Corporation Generic disinfection of programs infected with a computer virus
US5745569A (en) * 1996-01-17 1998-04-28 The Dice Company Method for stega-cipher protection of computer code
US5699507A (en) * 1995-01-17 1997-12-16 Lucent Technologies Inc. Method of identifying similarities in code segments
US6760463B2 (en) 1995-05-08 2004-07-06 Digimarc Corporation Watermarking methods and media
US6744906B2 (en) 1995-05-08 2004-06-01 Digimarc Corporation Methods and systems using multiple watermarks
US6721440B2 (en) 1995-05-08 2004-04-13 Digimarc Corporation Low visibility watermarks using an out-of-phase color
JP4162099B2 (en) 1995-06-02 2008-10-08 富士通株式会社 Device having function to cope with virus infection and storage device thereof
US6577746B1 (en) 1999-12-28 2003-06-10 Digimarc Corporation Watermark-based object linking and embedding
US6829368B2 (en) 2000-01-26 2004-12-07 Digimarc Corporation Establishing and interacting with on-line media collections using identifiers in media signals
US6788800B1 (en) 2000-07-25 2004-09-07 Digimarc Corporation Authenticating objects using embedded data
US5765030A (en) * 1996-07-19 1998-06-09 Symantec Corp Processor emulator module having a variable pre-fetch queue size for program execution
US6067410A (en) * 1996-02-09 2000-05-23 Symantec Corporation Emulation repair system
US5696822A (en) * 1995-09-28 1997-12-09 Symantec Corporation Polymorphic virus detection module
US5854916A (en) * 1995-09-28 1998-12-29 Symantec Corporation State-based cache for antivirus software
US5826013A (en) * 1995-09-28 1998-10-20 Symantec Corporation Polymorphic virus detection module
WO1997024665A1 (en) * 1995-12-28 1997-07-10 Eyal Dotan Method for protecting executable software programs against infection by software viruses
US5822517A (en) * 1996-04-15 1998-10-13 Dotan; Eyal Method for detecting infection of software programs by memory resident software viruses
US6381341B1 (en) 1996-05-16 2002-04-30 Digimarc Corporation Watermark encoding method exploiting biases inherent in original signal
US5951698A (en) * 1996-10-02 1999-09-14 Trend Micro, Incorporated System, apparatus and method for the detection and removal of viruses in macros
US6802028B1 (en) 1996-11-11 2004-10-05 Powerquest Corporation Computer virus detection and removal
DE19701166A1 (en) * 1997-01-15 1998-07-23 Siemens Ag Procedure for monitoring the proper execution of software programs
US5964889A (en) * 1997-04-16 1999-10-12 Symantec Corporation Method to analyze a program for presence of computer viruses by examining the opcode for faults before emulating instruction in emulator
US6029256A (en) * 1997-12-31 2000-02-22 Network Associates, Inc. Method and system for allowing computer programs easy access to features of a virus scanning engine
KR19990060338A (en) * 1997-12-31 1999-07-26 윤종용 Hard disk drive virus damage data recovery method
US7054463B2 (en) 1998-01-20 2006-05-30 Digimarc Corporation Data encoding using frail watermarks
US6295638B1 (en) * 1998-07-30 2001-09-25 International Business Machines Corporation Method and apparatus for loading native object code in data processing system
US6981155B1 (en) 1999-07-14 2005-12-27 Symantec Corporation System and method for computer security
AU6107600A (en) 1999-07-14 2001-01-30 Recourse Technologies, Inc. System and method for computer security
US7117532B1 (en) 1999-07-14 2006-10-03 Symantec Corporation System and method for generating fictitious content for a computer
US7203962B1 (en) 1999-08-30 2007-04-10 Symantec Corporation System and method for using timestamps to detect attacks
US6954858B1 (en) 1999-12-22 2005-10-11 Kimberly Joyce Welborn Computer virus avoidance system and mechanism
US6625297B1 (en) 2000-02-10 2003-09-23 Digimarc Corporation Self-orienting watermarks
US6804377B2 (en) 2000-04-19 2004-10-12 Digimarc Corporation Detecting information hidden out-of-phase in color channels
US7032114B1 (en) * 2000-08-30 2006-04-18 Symantec Corporation System and method for using signatures to detect computer intrusions
US6941490B2 (en) * 2000-12-21 2005-09-06 Emc Corporation Dual channel restoration of data between primary and backup servers
US6871271B2 (en) 2000-12-21 2005-03-22 Emc Corporation Incrementally restoring a mass storage device to a prior state
EP1225513A1 (en) * 2001-01-19 2002-07-24 Eyal Dotan Method for protecting computer programs and data from hostile code
US7613930B2 (en) 2001-01-19 2009-11-03 Trustware International Limited Method for protecting computer programs and data from hostile code
CN100419743C (en) * 2001-02-14 2008-09-17 英业达股份有限公司 Method for atomatically creating application software version information library
US7114184B2 (en) * 2001-03-30 2006-09-26 Computer Associates Think, Inc. System and method for restoring computer systems damaged by a malicious computer program
CN1147795C (en) * 2001-04-29 2004-04-28 北京瑞星科技股份有限公司 Method, system and medium for detecting and clearing known and anknown computer virus
US7043634B2 (en) * 2001-05-15 2006-05-09 Mcafee, Inc. Detecting malicious alteration of stored computer files
US7117357B2 (en) * 2001-06-27 2006-10-03 International Business Machines Corporation Method, system, and product for pre-encrypting static information transmitted by secure web sites
US20030014667A1 (en) * 2001-07-16 2003-01-16 Andrei Kolichtchak Buffer overflow attack detection and suppression
US6963978B1 (en) 2001-07-26 2005-11-08 Mcafee, Inc. Distributed system and method for conducting a comprehensive search for malicious code in software
US7149691B2 (en) * 2001-07-27 2006-12-12 Siemens Corporate Research, Inc. System and method for remotely experiencing a virtual environment
US7234167B2 (en) * 2001-09-06 2007-06-19 Mcafee, Inc. Automatic builder of detection and cleaning routines for computer viruses
US7035867B2 (en) 2001-11-28 2006-04-25 Aerocast.Com, Inc. Determining redundancies in content object directories
US7296125B2 (en) * 2001-11-29 2007-11-13 Emc Corporation Preserving a snapshot of selected data of a mass storage system
US7194464B2 (en) 2001-12-07 2007-03-20 Websense, Inc. System and method for adapting an internet filter
TWI286701B (en) * 2002-01-09 2007-09-11 Via Tech Inc Process for avoiding system infection of software viruses
EP1520274A2 (en) * 2002-06-28 2005-04-06 Koninklijke Philips Electronics N.V. Playback system with remote control device
US8069480B1 (en) * 2002-09-30 2011-11-29 Mcafee, Inc. Method and system for defining a safe storage area for use in recovering a computer system
KR20040089386A (en) * 2003-04-14 2004-10-21 주식회사 하우리 Curative Method for Computer Virus Infecting Memory, Recording Medium Comprising Program Readable by Computer, and The Device
US7685174B2 (en) * 2003-07-08 2010-03-23 Seventh Knight Inc. Automatic regeneration of computer files
KR20050053401A (en) * 2003-12-02 2005-06-08 주식회사 하우리 Method for removing computer virus, and computer-readable storage medium recorded with virus-removing program
US7539871B1 (en) * 2004-02-23 2009-05-26 Sun Microsystems, Inc. System and method for identifying message propagation
GB2416879B (en) 2004-08-07 2007-04-04 Surfcontrol Plc Device resource access filtering system and method
US7457832B2 (en) * 2004-08-31 2008-11-25 Microsoft Corporation Verifying dynamically generated operations on a data store
GB2418108B (en) * 2004-09-09 2007-06-27 Surfcontrol Plc System, method and apparatus for use in monitoring or controlling internet access
GB2418037B (en) 2004-09-09 2007-02-28 Surfcontrol Plc System, method and apparatus for use in monitoring or controlling internet access
GB2418999A (en) * 2004-09-09 2006-04-12 Surfcontrol Plc Categorizing uniform resource locators
FR2877118B1 (en) * 2004-10-22 2007-01-19 Oberthur Card Syst Sa PROTECTION AGAINST ATTACKS BY GENERATING FAULTS ON JUMPING INSTRUCTIONS
US20090038011A1 (en) * 2004-10-26 2009-02-05 Rudra Technologies Pte Ltd. System and method of identifying and removing malware on a computer system
US8117659B2 (en) 2005-12-28 2012-02-14 Microsoft Corporation Malicious code infection cause-and-effect analysis
US20060130144A1 (en) * 2004-12-14 2006-06-15 Delta Insights, Llc Protecting computing systems from unauthorized programs
US20060156397A1 (en) * 2005-01-13 2006-07-13 Steven Dai A New Anti-spy method without using scan
US7895651B2 (en) 2005-07-29 2011-02-22 Bit 9, Inc. Content tracking in a network security system
US8272058B2 (en) 2005-07-29 2012-09-18 Bit 9, Inc. Centralized timed analysis in a network security system
US8984636B2 (en) 2005-07-29 2015-03-17 Bit9, Inc. Content extractor and analysis system
US8453243B2 (en) 2005-12-28 2013-05-28 Websense, Inc. Real time lockdown
US7823007B2 (en) * 2006-02-17 2010-10-26 International Business Machines Corporation Apparatus, system, and method for switching a volume address association in a point-in-time copy relationship
US8495037B1 (en) * 2006-02-21 2013-07-23 Symantec Operating Corporation Efficient isolation of backup versions of data objects affected by malicious software
US8615800B2 (en) * 2006-07-10 2013-12-24 Websense, Inc. System and method for analyzing web content
US8020206B2 (en) 2006-07-10 2011-09-13 Websense, Inc. System and method of analyzing web content
KR101303532B1 (en) 2006-10-31 2013-09-03 티티아이 인벤션스 씨 엘엘씨 Virus localization using cryptographic hashing
US9654495B2 (en) 2006-12-01 2017-05-16 Websense, Llc System and method of analyzing web addresses
GB2445764A (en) * 2007-01-22 2008-07-23 Surfcontrol Plc Resource access filtering system and database structure for use therewith
US20080195676A1 (en) * 2007-02-14 2008-08-14 Microsoft Corporation Scanning of backup data for malicious software
US8015174B2 (en) 2007-02-28 2011-09-06 Websense, Inc. System and method of controlling access to the internet
GB0709527D0 (en) 2007-05-18 2007-06-27 Surfcontrol Plc Electronic messaging system, message processing apparatus and message processing method
US7975313B2 (en) * 2007-08-14 2011-07-05 International Business Machines Corporation System and method for tracing Tardos fingerprint codes
CN102077201A (en) * 2008-06-30 2011-05-25 网圣公司 System and method for dynamic and real-time categorization of webpages
KR101197182B1 (en) * 2008-12-23 2012-11-02 한국전자통신연구원 Method and apparatus for protecting a hacking in computer system
US9130972B2 (en) 2009-05-26 2015-09-08 Websense, Inc. Systems and methods for efficient detection of fingerprinted data and information
US8850428B2 (en) 2009-11-12 2014-09-30 Trustware International Limited User transparent virtualization method for protecting computer programs and data from hostile code
EP2553581A1 (en) * 2010-03-26 2013-02-06 Telcordia Technologies, Inc. Detection of global metamorphic malware variants using control and data flow analysis
US9117054B2 (en) 2012-12-21 2015-08-25 Websense, Inc. Method and aparatus for presence based resource management

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4734856A (en) * 1984-03-02 1988-03-29 Davis Dannie E Autogeneric system
US5144660A (en) * 1988-08-31 1992-09-01 Rose Anthony M Securing a computer against undesired write operations to or read operations from a mass storage device
US4975950A (en) * 1988-11-03 1990-12-04 Lentz Stephen A System and method of protecting integrity of computer data and software
US5121345A (en) * 1988-11-03 1992-06-09 Lentz Stephen A System and method for protecting integrity of computer data and software
US5050212A (en) * 1990-06-20 1991-09-17 Apple Computer, Inc. Method and apparatus for verifying the integrity of a file stored separately from a computer
US5274807A (en) * 1990-11-01 1993-12-28 At&T Bell Laboratories Method for reducing magnetic storage volume for computer disk image backup
US5163088A (en) * 1991-03-06 1992-11-10 Locascio Peter Facsimile security system

Also Published As

Publication number Publication date
EP0514815B1 (en) 1997-11-26
CA2069239C (en) 2005-04-12
DE69223275D1 (en) 1998-01-08
IL101983A (en) 1995-12-31
ATE160638T1 (en) 1997-12-15
US5349655A (en) 1994-09-20
US5408642A (en) 1995-04-18
IL101983A0 (en) 1992-12-30
EP0514815A2 (en) 1992-11-25
EP0514815A3 (en) 1993-12-22

Similar Documents

Publication Publication Date Title
CA2069239A1 (en) Method for recovery of a computer program infected by a computer virus
CA2129085A1 (en) Method for Creating Computationally-Significant Associations Among Uninterpreted Data in Graphically-Based Computing Systems
EP0837383A3 (en) Method and apparatus for data verification
HK40496A (en) Word recognition in a speech recognition system using data reduced word templates
DE69602752D1 (en) METHOD FOR SEARCHING PAYMENT DATA IN AN ANONYMOUS PAYMENT SYSTEM, AND A PAYMENT SYSTEM USING THIS METHOD
KR920005022A (en) Fingerprint Control Method
EP0766192A3 (en) Individual identification apparatus
EP1061514A3 (en) Mutual authentication method, recording apparatus, reproducing apparatus, and recording medium
EP0360267A3 (en) Processor for process control
JPS53136439A (en) Handwritten information processing system
EP0782278A3 (en) Signal processing method
WO1997036227A3 (en) Method and computer system for processing a set of data elements on a sequential processor
AU4276193A (en) Method of determining the interior points of an object in a background
DE3789803D1 (en) Method and device for recovering storage cellar memory in a computing machine.
DE59508731D1 (en) Process for converting information entered into speech into machine-readable data
EP0336685A3 (en) Impulse noise detection and supression
HK1047168A1 (en) Database table recovery system
EP0349182A3 (en) Method and apparatus for approximating polygonal line to curve
EP0181216A3 (en) Method for automatically producing representations of three-dimensional horizons from processed seismic data
Gibson Data compression of a first order intermittently excited AR process.
DE69736134D1 (en) METHOD FOR CHARACTER DETECTION ON A PIXEL MATRIX
JOHNSON et al. Dynamic pattern matcher using incomplete data(Patent)
JPS5840236B2 (en) Online handwritten character recognition method
JOHNSON et al. Dynamic pattern matcher using incomplete data(Patent Application)
CA2017302A1 (en) Forms completion method and apparatus for forms completion

Legal Events

Date Code Title Description
EEER Examination request
MKEX Expiry