System and method for rootkit detection and cure

作者: Andrey V. Golchikov , Andrey V. Sobko

DOI:

关键词:

摘要: A system, method and computer program product for system detecting a rootkit on having an operating including native application in ring 0 which, when the is trusted state upon reboot of computer, after loading boot drivers but before non-boot drivers, generates first snapshot selected files registry; being stored persistent storage medium computer; second registry generated by ordinary generating; means comparing with snapshot; detecting, step, one masked file branch, informing user possible presence computer.

参考文章(21)
Van Lam, Keith E. Thompson, Raymond E. Keefer, Upendra S. Brahme, Method and apparatus for data compare detection of memory errors on a computers memory subsystem ,(1997)
Peter K. Kratsch, John Whittier, Snap handle assembly for an endoscopic instrument ,(1999)
Mark Harris, Daniel Joseph Wolff, Michael Kenneth Glover, Detecting malicious alteration of stored computer files ,(2001)
Binh Dou Vo, Chad E. Verbowski, Roussi A. Roussev, Aaron Roy Johnson, Yi-Min Wang, Douglas Reed Beck, Method and system for detecting infection of an operating system ,(2004)
David William Morton, Richard Ian Knox, Real time XML data update identification ,(2003)