作者: Andrey V. Golchikov , Andrey V. Sobko
DOI:
关键词:
摘要: A system, method and computer program product for system detecting a rootkit on having an operating including native application in ring 0 which, when the is trusted state upon reboot of computer, after loading boot drivers but before non-boot drivers, generates first snapshot selected files registry; being stored persistent storage medium computer; second registry generated by ordinary generating; means comparing with snapshot; detecting, step, one masked file branch, informing user possible presence computer.