METHOD FOR DETECTING MALICIOUS SOFTWARE FOR COMPUTERS ARCHIVED ACCORDING TO UNKNOWN ALGORITHM

摘要

FIELD: information technology.;SUBSTANCE: method for detecting the malicious software for computers archived according to unknown algorithm, contains the following steps: I) analyze the algorithm by which the files are archived; II) analyze the archive for the presence of the malicious software for the computer, if the archivation algorithm is known; III) perform the archive assignment to the list of files, that require constant monitoring of its activity in case of detection the unknown archivation algorithm in step I; IV) suspend the actions and processes, initiated by the archive, as soon as the attempt of actions is identified as the potentially inherent to the malicious software for computer; V) make the removal and analysis of the archive memory dump, which actions and processes are suspended, the reconstruction of the executed files from the archive memory dump; VI) the signature search according to the executed files reconstructed from the archive is performed after reconstruction.;EFFECT: efficiency increase of the computer protection from the impact of malicious software for the computers.;1 cl