首页>
外国专利>
Detecting auto-start malware by checking its aggressive load point behaviors
Detecting auto-start malware by checking its aggressive load point behaviors
展开▼
机译:通过检查其激进的负载点行为来检测自动启动的恶意软件
展开▼
页面导航
摘要
著录项
相似文献
摘要
Program behaviors concerning load points are monitored, and a specific program attempting to actively maintain a previously set value of a specific load point is detected. In response, the specific program is adjudicated to be malware, and one or more actions are performed to protect the computer. The monitored behavior can be write operations targeting load points. In this scenario, the behavior indicating that a program is malware can comprise performing a requisite number of write operations to a load point within a requisite time period. The monitored behavior can also be altering load point values, and monitoring the results. The altering of load points can comprise removing values specifying programs to run, and/or changing names of programs. Detecting that a specific altered load point value has been automatically reset within a requisite time period to run the specific program upon start-up indicates that the program is malware.
展开▼