Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2011-08-09
2011-08-09
Truong, Thanhnga B (Department: 2438)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S022000, C726S023000, C726S025000, C717S131000, C711S162000, C714S038110
Reexamination Certificate
active
07996903
ABSTRACT:
A method and system for detecting and removing a hidden pestware file is described. One illustrative embodiment detects, using direct drive access, a file on a computer storage device; determines whether the file is also detectable by the operating system by attempting to access the file using a standard file Application-Program-Interface (API) function call of the operating system; identifies the file as a potential hidden pestware file, when the file is undetectable by the operating system; confirms through an automated pestware-signature scan of the potential hidden pestware file that the potential hidden pestware file is a hidden pestware file; and removes automatically, using direct drive access, the hidden pestware file from the storage device.
REFERENCES:
patent: 5623600 (1997-04-01), Ji et al.
patent: 5920696 (1999-07-01), Brandt et al.
patent: 5951698 (1999-09-01), Chen et al.
patent: 6069628 (2000-05-01), Farry et al.
patent: 6073241 (2000-06-01), Rosenberg et al.
patent: 6092194 (2000-07-01), Touboul
patent: 6154844 (2000-11-01), Touboul
patent: 6167520 (2000-12-01), Touboul
patent: 6173291 (2001-01-01), Jenevein
patent: 6310630 (2001-10-01), Kulkarni et al.
patent: 6397264 (2002-05-01), Stasnick et al.
patent: 6405316 (2002-06-01), Krishnan et al.
patent: 6460060 (2002-10-01), Maddalozzo, Jr. et al.
patent: 6480962 (2002-11-01), Touboul
patent: 6535931 (2003-03-01), Celi, Jr.
patent: 6611878 (2003-08-01), De Armas et al.
patent: 6633835 (2003-10-01), Moran et al.
patent: 6667751 (2003-12-01), Wynn et al.
patent: 6701441 (2004-03-01), Balasubramaniam et al.
patent: 6772345 (2004-08-01), Shetty
patent: 6785732 (2004-08-01), Bates et al.
patent: 6804780 (2004-10-01), Touboul
patent: 6813711 (2004-11-01), Dimenstein
patent: 6829654 (2004-12-01), Jungek
patent: 6910134 (2005-06-01), Maher et al.
patent: 6965968 (2005-11-01), Touboul
patent: 7055008 (2006-05-01), Niles et al.
patent: 7058822 (2006-06-01), Edery et al.
patent: 7107617 (2006-09-01), Hursey et al.
patent: 7246209 (2007-07-01), Tran
patent: 7284273 (2007-10-01), Szor
patent: 7617534 (2009-11-01), Szor et al.
patent: 2002/0162015 (2002-10-01), Tang
patent: 2002/0166063 (2002-11-01), Lachman et al.
patent: 2003/0065943 (2003-04-01), Geis et al.
patent: 2003/0074581 (2003-04-01), Hursey et al.
patent: 2003/0101381 (2003-05-01), Mateev et al.
patent: 2003/0159070 (2003-08-01), Mayer et al.
patent: 2003/0217287 (2003-11-01), Kruglenko
patent: 2004/0030914 (2004-02-01), Kelley et al.
patent: 2004/0034794 (2004-02-01), Mayer et al.
patent: 2004/0064736 (2004-04-01), Obrecht et al.
patent: 2004/0080529 (2004-04-01), Wojcik
patent: 2004/0143763 (2004-07-01), Radatti
patent: 2004/0187023 (2004-09-01), Alagna et al.
patent: 2004/0225877 (2004-11-01), Huang
patent: 2005/0038697 (2005-02-01), Aaron
patent: 2005/0138433 (2005-06-01), Linetsky
patent: 2005/0154885 (2005-07-01), Viscomi et al.
patent: 2006/0272021 (2006-11-01), Marinescu
patent: 2007/0261117 (2007-11-01), Boney
U.S. Appl. No. 11/145,593, filed Jun. 6, 2005, Tony Nichols et al.
U.S. Appl. No. 11/104,202, filed Apr. 12, 2005, Michael Burtscher.
U.S. Appl. No. 11/145,592, filed Jun. 6, 2005, Tony Nichols et al.
U.S. Appl. No. 11/386,590, filed Mar. 22, 2006, Tony Nichols.
Codeguru, Three Ways to Inject Your Code Into Another Process, by Robert Kuster, Aug. 4, 2003, 22 pgs.
Codeguru, Managing Low-Level Keyboard Hooks With the Windows API for VB .Net, by Paul Kimmel, Apr. 18, 2004, 10 pgs.
Codeguru, Hooking The Keyboard, by Anoop Thomas, Dec. 13, 2001, 6 pgs.
Illusive Security, Wolves in Sheep's Clothing: malicious DLLs Injected Into trusted Host Applications, Author Unknown, http://home.arcor.de/scheinsicherheit/d11.htm 13 pgs.
DevX.com, Intercepting Systems API Calls, by Seung-Woo Kim, May 13, 2004, 6 pgs.
Microsoft.com, How to Subclass a Window in Windows 95, Article ID 125680, Jul. 11, 2005, 2 pgs.
MSDN, Win32 Hooks by Kyle Marsh, Jul. 29, 1993, 15 pgs.
PCT Search Report, PCT/US05/34874, Jul. 5, 2006, 7 Pages.
Yurcik, William et al., A Planning Framework for Implementing Virtual Private Networks, Jun. 2001, IT Pro, IEEE, pp. 41-44.
“NTFSPROGS—TODO” [Online]; Aug. 2004; pp. 1-15; XP002448002; linus.file-systems.ntfs.devel; retrieved from the Internet: URL:http//ml.osdir.com/linus.file-systems.ntfs.devel/2004-08/msg00023.html; retrieved on Aug. 23, 2007.
Yi-Min Wang et al.; “Detecting Stealth Software with Strider Ghostbuster” Dependable Systems and Networks, 2005, DSN 2005, Proceedings, International Conference on Yokohama, Japan 28-0 Jun. 2005, Piscatay, NJ, USA, IEE, Jun. 28, 2005; pp. 368-377; XP010817813; ISBN; 0-7695-2282-3.
Cooley LLP
Truong Thanhnga B
Webroot Software, Inc.
LandOfFree
Method and system for detecting and removing hidden pestware... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for detecting and removing hidden pestware..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for detecting and removing hidden pestware... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2719749