Error detection/correction and fault detection/recovery – Data processing system error or fault handling – Reliability and availability
Reexamination Certificate
1998-01-26
2001-05-29
Wright, Norman M. (Department: 2131)
Error detection/correction and fault detection/recovery
Data processing system error or fault handling
Reliability and availability
C713S152000, C713S001000
Reexamination Certificate
active
06240530
ABSTRACT:
BACKGROUND OF THE INVENTION
This invention relates to a virus extermination method, an information processing apparatus and a computer-readable recording medium with a virus extermination program recorded thereon suitable for use to effect virus extermination when a computer is infected with a computer virus particularly with a computer virus of the type (system infection type) which infects and is resident in a system or of the memory infection type.
A computer virus of the system infection type causes a destructive program (virus) to be resident in a system area (boot area or IPL (Initial Program Loading) area) of a computer and effects destruction and infection to another system area. Computer viruses of the system infection type occupy a ratio of approximately 70 to 80% of computer viruses which have been discovered or whose appearance has been confirmed till now.
Computer viruses of the system infection type described above in almost all cases have a memory resident character. A virus of the memory resident type does not directly cause information from an infected medium to another medium, but becomes resident once in a main memory (hereinafter referred to simply as memory) of a computer started using an infected medium, monitors commands of a BIOS (Basic I/O System) or a DOS (Disk Operating system) from within the memory in which the virus is resident and infects, at a point of time when another file is accessed, the accessed file.
Further, in computers in recent years including notebook type personal computers, since a module which constructs an OS or application software has a large capacity, a resume function is used so that, even if the power supply is disconnected, information in the memory is maintained without being erased to allow a continued operation to be performed immediately even if the power supply is connected again, thereby to reduce the time required for the startup of the computer.
Also a personal computer (so-called green PC) has been developed which is constructed so as to operate, almost similarly to the resume function mentioned above, with an auxiliary power supply such as a battery or with a minimum power supply while the personal computer is not used.
If a computer, a green PC or a like apparatus having the resume function mentioned above is infected with computer viruses of the memory resident type described above, then it sometimes occurs that, even if the power supply is disconnected intending elimination of the viruses, the stored contents of the memory remain as they are and some of the viruses in the memory remain resident, and although it is anticipated that the viruses have been exterminated, actually the viruses have not been exterminated as yet.
Further, as described above, almost all of viruses of the system infection type and the memory resident type are of the type which infects a medium of a destination of an access at a point of time when a storage apparatus is accessed.
Therefore, when a computer is rendered operative by executing a program stored in a storage apparatus such as a hard disk under environment wherein the system area of the storage apparatus is infected with a virus, if another auxiliary storage apparatus (floppy disk drive or the like) is accessed during execution of the program, then the access acts as a trigger to infection to a medium (for example, a floppy disk) of the auxiliary storage apparatus of the destination of the access.
More particularly, if a virus is present in the memory, the virus handles an interruption or the like using a file access of a BIOS as a trigger so that the system area of an auxiliary storage apparatus as a medium of the destination of the access is infected by the virus.
In other words, in order to access a medium such as an auxiliary storage apparatus, execution of a program in the system area must be involved, and if the system area is infected with a virus, then also the system area of a medium of the destination of the access becomes infected with the virus.
In order to exterminate such a virus as described above, various virus check programs have been developed for different types of viruses. However, although ordinary virus check programs can detect that the memory is infected with a virus, they cannot exterminate the virus, but merely notify whether or not a virus has been detected after a search of the system area. Accordingly, in order to exterminate a virus resident in the memory, there is no countermeasure other than to clear the memory.
Furthermore, even if an extermination program is executed when a virus is resident in the memory, since the virus re-infects a file through a BIOS when the file is accessed, infection still occurs even after the extermination.
In particular, if a program for checking a virus is read in from, for example, a floppy disk and is operated, then a virus which is resident in a disk apparatus or the like can be removed. However, since a virus remains in the memory, the virus re-infects a file (program data for checking a virus stored on the floppy disk) through a BIOS when the file is accessed.
In short, even if a program is operated in order to exterminate a virus in a disk, after extermination of the virus in the disk, the disk is infected with a virus again from a virus in the memory which remains without being exterminated.
In other words, it sometimes occurs that, when to read out a virus check program from a floppy disk in order to detect a virus of the system infection type, an erroneous operation is performed to start up a boot of an infected medium.
In this instance, a system is started from the floppy disk whose boot area is infected with a virus. Therefore, if the virus check program is started, then the virus infects the memory and is thereafter resident in the memory.
Therefore, in order to exterminate a virus which infects the system area in a storage apparatus such as a hard disk in a personal computer or the like of the pre-install type wherein, for example, software for starting a computer is built in the hard disk in advance, a virus extermination program must be executed after the computer is started up, after the memory is cleared, from an external medium in which a system program (boot or IPL) and an operating system (OS) which are not infected with a virus are stored.
In particular, if a personal computer or the like which is of the pre-install type or has a resume function is infected with a computer virus of the system infection type, the computer virus of the system infection type is exterminated, for example, by a procedure which includes the following steps {circle around (1)} to {circle around (4)}.
{circle around (1)} All power supplies are disconnected and also an auxiliary power supply and so forth for realizing a resume function are physically removed to cut electric energy supplied to the memory to remove a virus from the memory.
{circle around (2)} The computer is started up with an operating system (for example, a DOS) which is stored on a floppy disk or the like and constructed at least from the minimum program necessary for the startup.
{circle around (3)} A virus extermination program is executed under operation environment of the started up operating system to remove a virus which is resident in a storage apparatus or the like whose data are not erased even if the power supply to it is cut, thereby to restore the original environment wherein the computer is not infected with a virus.
As an alternative, necessary data stored on the storage apparatus are saved or copied one by one onto an external storage apparatus such as a floppy disk, and then, physical formatting (operation to delete all stored contents of a hard disk) is performed to place the disk into a state wherein the disk allows operation of an operating system which is not infected with a virus.
Thereafter, an operating system which is not infected with a virus is installed again as system startup software from the outside, and the necessary data which have been saved or copied onto the floppy disk or the like as described above are copied back to r
Fujitsu Limited
Revak Christopher
Staas & Halsey , LLP
Wright Norman M.
LandOfFree
Virus extermination method, information processing apparatus... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Virus extermination method, information processing apparatus..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Virus extermination method, information processing apparatus... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2530434