|
|
The Commons
Patent Title: Generic disinfection of programs infected with a computer virus Abstract: A method for restoring a computer program infected with a computer virus to its non-viral condition. The method uses certain information about an uninfected host program recorded prior to infection without relying upon pre-existing knowledge of the computer virus. The method includes: recording a checksum of the uninfected original program, the length of the program, and information pertaining to bytes located near the beginning and end of the original program; and, subsequent to any modification of the original program that is deemed suspicious, generating one or more trial reconstructions based on the recorded information and information contained in the modified file; comparing a checksum of each generated trial reconstruction with the checksum of the original program stored in the database; and outputting a trial reconstruction as the original uninfected program if its checksum matches that of the original program. Notes: |