CN103425927A - Device and method for removing viruses of computer documents - Google Patents
Device and method for removing viruses of computer documents Download PDFInfo
- Publication number
- CN103425927A CN103425927A CN2012101511700A CN201210151170A CN103425927A CN 103425927 A CN103425927 A CN 103425927A CN 2012101511700 A CN2012101511700 A CN 2012101511700A CN 201210151170 A CN201210151170 A CN 201210151170A CN 103425927 A CN103425927 A CN 103425927A
- Authority
- CN
- China
- Prior art keywords
- code
- virus
- computer document
- document
- computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 241000700605 Viruses Species 0.000 title claims abstract description 81
- 238000000034 method Methods 0.000 title claims abstract description 21
- 230000003612 virological effect Effects 0.000 claims description 33
- 238000010586 diagram Methods 0.000 description 7
- 230000006835 compression Effects 0.000 description 4
- 238000007906 compression Methods 0.000 description 4
- 230000006378 damage Effects 0.000 description 4
- 238000004422 calculation algorithm Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 241000726445 Viroids Species 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000013515 script Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 201000010099 disease Diseases 0.000 description 1
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 1
- 208000015181 infectious disease Diseases 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 239000002574 poison Substances 0.000 description 1
- 231100000614 poison Toxicity 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a device and a method for removing viruses of computer documents. The device for removing the viruses of the computer documents comprises a memory, a scanning module and a replacing module; the memory is used for storing feature codes of known viruses in advance; the scanning module is used for scanning the computer documents to determine whether virus codes are contained in the computer documents or not according to the feature codes of the viruses; the replacing module is used for replacing the virus codes in the computer documents by safe codes when the virus codes are scanned by the scanning module. The device and the method have the advantages that the virus codes in the computer documents are replaced by the safe codes when scanned by the scanning module, so that a computer document repair success rate can be increased, and a computer device can assuredly safely and reliably run.
Description
Technical field
The present invention relates to the computer security technical field, particularly computer document virus sweep device and sweep-out method.
Background technology
At present, user's computing machine is mostly stored a large amount of documents, such as word document, excel form etc., the very important information of the common in store user of these documents.When the destroyed venereal disease poison of user's computing machine, for example, when macrovirus infects, these documents, also can be injected into the malicious scripts such as macrovirus usually such as the office document.If during the office document that user's operation is infected by macrovirus, the malicious scripts such as macrovirus will be performed, cause computing machine to produce abnormal action, such as making computing machine automatically login malicious websites, deleting the document stored on computing machine etc., thereby threaten user's computer security, cause loss huge on user's spirit and property.
Infect virus and suffer heavy losses for fear of computer document, the method for removing at present this viroid mostly adopts viral code is directly deleted.Although the viral method of this removing can be eliminated the harm that virus is brought, when removing this viroid owing to having changed the original structure of document.So, after removing virus, also need whole document is re-started to layout according to original form.So probably cause the incorrect of document layout, thereby cause document to open, and then also can bring loss to the user.
Summary of the invention
Therefore, the invention provides computer document virus sweep device and sweep-out method, the problem existed to overcome active computer document virus sweep technology.
Particularly, a kind of computer document virus sweep device that the embodiment of the present invention proposes, comprise storer, scan module and replacement module.Wherein, storer is for pre-stored known viruse condition code; Whether scan module is for having viral code according to virus signature scanning computer document; Replacement module for replacing with security code by the viral code of computer document when scan module scans viral code.
In embodiments of the present invention, above-mentioned computer document virus sweep device for example also comprises detecting module, for detecting computer document, has or not host's code, scan module ability scanning computer document while having host's code in computer document.Above-mentioned host's code is for example macrocode.Above-mentioned security code is for example space character.
In addition, a kind of computer document virus extermination method that the embodiment of the present invention proposes, comprise step: according in virus signature scanning computer document, whether having viral code; And when scanning viral code, the viral code in computer document is replaced with to security code.
In embodiments of the present invention, above-mentioned computer document virus extermination method for example also comprises step: have or not host's code in the detecting computer document, ability scanning computer document while having host's code in computer document.Above-mentioned host's code is for example macrocode.Above-mentioned security code is for example space character
From above-described embodiment, the present invention by replacing with security code by the viral code in computer document when scanning viral code, for example the mode of space character, clean so that virus harm is removed, and can guarantee the reparation success ratio of computer document 100%.Also meet the rules of arrangement of computer document, make user's computer document can not cause any infringement simultaneously.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to better understand technological means of the present invention, and can be implemented according to the content of instructions, and for above and other purpose of the present invention, feature and advantage can be become apparent, below especially exemplified by preferred embodiment, and the cooperation accompanying drawing, be described in detail as follows.
The accompanying drawing explanation
Fig. 1 is the main block architecture diagram of the computer document virus sweep device of embodiment of the present invention proposition
.
Fig. 2 is the schematic diagram that has infected the macrocode of compressed mistake in the computer document of macrovirus.
Fig. 3 is the schematic diagram after the macrocode in the computer document of Fig. 2 is eliminated macrovirus.
Fig. 4 is the flow chart of steps of the computer document virus extermination method of embodiment of the present invention proposition.
Fig. 5 is the flow chart of steps of the computer document virus extermination method of another embodiment of the present invention proposition.
Embodiment
Reach for further setting forth the present invention technological means and the effect that predetermined goal of the invention is taked, below in conjunction with accompanying drawing and preferred embodiment, computer document virus sweep device and its embodiment of sweep-out method, structure, feature and effect that foundation the present invention is proposed, be described in detail as follows.
Relevant aforementioned and other technology contents of the present invention, Characteristic, can clearly present in following the cooperation in describing in detail with reference to graphic preferred embodiment.By the explanation of embodiment, when can be to reach technological means and the effect that predetermined purpose takes to be able to more deeply and concrete understanding to the present invention, yet appended graphic only being to provide with reference to the use with explanation not be used for the present invention is limited.
Fig. 1 is the main block architecture diagram of the computer document virus sweep device of embodiment of the present invention proposition.Fig. 2 is the schematic diagram that has infected the macrocode of compressed mistake in the computer document of macrovirus.Fig. 3 is the schematic diagram after the macrocode in the computer document of Fig. 2 is eliminated macrovirus.Please jointly consult Fig. 1 to Fig. 3, computer document virus sweep device comprises: scan module 12, replacement module 13 and storer 15.Wherein, computer document virus sweep device can also comprise detecting module 11, to integrate more function.
More specifically, storer 15 is for pre-stored known viruse condition code, for example the some or all of condition code of macrovirus.
Whether detecting module 11, for by the detecting computer document, for example has host's code in computer document as shown in Figure 2.Above-mentioned host's code is for example the executable code be kept in computer document, only has when having host's code, just likely is written into macrovirus.Therefore, when thering is host's code, can be regarded as suspect code, likely with the viral code as macrovirus.If computer document is the office document, above-mentioned host's code is macrocode, if detecting module 11 detects in the office document macrocode is arranged so, judges that macrocode is suspect code for this reason, and this macrocode is likely with macrovirus.Otherwise, if detecting module 11 detects in office literary composition document without macrocode, be judged as in the office file without macrovirus.In other embodiments, also can save detecting module 11 by actual needs.
Whether scan module 12 is for having viral code according to virus signature scanning computer document, for example, while thering is host's code in computer document, can be by the host's code in the scanning computer document, macrocode for example, and this macrocode and the known viruse condition code be pre-stored within storer 15 are compared, if this macrocode with identical code is arranged in virus signature, judge that code is viral code for this reason, computer document has infected virus.Otherwise, if this macrocode judges that code is not viral code, i.e. the computer document uninfecting virus with virus signature is all not identical arbitrarily for this reason.
When if computer document virus sweep device does not arrange detecting module 11, scan module 12 is for the code of scanning computer document, and this code and the known viruse condition code be pre-stored within storer 15 are compared, if this code with identical code is arranged in virus signature, mean that computer document has infected virus.Otherwise, if this code means the computer document uninfecting virus with virus signature is all not identical arbitrarily.
Replacement module 13 when scan module 12 scans viral code by computer document, for example the viral code in the office document replaces with security code, above-mentioned security code is for example to adopt safe character to obtain after the compressed format compressing and converting of office document, and security code still meets the compression algorithm rule of office document like this.Above-mentioned safe character can be for example any ASC character, in general, more common, can adopt space, null character (NUL), asterisk * etc.Accordingly, its ASC code value is respectively 32,0 and 42, and heuristicimal code is respectively 0x20,0x00 and 0x2A.In addition, can also adopt the combination of each safe character.
As shown in Figure 3, be the schematic diagram after macrocode in the office document of Fig. 2 is eliminated the macrovirus code.After Fig. 3 has shown the removing macrovirus, the binary data of office document (showing in the sexadecimal mode) being originally that the macrovirus code all is replaced by space, is understandable that the ASC code value in space is 32, in the sexadecimal mode, is shown as 20 as seen.Aforesaid way is not changed the original structure of office document, with difference before clear virus, only is that decoded viral code replaced by space.
At this, after the code after decompress(ion) is removed virus, originally be with virulent code all by security code, for example space character is replaced, and the threat of macrovirus is just thoroughly eliminated like this.In addition, only the viral code of former compression is all replaced with to space character, the rules of arrangement that so also meets computer document, the compression algorithm rule of office document for example, do not change the original structure of computer document, can not impact original office document format, the reparation success ratio that has guaranteed computer document is 100%.
See also Fig. 1 to Fig. 4, wherein Fig. 4 is the flow chart of steps of the computer document virus extermination method of embodiment of the present invention proposition.Particularly, the computer document virus extermination method of the embodiment of the present invention can roughly comprise the following steps S202-S209.
Step S202: detecting module 11 detecting computer documents, for example in office file as shown in Figure 2, in the macrocode of compressed mistake, have or not host's code, for example macrocode and judge in the office file whether have suspect code, likely be with virulent code, for example the macrovirus code.If computer document is the office file, host's code is macrocode, if detecting module 11 detects in the office file macrocode is arranged so, carries out step S203, if detecting module 11 detects in the office file without macrocode, carries out step S205.
Step S203: detecting module 11 judges host's code for this reason, and for example macrocode is suspect code, and this macrocode is likely with virus, and for example macrovirus, carry out step S206.
Step S205: detecting module 11 is judged as computer document, for example virus-free in the office file, finishes.
Step S206: the host's code in scan module 12 scanning computer documents, macrocode for example, and this macrocode and the known viruse condition code be pre-stored within storer 15 are compared, if this macrocode with identical code is arranged in virus signature, carry out step S207, if this macrocode, with virus signature is all not identical arbitrarily, is carried out step S208.
Step S207: scan module 12 judges that code is viral code for this reason, and computer document has infected virus, carries out step S209.
Step S208: scan module 12 is judged as and judges that code is not viral code for this reason, and the computer document uninfecting virus, finish.
Step S209: replacement module 13 replaces with security code by the viral code in computer document, for example space character.
In other embodiments, when the computer document virus sweep device of the embodiment of the present invention does not arrange under the situation of detecting module 11, correspondingly can save step S202.
See also Fig. 1 to Fig. 5, wherein Fig. 5 is the flow chart of steps of the computer document virus extermination method of another embodiment of the present invention proposition.The difference of Fig. 5 and Fig. 4 is that Fig. 5 is the situation that computer document virus sweep device does not arrange detecting module 11.Particularly, the computer document virus extermination method of the embodiment of the present invention can roughly comprise the following steps S306-S309.
Step S306: the code in scan module 12 scanning computer documents, and this code and the known viruse condition code be pre-stored within storer 15 are compared to judge whether this code is viral code, if this code with identical code is arranged in virus signature, carry out step S307, if this code, with virus signature is all not identical arbitrarily, carries out step S308.
Step S307: scan module 12 judges that code is viral code for this reason, and computer document has infected virus, carries out step S309.
Step S308: scan module 12 judges that code is not viral code for this reason, and the computer document uninfecting virus, finish.
Step S309: replacement module 13 replaces with security code by the viral code in computer document, for example space character.
In sum, the present invention compares the code in computer document and the known viruse condition code be pre-stored within storer 15 by scan module 12, by replacement module 13, the viral code in computer document is replaced with to security code again, the mode of space character for example, so that virus harm is removed totally, can guarantee the reparation success ratio of computer document 100%.Rules of arrangement simultaneously that also meet computer document, the compression algorithm rule of computer document for example, make user's computer document can not cause any infringement, thereby realized the automatic identification of computer document virus, automatically removed and the automatic reparation of computer document, further infection and the destruction of computer document virus have effectively been stoped, improve the reparation success ratio of computer document, can guarantee computer installation safety, operation reliably.
The above, it is only preferred embodiment of the present invention, not the present invention is done to any pro forma restriction, although the present invention discloses as above with preferred embodiment, yet not in order to limit the present invention, any those skilled in the art, within not breaking away from the technical solution of the present invention scope, when the technology contents that can utilize above-mentioned announcement is made a little change or is modified to the equivalent embodiment of equivalent variations, in every case be not break away from the technical solution of the present invention content, any simple modification of above embodiment being done according to technical spirit of the present invention, equivalent variations and modification, all still belong in the scope of technical solution of the present invention.
Claims (8)
1. a computer document virus sweep device, it comprises:
Storer, for pre-stored known viruse condition code; And
Whether scan module, for having viral code according to described virus signature scanning computer document;
It is characterized in that, described virus sweep device also comprises:
Replacement module, for replacing with security code by the described viral code of described computer document when described scan module scans viral code.
2. virus sweep device according to claim 1, it is characterized in that: described virus sweep device also comprises:
Detecting module, have or not host's code for detecting described computer document, and while having host's code in described computer document, described scan module just scans described computer document.
3. virus sweep device according to claim 2, it is characterized in that: described host's code is macrocode.
4. virus sweep device according to claim 1, it is characterized in that: described security code is space character.
5. a computer document virus extermination method is characterized in that: comprise step:
According in virus signature scanning computer document, whether thering is viral code; And
When scanning viral code, the described viral code in described computer document is replaced with to security code.
6. whether virus extermination method according to claim 5 is characterized in that: have according to described virus signature, scanning described computer document before the step of viral code and also comprise step:
Detect in described computer document and have or not host's code, just scan described computer document while thering is host's code in described computer document.
7. virus extermination method according to claim 5, it is characterized in that: described host's code is macrocode.
8. virus extermination method according to claim 5, it is characterized in that: described security code is space character.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012101511700A CN103425927A (en) | 2012-05-16 | 2012-05-16 | Device and method for removing viruses of computer documents |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012101511700A CN103425927A (en) | 2012-05-16 | 2012-05-16 | Device and method for removing viruses of computer documents |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103425927A true CN103425927A (en) | 2013-12-04 |
Family
ID=49650649
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012101511700A Pending CN103425927A (en) | 2012-05-16 | 2012-05-16 | Device and method for removing viruses of computer documents |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103425927A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104580200A (en) * | 2014-12-31 | 2015-04-29 | 北京奇虎科技有限公司 | Website protection method and device |
| CN108197472A (en) * | 2017-12-20 | 2018-06-22 | 北京金山安全管理系统技术有限公司 | macro processing method, device, storage medium and processor |
| CN111241542A (en) * | 2020-01-03 | 2020-06-05 | 广州集韵信息科技有限公司 | Novel computer cloud security service platform all-in-one |
| CN114244610A (en) * | 2021-12-17 | 2022-03-25 | 山石网科通信技术股份有限公司 | File transmission method and device, network security equipment and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1221921A (en) * | 1997-12-31 | 1999-07-07 | 圣典科技股份有限公司 | Detection Method of Computer Program MS-Word File Macro Virus |
| US5951698A (en) * | 1996-10-02 | 1999-09-14 | Trend Micro, Incorporated | System, apparatus and method for the detection and removal of viruses in macros |
| CN1766779A (en) * | 2004-10-29 | 2006-05-03 | 微软公司 | Document stamping antivirus manifest |
| CN101039177A (en) * | 2007-04-27 | 2007-09-19 | 珠海金山软件股份有限公司 | Apparatus and method for on-line searching virus |
| CN101308533A (en) * | 2008-06-30 | 2008-11-19 | 华为技术有限公司 | Method, apparatus and system for virus checking and killing |
| US20090187768A1 (en) * | 2002-01-30 | 2009-07-23 | Carbone Kevin J | Software virus detection methods, apparatus and articles of manufacture |
| WO2011003958A1 (en) * | 2009-07-10 | 2011-01-13 | F-Secure Corporation | Anti-virus scanning |
| CN101950336A (en) * | 2010-08-18 | 2011-01-19 | 奇智软件(北京)有限公司 | Method and device for removing malicious programs |
-
2012
- 2012-05-16 CN CN2012101511700A patent/CN103425927A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5951698A (en) * | 1996-10-02 | 1999-09-14 | Trend Micro, Incorporated | System, apparatus and method for the detection and removal of viruses in macros |
| CN1221921A (en) * | 1997-12-31 | 1999-07-07 | 圣典科技股份有限公司 | Detection Method of Computer Program MS-Word File Macro Virus |
| US20090187768A1 (en) * | 2002-01-30 | 2009-07-23 | Carbone Kevin J | Software virus detection methods, apparatus and articles of manufacture |
| CN1766779A (en) * | 2004-10-29 | 2006-05-03 | 微软公司 | Document stamping antivirus manifest |
| CN101039177A (en) * | 2007-04-27 | 2007-09-19 | 珠海金山软件股份有限公司 | Apparatus and method for on-line searching virus |
| CN101308533A (en) * | 2008-06-30 | 2008-11-19 | 华为技术有限公司 | Method, apparatus and system for virus checking and killing |
| WO2011003958A1 (en) * | 2009-07-10 | 2011-01-13 | F-Secure Corporation | Anti-virus scanning |
| CN101950336A (en) * | 2010-08-18 | 2011-01-19 | 奇智软件(北京)有限公司 | Method and device for removing malicious programs |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104580200A (en) * | 2014-12-31 | 2015-04-29 | 北京奇虎科技有限公司 | Website protection method and device |
| CN108197472A (en) * | 2017-12-20 | 2018-06-22 | 北京金山安全管理系统技术有限公司 | macro processing method, device, storage medium and processor |
| CN111241542A (en) * | 2020-01-03 | 2020-06-05 | 广州集韵信息科技有限公司 | Novel computer cloud security service platform all-in-one |
| CN114244610A (en) * | 2021-12-17 | 2022-03-25 | 山石网科通信技术股份有限公司 | File transmission method and device, network security equipment and storage medium |
| CN114244610B (en) * | 2021-12-17 | 2024-05-03 | 山石网科通信技术股份有限公司 | File transmission method and device, network security equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101950336B (en) | A kind of method and apparatus removing rogue program | |
| US8356354B2 (en) | Silent-mode signature testing in anti-malware processing | |
| CN104091121B (en) | The detection, excision and the method recovered of the malicious code of bag Malware are beaten again Android | |
| US8763130B2 (en) | Protecting a mobile device against a denial of service attack | |
| US20080256636A1 (en) | Method and System for Detecting Malware Using a Remote Server | |
| CN103839002A (en) | Website source code malicious link injection monitoring method and device | |
| CN103020521B (en) | Wooden horse scan method and system | |
| WO2021017318A1 (en) | Cross-site scripting attack protection method and apparatus, device and storage medium | |
| CN103425927A (en) | Device and method for removing viruses of computer documents | |
| IL181426A (en) | Automatic extraction of signatures for malware | |
| CN106203102B (en) | A kind of checking and killing virus method and device of the whole network terminal | |
| CN101154253B (en) | Computer security protection method and computer security protection instrument | |
| CN102194072A (en) | Method, device and system used for handling computer virus | |
| CA3025422A1 (en) | Virus detection technologies benchmarking | |
| CN104217165B (en) | The processing method of file and device | |
| CN102004882A (en) | Method and device for detecting and processing remote-thread injection type Trojan | |
| CN102867146A (en) | Method and system for preventing computer virus from frequently infecting systems | |
| CN108449310B (en) | Domestic network security isolation and one-way import system and method | |
| US11222115B2 (en) | Data scan system | |
| CN107330328A (en) | Method, device and server for defending against virus attack | |
| CN101930515A (en) | A system and method for safely decompressing compressed files | |
| CN103679016A (en) | Method and system for processing malicious programs of mobile phone | |
| CN113141331A (en) | XSS attack detection method, device, equipment and medium | |
| CN102012982A (en) | Method and device for protecting safe operation of intelligent device | |
| CN111881047B (en) | Method and device for processing obfuscated script |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20131204 |