Patent · US Active

Utilizing early exclusive volume access and direct volume manipulation to remove protected files

US7926106B1 · kind B1 · utility

13Cited by

0References

16Claims

0Family size

Assignee

Symantec Corporation · US

Inventors

Mark Kennedy · Redondo Beach, US
Michael Spertus · Chicago, US
Peter Linhardt · Malibu, US
Richard Bruce Gough · Torrance, US
Adam Glick · Culver City, US
Patrick Gardner · Cumming, US
Spencer Smith · El Segundo, US
Tim Naftel · Longmont, US

Key dates

Filing date	Apr 6, 2006
Grant date	Apr 12, 2011
Priority date	—
Expiry date	Mar 13, 2029

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/568
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Upon detection of a rootkit, a host computer system is rebooted. The boot process is interrupted. Access to a media, e.g., a volume or disk, containing the rootkit is gained and the media is directly accessed. The rootkit is disabled, e.g., renamed or deleted, and the host computer system is rebooted a second time. If the rootkit has not been previously removed, e.g., only renamed, the rootkit is removed, e.g., using a conventional antivirus application. Thus, upon detection of a rootkit, the rootkit is removed without a clean boot.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.