Disabling malware that infects boot drivers
US8479292B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Nov 19, 2010 |
| Grant date | Jul 2, 2013 |
| Priority date | — |
| Expiry date | May 17, 2031 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1466
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A valid entry point for each boot driver running under an operating system is gleaned. When the operating system is rebooted, a security boot driver is loaded prior to loading other boot drivers. The security boot driver reads the actual entry points of each boot driver, before the boot drivers have run. The security boot driver compares the actual entry points to the corresponding valid entry points. Responsive to an actual entry point not matching its corresponding valid entry point, it is determined that the boot driver is infected. Infected boot drivers are corrected, by replacing their actual entry points with the corresponding, valid entry points. After infected boot drivers have been corrected, the infecting malicious code can be identified and disabled. Sections of boot drivers other than entry points can be gleaned, read and compared, up to entire boot drivers.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.