简介 What’s BootScan* * 在启动前,完全病毒木马的清除方法Remove threats before system boot completely * 启动优先于所有的病毒木马程序Prior to any malicious program * Native 程序,相当于系统chkdsk.exeNative level is identical to CHKDSK
为什么采用BootScan Why is BootScan * 越来越多的有害程序和系统密不可分Many malwares bundled with system * 系统程序的注入Inject into system process * 越来越多的有害威胁采用Rootkit技术Rootkit is being used widely among malicious program * 代替光盘启动清除病毒Substition for BOOTCDROM killing * 代替软盘启动清除病毒Instead of floppy diskette killing * 优于安全模式清除病毒Beyond Safe Mode method * 较少病毒利用本技术Few malici>
ous codes use this skill
技术关键点Key Point * 截取系统启动过程Embedded into system boot process flow * 调试程序关键Hard for debugging * 内存分配Memory allocated & Release properly * 驱动级键盘交互Interaction with keyboard driver * 注册表动态加载Mount relative registry dynamically * 中文等非英文字符支持Unicode supported * 扫描日志支持BootScan log supported
优势和待提升之处Advantage and disadvantage * 64位CPU & MS支持64-bit CPU & MS supported. * 先于大多数病毒启动,干净彻底清除病毒Removes threats completely * 清除病毒速度快,效率高,但是影响启动速度Removes quickly but delayed booting pro. * 可以对付采取驱动程序编程的病毒Defeat for system level mode malware. * Native 技术与环境子系统无关Native technique is independent on OS kind. * 系统完全启动前必须出现一些画面;Extra blue screen occurs. * 只是在硬盘启动时拦截,光盘启动,网络盘启动, 带启动的U盘等没有涉及;Focuses on Hard disk booting process only. * 不能实时监视,因为启动时为单任务环境Can’t on-access monitoring.
兼容性Compatibility * 兼容Windows 支持的各种文件系统Various File Systems that Windows supported * 启动前期运行程序相对少,只有少部分系统驱动程序,因此兼容性相对较好;BootScan runs before most of system modules * 与动态磁盘分区工具兼容性测试通过Disk Management:PowerMagic,etc. * 系统工具CHKDSK 等兼容;CHKDSK compatibility