The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Apr. 05, 2011
Filed:
Jan. 16, 2007
Andrey V. Golchikov, Moscow, RU;
Andrey V. Sobko, Moscow, RU;
Andrey V. Golchikov, Moscow, RU;
Andrey V. Sobko, Moscow, RU;
Kaspersky Lab, ZAO, Moscow, RU;
Abstract
A system, method and computer program product for system for detecting a rootkit on a computer having an operating system, including a native application in ring 0 which, when the operating system is in a trusted state upon a reboot of the computer, after loading of the boot drivers but before loading of non-boot drivers, generates a first snapshot for selected files of the operating system and for a registry; the first snapshot being stored on a persistent storage medium of the computer; a second snapshot for the selected files and for the registry generated by the ordinary application after the loading of the non-boot drivers, generating; means for comparing the second snapshot with the first snapshot; and upon detecting, in the comparing step, one of a masked file and a masked registry branch, means for informing a user of possible rootkit presence on the computer.