Protecting personal computers against a never-ending onslaught of “pestware” such as viruses, Trojan horses, spyware, adware, and downloaders on personal computers has become vitally important to computer users. Some pestware is merely annoying to the user or degrades system performance. Other pestware is highly malicious. Many computer users depend on anti-pestware software that attempts to detect and remove pestware automatically.
Anti-pestware software typically scans running processes in memory and files contained on storage devices such as disk drives, comparing them, at expected locations, against a set of “signatures” that identify specific, known types of pestware.
In some cases, a pestware process, after initially starting up, reopens itself with an exclusive-lock flag that prevents access of any kind, via the computer's operating system, to a disk file (executable object) containing the pestware's program code. Such a pestware executable object may be said to be “locked.” Such pestware can also prevent its executing process in memory from being terminated by anti-pestware software. Furthermore, the pestware may also employ a “rootkit” to conceal itself from the computer's file-system directory, a task manager that displays running processes, or a registry of the operating system. Often, such pestware also obscures its presence by using nondescript file names such as “1.exe”. Current anti-pestware software, even if it succeeds in detecting a locked pestware executable object, is not always able to neutralize or delete it.
It is thus apparent that there is a need in the art for an improved method and system for rendering harmless a locked pestware executable object.