METHOD OF NEUTRALISING MALWARE BLOCKING PC OPERATION USING SEPARATE DEVICE FOR USER ACTIVATION OF MALWARE COUNTERACTING PROCEDURE Russian patent published in 2014 - IPC G06F21/56 

FIELD: information technology.

SUBSTANCE: method of neutralising malware blocking computer operation includes using a separate antivirus activation device which is designed for activation of a malware counteracting procedure by a user and which has sockets for connecting a control bus, a controller and an activation unit. The computer unblocking and cleaning procedure is performed in response to an activation signal received from an antivirus activation device. Said unblocking and cleaning procedure includes: examining the state of the graphic subsystem of the operating system, searching all created windows and desktops visible for the user; analysing all processes and streams used on the computer at the moment of infection; constructing, based on the collected data, the association of each said window and desktop with a specific process and/or process hierarchy; analysing the obtained data on processes and detecting in each of them loaded modules participating in carrying out the process; searching for programs that are automatically executed when booting the operating system; forming a list of objects deemed malicious; and isolating a malicious object, deleting references thereto from the configuration files of the operating system, and deleting a malicious process originating from the object.

EFFECT: unblocking a computer without losing data and rebooting the computer, high efficiency of antivirus systems and improved computer system security.

6 cl, 3 dwg