Abstract: A method and apparatus for scanning for or removing malware from a computer device. Under normal circumstances, the computer device is controlled by a first operating system installed in a memory of the device. In order to scan for or remove the malware from the computer device, control of the computer device is passed from the first operating system to a second operating system and, under the control of the second operating system, the device is either scanned for malware or the malware is removed. This allows malware to be detected or removed, even if it has affected the first operating system in some way in order to evade detection or removal.

Abstract: A method and apparatus for scanning for or removing malware from a computer device. Under normal circumstances, the computer device is controlled by a first operating system installed in a memory of the device. In order to scan for or remove the malware from the computer device, control of the computer device is passed from the first operating system to a second operating system and, under the control of the second operating system, the device is either scanned for malware or the malware is removed. This allows malware to be detected or removed, even if it has affected the first operating system in some way in order to evade detection or removal.

Abstract: A method and apparatus for scanning for or removing malware from a computer device. Under normal circumstances, the computer device is controlled by a first operating system installed in a memory of the device. In order to scan for or remove the malware from the computer device, control of the computer device is passed from the first operating system to a second operating system and, under the control of the second operating system, the device is either scanned for malware or the malware is removed. This allows malware to be detected or removed, even if it has affected the first operating system in some way in order to evade detection or removal.

Abstract: According to a first aspect of the present invention there is provided a method of performing emulation of at least part of a program using an emulated computer system implemented on a computer system. The method includes, during execution of the program within the emulated computer system, when the program attempts to access a unit of data, copying the unit of data from a memory of the computer system into an emulated memory, and allowing the program to access the unit of data within emulated computer system. A unit of data may be a memory page.

Abstract: A method and apparatus for detecting malware in which a computer device that has an operating system and a memory executes an untrusted computer program. In the event that the untrusted program directly accesses a region of the memory used to store information relating to the operating system, a determination is made that the untrusted program is likely to be malware.

Abstract: A method and apparatus for detecting malware in which a computer device that has an operating system and a memory executes an untrusted computer program. In the event that the untrusted program directly accesses a region of the memory used to store information relating to the operating system, a determination is made that the untrusted program is likely to be malware.

Abstract: According to a first aspect of the present invention there is provided a method of performing emulation of at least part of a program using an emulated computer system implemented on a computer system. The method comprises includes, during execution of the program within the emulated computer system, when the program attempts to access a unit of data, copying the unit of data from a memory of the computer system into an emulated memory, and allowing the program to access the unit of data within emulated computer system. A unit of data may be a memory page.

Abstract: A method and apparatus for scanning for or removing malware from a computer device. Under normal circumstances, the computer device is controlled by a first operating system installed in a memory of the device. In order to scan for or remove the malware from the computer device, control of the computer device is passed from the first operating system to a second operating system and, under the control of the second operating system, the device is either scanned for malware or the malware is removed. This allows malware to be detected or removed, even if it has affected the first operating system in some way in order to evade detection or removal.