Abstract: Provided in embodiments of the present invention are a method and device for monitoring API function scheduling in a mobile terminal. The method comprises: preconfiguring at least one to-be-monitored API function and a response event corresponding to the at least one to-be-monitored API function; configuring one monitoring processing module on the basis of the at least to-be-monitored API function; acquiring in real-time current listening data outputted by a transmission function listening module; and, when the current listening data satisfies the response event, the monitoring processing module performing a monitoring processing corresponding to the response event.

Abstract: Disclosed in the present invention are a method and apparatus for determining a virus-infected file, which belong to the field of computer security. The method includes: locating data in a file being scanned according to the file offset address associated with a virus signature of a virus; making a comparison of the virus signature with the data located in the file being scanned; and determining that the file being scanned is a virus-infected file when the virus signature matches the located data. The apparatus includes: a locating module, a comparison module and a determination module.

Abstract: Provided in embodiments of the present invention are a method and device for monitoring API function scheduling in a mobile terminal. The method comprises: preconfiguring at least one to-be-monitored API function and a response event corresponding to the at least one to-be-monitored API function; configuring one monitoring processing module on the basis of the at least to-be-monitored API function; acquiring in real-time current listening data outputted by a transmission function listening module; and, when the current listening data satisfies the response event, the monitoring processing module performing a monitoring processing corresponding to the response event.

Abstract: In a method for monitoring a preconfigured operation in a mobile terminal, one or more operations to be monitored and a trigger condition corresponding to each operation to be monitored are configured in the mobile terminal in advance, and an event processing module corresponding to each preconfigured operation is configured in the mobile terminal. The method includes: scanning a system log in the mobile terminal in real time; determining an operation currently being performed by an application running in a system according to an event recorded in the system log, determining whether the operation currently being performed by the application running in the system meets the preconfigured trigger condition; if meets, notifying the corresponding event processing module to perform subsequent processing.

Abstract: Disclosed in the present invention are a method and apparatus for checking a process of decompressing an application installation package. The present invention belongs to the technical field of security. The method comprises: decompressing a sub-portion of data in an application installation package to acquire decompressed data, the sub-portion of data being not greater than a threshold size; checking the decompressed data according to the virus samples in a virus feature library; and determining that the application installation package is a virus-infected file or rogue software when the decompressed data includes any of the virus samples. The technical solution of the present invention can effectively save the internal memory, shorten the checking time, and improve the checking efficiency in determining whether an application installation package is a virus-infected file or rogue software.

Abstract: Disclosed in the present invention are a method and apparatus for checking a process of decompressing an application installation package. The present invention belongs to the technical field of security. The method comprises: decompressing a sub-portion of data in an application installation package to acquire decompressed data, the sub-portion of data being not greater than a threshold size; checking the decompressed data according to the virus samples in a virus feature library; and determining that the application installation package is a virus-infected file or rogue software when the decompressed data includes any of the virus samples. The technical solution of the present invention can effectively save the internal memory, shorten the checking time, and improve the checking efficiency in determining whether an application installation package is a virus-infected file or rogue software.

Abstract: Disclosed in the present invention are a method and apparatus for determining a virus-infected file, which belong to the field of computer security. The method includes: locating data in a file being scanned according to the file offset address associated with a virus signature of a virus; making a comparison of the virus signature with the data located in the file being scanned; and determining that the file being scanned is a virus-infected file when the virus signature matches the located data. The apparatus includes: a locating module, a comparison module and a determination module.