1
Yury G Parshin, Vladislav V Pintiysky: System and method for detecting malware targeting the boot process of a computer using boot process emulation. Kaspersky Lab ZAO, Patterson Thuente Christensen Pedersen P A, January 29, 2013: US08365297 (102 worldwide citation)

System and method for detecting malware on a target computer system having a bootable device. Boot process information stored on the bootable device that at least partially defines a boot process of the target computer system is obtained, along with physical parameter data defining a storage arrange ...


2
Vyacheslav E Rusakov, Andrey L Kirzhemanov, Yury G Parshin: System and method for providing access to original routines of boot drivers. Arent Fox, Michael Fainberg, November 24, 2015: US09195832 (2 worldwide citation)

Disclosed are systems and methods for detecting access of boot driver routines by malware. An example method includes identifying, by the driver interceptor, the one or more boot drivers that have been loaded into memory but not yet initialized; installing, by the driver interceptor, an interceptor ...


3
Yury G Parshin, Alexander A Romanenko, Yuri G Slobodyanuk: System and method of restoring modified data. AO Kaspersky Lab, Arent Fox, Michael Fainberg, March 7, 2017: US09588848

Disclosed is a system and method for restoring modified data. An example method includes intercepting, by an activity tracking module, a request from a program to modify data; determining, by an analysis module, parameters of the intercepted request; generating, by the analysis module, a request to ...