I am developing an antivirus. I want to know how do I schedule to delete a malicious file during system boot (during the black screen itself) if I have already detected the infectious file. Something like as shown the image.
- Easeus scheduled disk partitioning during boot: https://drive.google.com/file/d/0B2nL17gsPcdrM0Q0S29fWF81bXM/edit?usp=sharing
- Another scheduled file deletion during boot: https://drive.google.com/file/d/0B2nL17gsPcdrYldUN3BpcFB6NEU/edit?usp=sharing
решение1
If you want to use an utility, Sysinternals has one (two, actually): PendMoves v1.2 and MoveFile v1.01
From the description:
There are several applications, such as service packs and hotfixes, that must replace a file that's in use and is unable to. Windows therefore provides the MoveFileEx API to rename or delete a file and allows the caller to specify that they want the operation to take place the next time the system boots, before the files are referenced. Session Manager performs this task by reading the registered rename and delete commands from the HKLM\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations value.
If you want to include this API function in your code, here is a spec from Microsoft: MoveFileEx function