The embodiment of the invention provides a method and device for acquiring the remote computer information. The method includes: classifying the file operation into the normal file operation or the abnormal file operation when the file operation is monitored; if the normal file operation or the abnormal file operation belongs to the system proceeding, judging the starting address of the thread corresponding to the normal file operation or the abnormal file operation is in a module for processing the remote file visit in the system proceeding; if the starting address is in the module for remote file visit, acquiring the remote computer information corresponding to the abnormal file operation according to the parameter of the function call stack of the normal file operation or the abnormal file operation. The embodiment of the invention can acquire the information of the remote computer in the remote file operation, accurately alarm in the first time of the virus instruction and position the virus, further can rapidly hold up the virus and manage and maintain the virus source.