Fatskills
Practice. Master. Repeat.
Study Guide: CompTIA A+ Core Certification: Software Troubleshooting - Best Practice Procedures for Malware Removal
Source: https://www.fatskills.com/comptia-a-exam/chapter/comptia-a-core-certification-software-troubleshooting-best-practice-procedures-for-malware-removal

CompTIA A+ Core Certification: Software Troubleshooting - Best Practice Procedures for Malware Removal

By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.

⏱️ ~3 min read

220-1102: Objective 3.3: Given a scenario, use best practice procedures for malware removal.
Removing malware will be a common task for a support technician for the foreseeable future. These steps are best practices to follow each time the task is undertaken.

Follow this seven-step procedure to remove malware—and know it well for the A+ exam:
Step 1. Investigate and verify malware symptoms. Use Table 8-4 to identify symptoms.
Step 2. Quarantine infected systems. Disconnect the system from wired and wireless networks, and suspect any media that has touched the system as being possibly infected.
Step 3. Disable System Restore in Windows. Disable System Restore at this point so that it doesn’t run, and create a restore point with infected files before the system is cleaned. Some malware programs use System Restore to reinfect systems. System Restore is designed to help recover from user error or system crashes, not spread malware.
Step 4. Remediate the infected systems. Use a different system to change passwords for network access, ecommerce, and social media. Back up data, in case the system must be reformatted. Check the backup for malware before reinstalling it. This process involves the following substeps:
- Updating anti-malware software: To update anti-malware on a quarantined system, download offline update files on a different system, copy them to a USB flash drive, and install the updates on the quarantined system.
- Using scanning and removal techniques (such as Safe Mode and the preinstallation environment): Run scans and remove threats in Safe Mode or WinRE. If a quarantined system’s antivirus/anti-malware software cannot be updated, the apps themselves might be infected or blocked by malware. Download the files needed to create a CD or USB bootable anti-malware disc or USB drive on a different system.
Step 5. Schedule scans and run updates. Update anti-malware and antivirus software, and run full scans with both. If the infection source is known by name, first use a specific removal tool (if available) and follow that with full scans. Scan with more than one tool to ensure that the infection has been removed.
Step 6. When the system is clean, enable System Restore and create a restore point in Windows without copying infected files. This step simply involves reenabling System Restore and manually creating a clean restore point in Windows.
Step 7. Educate the end user. Discuss principles of avoiding malware infections with end users. If the infection vector (the way the virus accessed the computer, such as by email, flash drives, or a downloaded app) is known, discuss it specifically. Also provide general guidance for safe computing (for example, avoiding the use of orphan USB flash drives, not opening attachments from unknown sources, using real-time antivirus software, and scanning systems weekly).



ADVERTISEMENT