L17 - T17C - S6 – Best Practices for Malware Removal

The 7-step process for malware removal (IQDRSEE)

1. Investigate and verify malware symptoms. 

2. Quarantine infected systems. 

3. Disable System Restore in Windows. 

4. Remediate infected systems 

   • Update anti-malware software. 

   • Scanning and removal techniques (e.g., safe mode, preinstallation environment) 

5. Schedule scans and run updates. 

6. Enable System Restore and create a restore point in Windows. 

7. Educate the end user 

• On-access scanning

• Detection

• Most malware is discovered via ______ by an antivirus product.

• If the malware is sophisticated enough to evade automated _____, certain symptoms may lead you to suspect infection

Malware Encyclopaedia / Bestiary

• Library of information held by antivirus vendors with complete information about the type, symptoms, purpose, and removal of viruses, worms, Trojans, and rootkits

  • Can be used to verify the symptoms that you discover on a local system against known malware indicators and behaviours

The first 4 steps of the 7-step malware best-practice routine

1. Investigate and verify malware symptoms. 

2. Quarantine infected systems. 

3. Disable System Restore in Windows. 

4. Remediate infected systems 

   • Update anti-malware software. 

   • Scanning and removal techniques (e.g., safe mode, preinstallation environment) 

Last 3 steps of the 7-step malware best-practice routine

5. Schedule scans and run updates. 

6. Enable System Restore and create a restore point in Windows. 

7. Educate the end user