2.3: Detect, Remove, and Prevent Malware

Malware

Malicious software that can steal data, display ads, damage files, or join systems into botnets.

Malware infection methods

Exploits vulnerabilities, tricks users into running programs, or uses drive-by downloads/worms.

Trojan horse

Disguised software that bypasses security to allow further malicious activity.

Rootkit

Alters core system files to hide from the OS and security tools; requires specialized removal.

Virus

Self-replicating malware that spreads via files or networks but requires user execution.

Boot sector virus

Malware in the boot loader that runs before the OS; blocked by UEFI Secure Boot.

Spyware

Software that secretly gathers user data for ads, identity theft, or fraud.

Keylogger

Captures keystrokes and other inputs, bypassing encryption.

Ransomware

Encrypts data and demands payment for decryption, often via cryptocurrency.

Cryptominer

Uses victim’s CPU/GPU to mine cryptocurrency without consent.

Windows Recovery Environment

Bootable troubleshooting mode for fixing startup issues or removing malware before the OS loads.

Anti-virus/anti-malware tools

Detect and block threats in real time, not just with signature scans.

Software firewall

Monitors and blocks suspicious network communication on a local machine.

Anti-phishing training

Teaches users to avoid falling for social engineering attacks.

OS reinstallation

Only guaranteed way to remove malware by wiping and reinstalling the system.