2.6 - CompTIA A+ Core 2

3.3 - Malware Removal: Professor Messer

1. Investigate and verify malware symptoms.

• Investigate and verify malware symptoms: First step in the malware removal process - checking if malware actually exists on the given system - look for high resource usage, unwanted/unexpected popups, or notifications from AV programs that malware is present.

2. Quarantine the infected system.

• Quarantine the infected system: Second step in the malware removal process - disconnect the machine from any available Ethernet interfaces, and disable all network connections (cellular, Bluetooth, Wi-Fi). Disable backups from the system, then remove any removable media (e.g., USB drives) and isolate them from the system.

3. Disable System Restore in Windows Home.

• Disable System Restore in Windows Home: Third step in the malware removal process - remove any previous restore points from the operating system - prevents malware from infecting the restore points and infecting the system again.

4. Remediate infected systems.

• Remediate infected systems: Fourth step in the malware removal process - perform a thorough scan using an updated antivirus or anti-malware tool to detect and remove any remaining threats.

5. Update anti-malware software.

• Update anti-malware software: Fifth step in the malware removal process - update the signatures for the AV present on the system. If the AV signatures cannot be updated (i.e., the malware prevents it), download the signatures onto another computer, move them to a USB drive, and plug the USB into the infected system. Quarantine the now-infected USB.

6. Scan and removal techniques (e.g., safe mode, preinstallation environment).

• Scan and removal techniques: Sixth step in the malware removal process - involves booting your system from Windows Safe Mode to remove malware, or a pre-installation environment, such as Windows Recovery Console, or a bootable CD/DVD/USB.

  PROJECT: Build a pre-installation environment using Windows Assessment and Deployment Kit (ADK).

7. Reimage/reinstall.

• Reimage/reinstall: Seventh step in the malware removal process - involves restoring the operating system from a clean backup or factory image to ensure that all malware and system alterations are removed, thus returning the system to its original state.

8. Schedule scans and run updates.

• Schedule scans and run updates: Eighth step in the malware removal process - update the operating system and the AV. Schedule updates to check if the malware exists.

9. Enable System Restore and create a restore point in Windows Home.

• Enable System Restore: Ninth step in the malware removal process - ensures that you can revert the system to a functional state after the malware has been removed, preserving user settings and installed applications.

10. Educate the end user.

• Educate the end user: Tenth step in the malware removal process - provides the user with information on best practices and how to avoid future infections, along with documentation on how to deal with future infections.