A technician is remediating a virus on an infected workstation. All user files are set to system and hidden.
Which of the following should a technician perform NEXT to remediate the system?
A technician is remediating a virus on an infected workstation. All user files are set to system and hidden.
Which of the following should a technician perform NEXT to remediate the system?
When dealing with virus remediation on an infected workstation, it is crucial to ensure that all traces of the virus are completely removed to prevent re-infection or further issues. A clean install of the operating system is the most thorough method to achieve this, as it completely wipes the existing infected system and replaces it with a fresh, untainted copy of the OS. After reinstalling the OS, restoring user data from a clean backup ensures that the data itself does not reinfect the system. This approach guarantees that the virus is entirely eradicated from the system.
System restore should be already deactivated and restore points deleted during remediation according to CompTIA's malware treatment process.
Seems only D has mention clean the virus out the system, I don't think it's a good choice to restore before make sure the system already cleaned
I am actually thinking another answer. This is a common virus symptom. Unless comptia asks, they assume remediation is removal and not a reimage. If we assume removal of the virus was already done as part of remediation already (it's a big assumption), then the next step is to use the command line to change the attributes of the files. Normally you can use a third party tool. This actually narrows it down to B and E.
I am actually thinking another answer. This is a common virus symptom. Unless comptia asks, they assume remediation is removal and not a reimage. If we assume removal of the virus was already done as part of remediation already (it's a big assumption), then the next step is to use the command line to change the attributes of the files. Normally you can use a third party tool. This actually narrows it down to B and E.
Im going E
what would the answer be?
CompTIA has identified a seven-step best practice procedure for malware removal:1.Identify and research malware symptoms.2.Quarantine infected systems.3.Disable System Restore (in Windows).4.Remediate infected systems:• Update anti-malware software.•Scan and use removal techniques (Safe Mode, Pre-installation environment).5.Schedule scans and run updates.6.Enable System Restore and create restore point (in Windows).7.Educate end user.
this is from professor messer "So now it’s time to remediate your system and remove all of this virus or malware infestation. The first thing you should do is make sure that you have an updated anti-virus application. Both the anti-virus engine and the signatures need to be at the latest versions. You would almost always have this set up for an automatic update. If you’re setting this up for manual update that’s probably why you got infected to begin with, because these signatures are updated all the time. If you are infected with some malware, the malware itself may prevent your anti-virus application from working properly. So you may have to transfer all of those updated signatures from a different computer, and into this system, and perform the update manually."
To be able to remove this malicious software we’re going to need an anti-virus application from a well-known company. We’ll also want a standalone anti-malware remover, such as Malwarebytes, and others that may be out there. And there might even be standalone applications that you can get from your anti-virus company that will target very specific types of viruses and malware and remove those from your computer. Even with all of these utilities of course, you can never be 100% sure that you’ve removed all of the different parts of the malicious software. For that reason, it might even be a better idea to delete everything on this system and restore it from a known good backup. If you are trying to clean this malware from this system, you may want to try starting Windows in Safe Mode. Since Safe Mode is only starting with a minimal configuration, it might also prevent some of the malware from executing when it starts up.
Option E is only a temporary fix, not used for malware remediation. System restore should be disabled so that’s incorrect. Option E would have the best chance of remediation or removing the malware from the system.
D is the correct answer.