Malware Removal | CompTIA A+ 220-1002 | 3.3

In this video you will learn best practice procedures for malware removal.

Here is the 7-step procedure to remove malware that you need to know to successfully pass the CompTIA A+ 220-1002 exam:

  1. Identify & research malware symptoms:  Refer to the previous section for symptoms listed in section 3.2.
  2. Quarantine infected systems:  Disconnect the system(s) from the network and assume all media that has contacted the system as possibly being infected.
  3. Disable System Restore (in Windows):  Disable System Restore so it doesn’t run & create a restore point with infected files before the system is cleaned.
  4. Remediate the infected systems:  Use a different computer to change passwords for network access, e-commerce, and social media.  Perform data backups in the event the system has to be reformatted.  Next, check the backup for malware before reinstalling it by following these steps:
    1. Updating anti-malware software:  To update anti-malware on a quarantined system, download offline update files on a different system, copy to a USB flash drive, & install the updates on the quarantined system.
    2. Scanning & removal (Safe mode, preinstallation environment):  Run scans and remove threats in Safe mode or WinRE.
  5. Schedule scans & run updates:  Perform scans while updating anti-malware and antivirus software.  Use specific removal tools if the infection tool is known by source and proceed to follow up with full scans.  Scan with more than one tool to ensure that the infection is removed.
  6. When the system is clean, enable System Restore without copying infected files:  Manually create a restore point in Windows.
  7. Educate the end user:  Discuss principles of avoiding malware infections with end users and overall general guidance for safe computing.