A technician is remediating a virus on an infected workstation. All user files are set to system and hidden. Which of the following should a technician perform NEXT to remediate the system?
A.
Back up user data and rebuild the user profile.
B.
Restore user data and reset the user file attributes via a command line.
C.
Run System Restore to a date before the infection.
D.
Perform a clean install of the OS and restore the user data.
E.
Reset all file attributes on the user's profile via command line.
I am actually thinking another answer. This is a common virus symptom. Unless comptia asks, they assume remediation is removal and not a reimage. If we assume removal of the virus was already done as part of remediation already (it's a big assumption), then the next step is to use the command line to change the attributes of the files. Normally you can use a third party tool. This actually narrows it down to B and E.
Option E is only a temporary fix, not used for malware remediation. System restore should be disabled so that’s incorrect. Option E would have the best chance of remediation or removing the malware from the system.
this is from professor messer "So now it’s time to remediate your system and remove all of this virus or malware infestation. The first thing you should do is make sure that you have an updated anti-virus application. Both the anti-virus engine and the signatures need to be at the latest versions. You would almost always have this set up for an automatic update.
If you’re setting this up for manual update that’s probably why you got infected to begin with, because these signatures are updated all the time. If you are infected with some malware, the malware itself may prevent your anti-virus application from working properly. So you may have to transfer all of those updated signatures from a different computer, and into this system, and perform the update manually."
To be able to remove this malicious software we’re going to need an anti-virus application from a well-known company. We’ll also want a standalone anti-malware remover, such as Malwarebytes, and others that may be out there. And there might even be standalone applications that you can get from your anti-virus company that will target very specific types of viruses and malware and remove those from your computer.
Even with all of these utilities of course, you can never be 100% sure that you’ve removed all of the different parts of the malicious software. For that reason, it might even be a better idea to delete everything on this system and restore it from a known good backup. If you are trying to clean this malware from this system, you may want to try starting Windows in Safe Mode. Since Safe Mode is only starting with a minimal configuration, it might also prevent some of the malware from executing when it starts up.
CompTIA has identified a seven-step best practice procedure for malware removal:1.Identify and research malware symptoms.2.Quarantine infected systems.3.Disable System Restore (in Windows).4.Remediate infected systems:• Update anti-malware software.•Scan and use removal techniques (Safe Mode, Pre-installation environment).5.Schedule scans and run updates.6.Enable System Restore and create restore point (in Windows).7.Educate end user.
This section is not available anymore. Please use the main Exam Page.220-1002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
JE39
Highly Voted 4Â years agojohnsonsteel
4Â years agoJE39
3Â years, 12Â months agoCww1
Highly Voted 3Â years, 11Â months agoalforg03
Most Recent 1Â year, 4Â months agoPassngrass
2Â years, 10Â months agoronah
3Â years, 5Â months agoronah
3Â years, 5Â months ago[Removed]
3Â years, 7Â months agofnwilliamson
4Â years ago