Security: detect, remove, and prevent malware using the appropriate tools and methods. Flashcards
CompTIA A+ 220-1102 Exam Criteria
What Type of Malware is a: Trojan?
Unsolicited software/image/png (benign) etc that gets downloaded - runs a payload that has malware.
The effects of Trojans can be highly dangerous. Like viruses, they can destroy files or information on hard disks. They can also capture and resend confidential data to an external address or open communication ports, allowing an intruder to control the infected computer remotely.
What Type of Malware is a: Rootkit?
Came from unix/linux - essentially do what they want (administrator) and they can install themselves in a boot loader outside of the OS before your malware software can kick on and defend you.
Windows has ELAM – Early Launch Anti Malware solution – that actually test the system driver before the operating system even boots.
A lot of times to remediate these systems that have root kits, you have to use live CDs in a pre-installation environment by something like Windows defender offline where you actually load the software into memory before the hard drive even spins up. And it’s smart enough to look into the file directory and search the locations where these pieces of malware and the root kits actually sit. So they’re very nasty. They’re very hard to get off of your systems because like a privileged administrator, they can intercept calls and hook them any way they want and the anti malware software might not even be aware that they’re there. So very, very hard things to detect and sometimes even harder to get off of your systems.
What Type of Malware is a: Virus and worms?
Needs some kind of host file / executable. Unauthorized piece of code for a virus.
Worms does not need a host. Self sufficient and self replicate. Can stay silent and consume resources unlike a virus itself propagating. Only needs a port of entry.
What Type of Malware is a: Spyware/Adware?
Spyware is any software with malicious behavior that aims to gather information about a person or organization and send it to another entity in a way that harms the user by violating their privacy, endangering their device’s security, or other means. This behavior may be present in malware and in legitimate software.
Follow your browsing habits and trick you into buying something with ads
Spyware – monitoring your activity and report to a third party entity.
Scareware – software that is unwanted programs – downloads automatically on a website, presenting a sense of urgency to trick you into paying money.
What Type of Malware is a: Ransomware?
Piece of software that encrypts the entire system.
Can search for backups to encrypt it. (back up your data anyway)
Used for black mailing
What Type of Malware is a: Keylogger?
No need for social engineering or password attacks – can monitor key strokes.
Accessed by third party and relayed information.
Can be a physical hardware eg USB port – physically plugging into port and capturing key strokes
Can be used in software (downloaded malware)
What Type of Malware is a: Boot Sector virus?
Bootkits are very similar to rootkits, but instead of infecting the kernel, they go for the Master Boot Record (MBR) or the Volume Boot Record (VBR). MBRs and VBRs are records stored in your computer’s disk that help to start (or ‘boot’) your operating system from the hard drive when you first turn on your computer.
What Type of Malware is a: Cryptominers?
Cryptojacking (also called malicious cryptomining) is an online threat that hides on a computer or mobile device and uses the machine’s resources to “mine” forms of online currency known as cryptocurrencies. Malicious cryptominers often come through web browser downloads or rogue mobile app
How can we scan for virus using windows OS?
In Settings window > Update and Security > Windows Security
From the Settings - Windows Security pane, select Virus & threat protection.
In the Windows Security - Virus & threat protection pane, select Manage settings under Virus & threat protection settings.
In the Windows Security - Virus & threat protection settings pane, scroll down and select Add or remove exclusions under the Exclusions section.
In the Windows Security - Exclusions pane, select C:\ and choose Remove.
Select Virus & threat protection on the left pane.
In the Windows Security - Virus & threat protection pane, select Scan options under Current threats. > select the Custom scan option. > Scroll down and select scan now.
In the Select Folder dialog box, choose Desktop on the left pane.
Click Select Folder. > Observe the malware threat notifications.
How to Analyze Malware Attributes?
In Settings window > Update and Security > Windows Security> Select Virus & threat protection on the left pane.
In the Windows Security - Virus & threat protection pane, under Current threats, select Virus:DOS/EICAR_Test_File.
Select See details from the drop-down menu.
On the Virus:DOS/EICAR_Test_File window, review the following malware attributes:
Alert level
Status
Date
Category
Details
Affected items
How to Remove of Malware and Infected systems?
In Settings window > Update and Security > Windows Security> Select Virus & threat protection on the left pane.
Windows Security - Virus & threat protection window is open.
If necessary, select the Virus:DOS/EICAR_Test_File.
Click Remove.
Select Start actions.
The Taking action on threats message appears.
The Virus:DOS/EICAR_Test_File is now removed.
Close the Windows Security - Virus & threat protection window.
How can you utilize system restore after removal process of Malware?
Windows System Restore allows users to create point-in-time configuration snapshots that can be used to return a Windows machine to an early configuration. The goal is to create a restore before remediation, and if one is not created ahead of time, then one should be created after malware removal.
How can you enable system Restore?
Start> Settings - About> Advance System setting (under related settings sections)
In the System Properties window, select the System Protection tab.
In the System Properties - System Protection tab, select Configure.
In the System Protection for Local Disk (C:) window, select the Turn on system protection option under the Restore Settings section. > Click OK
How can you create a System Restore Point?
From the System Protection tab, select Local Disk (C:) (System) under Protection Settings.
Click Create. > In the Create a restore point input box, type:
Initial remediation point > Click Create
How can you verify that System restore point is created?
System Properties window is open.
Select System Restore…
In the System Restore - Restore system files and settings page, click Next.
In the System Restore - Restore your computer to the state it was in before the selected event page, notice that the previously created Initial remediation point is present. > Click Cancel
