Scribd
Upload
101 views54 pages

Malware Removal and Remediating Best Practices

The document outlines a practice lab for CompTIA A+ certification focused on malware removal and remediation best practices. It includes exercises on scanning for malware, analyzing malware attributes, and implementing removal best practices, with specific learning outcomes and lab topology provided. The lab is designed to take approximately one hour to complete and involves hands-on tasks using various devices, including Windows servers and workstations.

Uploaded by

rgb9284
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
101 views54 pages

Malware Removal and Remediating Best Practices

The document outlines a practice lab for CompTIA A+ certification focused on malware removal and remediation best practices. It includes exercises on scanning for malware, analyzing malware attributes, and implementing removal best practices, with specific learning outcomes and lab topology provided. The lab is designed to take approximately one hour to complete and involves hands-on tasks using various devices, including Windows servers and workstations.

Uploaded by

rgb9284
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 54

12/10/24, 5:32 PM Practice Labs | Print

CompTIA | 220-1102: CompTIA A+


Malware Removal and Remediating Best Practices
Exercises
Introduction
Lab Topology
Exercise 1 - Scanning for Malware
Exercise 2 - Analyzing and Removing Malware
Exercise 3 - Implement Malware Removal Best Practices
Review

Introduction
Tags: A+ Malware System Restore Windows Security

Welcome to the Malware Removal and Remediating Best Practices Practice


Lab. In this module, you will be provided with the instructions and devices
needed to develop your hands-on skills.

Learning Outcomes
In this module, you will complete the following exercises:

Exercise 1 - Scanning for Malware


Exercise 2 - Analyzing and Removing Malware
Exercise 3 - Implement Malware Removal Best Practices

After completing this module, you should be able to:

Scan for Malware


Analyze Malware Attributes
Remove Malware from Infected Systems
Enable System Restore in Windows 10
Create a System Restore Point
Verify System Restore Point

Exam Objectives
The following exam objectives are covered in this module:
https://www.practice-labs.com/app/platform/print.aspx 1/54
12/10/24, 5:32 PM Practice Labs | Print

3.3 Given a scenario, use best practice procedures for malware removal

Lab Duration
It will take approximately 1 hour to complete this lab.

Help and Support


For more information on using Practice Labs, please see our Help and Support
page. You can also raise a technical support ticket from this page.

Click Next to view the Lab topology used in this module.

https://www.practice-labs.com/app/platform/print.aspx 2/54
12/10/24, 5:32 PM Practice Labs | Print

Lab Topology
During your session, you will have access to the following lab configuration.

Depending on the exercises, you may or may not use all of the devices, but they
are shown here in the layout to get an overall understanding of the topology of
the lab.

PLABDC01 - (Windows Server 2019 - Domain Controller)


PLABWIN10 - (Windows 10 - Domain Member Workstation)
PLABWIN11 - (Windows 11 - Domain Member Workstation)
PLABSUSE - (SUSE - Standalone Server)
PLABUBUNTU - (Ubuntu - Standalone Server)
PLABANDROID - (Android OS - Android Device)

Click Next to proceed to the first exercise.

https://www.practice-labs.com/app/platform/print.aspx 3/54
12/10/24, 5:32 PM Practice Labs | Print

Exercise 1 - Scanning for Malware


Malware is a type of software that is designed to harm a system.

Malware can cause the following:

System lockups
System slowness
Application crashes
Applications generating unexpected output

Most operating systems have built-in anti-malware programs that may help to
ward-off irritants such as a virus (a malicious code), unwanted email messages,
and spyware. These irritants can be a waste of time for the user, while some of
them might lead to a system malfunction, resulting in data or business loss. As
new malware is released on a daily basis, it is good to keep the anti-malware
application updated all the time. Most of these applications can perform an
automatic update without user intervention. You should also see the possibility
of configuring the application to perform an auto scan.

In this exercise, you will scan for malware and identify Windows Security
malware notifications.

Learning Outcomes
After completing this exercise, you should be able to:

Scan for Malware

Your Devices
You will be using the following devices in this lab. Please power these on now.

PLABDC01 - (Windows Server 2019 - Domain Controller)


PLABWIN10 - (Windows 10 - Domain Member Workstation)

Task 1 - Scanning for Malware


In this task, you will scan for malware and identify Windows Security malware
notifications.

Step 1
Connect to PLABWIN10.

Open Microsoft Edge from the Taskbar.


https://www.practice-labs.com/app/platform/print.aspx 4/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.1 Screenshot of PLABWIN10: Displaying opening Microsoft Microsoft Edge from the Taskbar.

Step 2
In the Microsoft Edge browser window, type the following in the address bar:

EICAR test file

Press Enter.

https://www.practice-labs.com/app/platform/print.aspx 5/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.2 Screenshot of PLABWIN10: Displaying the Microsoft Edge browser window with the required
search text entered on the address bar.

Step 3
Select Accept on the Privacy pop-up window.

https://www.practice-labs.com/app/platform/print.aspx 6/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.3 Screenshot of PLABWIN10: Displaying selecting Accept on the Privacy pop-up window.

Step 4
Scroll down and select EICAR test file - Wikipedia.

https://www.practice-labs.com/app/platform/print.aspx 7/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.4 Screenshot of PLABWIN10: Displaying selecting the required search result.

Step 5
Scroll down to The EICAR test string reads section.

Highlight and right-click on it. Select Copy.

https://www.practice-labs.com/app/platform/print.aspx 8/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.5 Screenshot of PLABWIN10: Displaying copying the EICAR test string.

Step 6
Close the Microsoft Edge browser window.

https://www.practice-labs.com/app/platform/print.aspx 9/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.6 Screenshot of PLABWIN10: Displaying closing the Microsoft Edge browser window.

Step 7
Right-click on the desktop and select New > Text Document.

https://www.practice-labs.com/app/platform/print.aspx 10/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.7 Screenshot of PLABWIN10: Displaying right-clicking on the Desktop and selecting New > Text
Document.

Step 8
Rename the New Text Document to:

Test Virus

https://www.practice-labs.com/app/platform/print.aspx 11/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.8 Screenshot of PLABWIN10: Displaying the newly created Text Document on the Windows
Desktop.

Step 9
Double-click on Test Virus.

https://www.practice-labs.com/app/platform/print.aspx 12/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.9 Screenshot of PLABWIN10: Displaying opening the Test Virus Text Document.

Step 10
In the Test Virus - Notepad window, right-click and select Paste.

https://www.practice-labs.com/app/platform/print.aspx 13/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.10 Screenshot of PLABWIN10: Displaying right-clicking on the Test Virus - Notepad window and
selecting Paste.

Step 11
Click the File menu and select Save.

https://www.practice-labs.com/app/platform/print.aspx 14/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.11 Screenshot of PLABWIN10: Displaying the Test Virus - Notepad window with File menu
accessed and Save selected.

Step 12
Close the Test Virus - Notepad window.

https://www.practice-labs.com/app/platform/print.aspx 15/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.12 Screenshot of PLABWIN10: Displaying closing the Test Virus - Notepad window.

Note: The EICAR test string is not an actual virus. It is a string that is used in
testing. There is no risk to the PLABWIN10 device.

Step 13
Right-click the Start charm and select Settings.

https://www.practice-labs.com/app/platform/print.aspx 16/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.13 Screenshot of PLABWIN10: Displaying right-clicking on the Start charm and selecting Settings.

Step 14
In the Settings window, select Update & Security.

https://www.practice-labs.com/app/platform/print.aspx 17/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.14 Screenshot of PLABWIN10: Displaying the Settings window with Update & Security selected.

Step 15
In the Settings window, select Windows Security on the left pane.

https://www.practice-labs.com/app/platform/print.aspx 18/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.15 Screenshot of PLABWIN10: Displaying the Settings window with Windows Security selected on
the left pane.

Step 16
From the Settings - Windows Security pane, select Virus & threat protection.

https://www.practice-labs.com/app/platform/print.aspx 19/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.16 Screenshot of PLABWIN10: Displaying the Settings - Windows Security pane with Virus &
threat protection selected.

Step 17
In the Windows Security - Virus & threat protection pane, select Manage
settings under Virus & threat protection settings.

https://www.practice-labs.com/app/platform/print.aspx 20/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.17 Screenshot of PLABWIN10: Displaying the Windows Security - Virus & threat protection pane
with Manage settings selected.

Step 18
In the Windows Security - Virus & threat protection settings pane, scroll down
and select Add or remove exclusions under the Exclusions section.

https://www.practice-labs.com/app/platform/print.aspx 21/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.18 Screenshot of PLABWIN10: Displaying the Windows Security - Virus & threat protection
settings pane with Add or remove exclusions selected.

Step 19
In the Windows Security - Exclusions pane, select C:\ and choose Remove.

https://www.practice-labs.com/app/platform/print.aspx 22/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.19 Screenshot of PLABWIN10: Displaying the Windows Security - Exclusions pane with C:\
selected and Remove highlighted.

Step 20
Select Virus & threat protection on the left pane.

https://www.practice-labs.com/app/platform/print.aspx 23/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.20 Screenshot of PLABWIN10: Displaying the Windows Security - Exclusions window with Virus &
threat protection selected.

Step 21
In the Windows Security - Virus & threat protection pane, select Scan options
under Current threats.

https://www.practice-labs.com/app/platform/print.aspx 24/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.21 Screenshot of PLABWIN10: Displaying the Windows Security - Virus & threat protection pane
with Scan options selected.

Step 22
In the Windows Security - Scan options pane, select the Custom scan option.

https://www.practice-labs.com/app/platform/print.aspx 25/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.22 Screenshot of PLABWIN10: Displaying the Windows Security - Scan options pane with Custom
scan selected.

Step 23
Scroll down and select Scan now.

https://www.practice-labs.com/app/platform/print.aspx 26/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.23 Screenshot of PLABWIN10: Displaying the Windows Security - Scan options pane with Scan
now selected.

Step 24
In the Select Folder dialog box, choose Desktop on the left pane.

Click Select Folder.

https://www.practice-labs.com/app/platform/print.aspx 27/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.24 Screenshot of PLABWIN10: Displaying the Select Folder dialog box with Select Folder selected.

Step 25
Observe the malware threat notifications.

https://www.practice-labs.com/app/platform/print.aspx 28/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 1.25 Screenshot of PLABWIN10: Displaying the Windows Security - Scan options pane with Virus &
threat protection notification.

Keep the Windows Security - Scan options window open.

https://www.practice-labs.com/app/platform/print.aspx 29/54
12/10/24, 5:32 PM Practice Labs | Print

Exercise 2 - Analyzing and Removing Malware


In this exercise, you will analyze the attributes of malware that have been
identified by Windows Security as well as remove malware from an infected
system.

Learning Outcomes
After completing this exercise, you should be able to:

Analyze Malware Attributes


Remove Malware from Infected Systems

Your Devices
You will be using the following devices in this lab. Please power these on now.

PLABDC01 - (Windows Server 2019 - Domain Controller)


PLABWIN10 - (Windows 10 - Domain Member Workstation)

Task 1 - Analyze Malware Attributes


In this task, you will analyze the malware attributes.

Step 1
Ensure you are connected to PLABWIN10 and the Windows Security - Scan
options window is open.

Select Virus & threat protection on the left pane.

https://www.practice-labs.com/app/platform/print.aspx 30/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 2.1 Screenshot of PLABWIN10: Displaying the Windows Security - Scan options pane with Virus &
threat protection selected.

Step 2
In the Windows Security - Virus & threat protection pane, under Current
threats, select Virus:DOS/EICAR_Test_File.

Select See details from the drop-down menu.

https://www.practice-labs.com/app/platform/print.aspx 31/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 2.2 Screenshot of PLABWIN10: Displaying the Windows Security - Virus & threat protection pane
with Virus:DOS/EICAR_Test_File drop-down accessed and See details selected.

Step 3
On the Virus:DOS/EICAR_Test_File window, review the following malware
attributes:

Alert level
Status
Date
Category
Details
Affected items

Click OK.

https://www.practice-labs.com/app/platform/print.aspx 32/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 2.3 Screenshot of PLABWIN10: Displaying the Virus:DOS/EICAR_Test_File window with OK


selected.

Keep the Windows Security - Virus & threat protection window open.

Task 2 - Removing Malware from Infected Systems


In this task, you will remove the Virus:DOS/EICAR_Test_File from the
PLABWIN10 device.

Step 1
In PLABWIN10, the Windows Security - Virus & threat protection window is
open.

If necessary, select the Virus:DOS/EICAR_Test_File.

Click Remove.

https://www.practice-labs.com/app/platform/print.aspx 33/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 2.4 Screenshot of PLABWIN10: Displaying the Windows Security - Virus & threat protection pane
with Virus:DOS/EICAR_Test_File drop-down accessed and Remove selected.

Step 2
Select Start actions.

https://www.practice-labs.com/app/platform/print.aspx 34/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 2.5 Screenshot of PLABWIN10: Displaying the Windows Security - Virus & threat protection pane
with Start actions selected.

Step 3
The Taking action on threats message appears.

https://www.practice-labs.com/app/platform/print.aspx 35/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 2.6 Screenshot of PLABWIN10: Displaying the Windows Security - Virus & threat protection
window.

Step 4
The Virus:DOS/EICAR_Test_File is now removed.

Close the Windows Security - Virus & threat protection window.

https://www.practice-labs.com/app/platform/print.aspx 36/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 2.7 Screenshot of PLABWIN10: Displaying the Windows Security - Virus & threat protection window
with No current threats.

Step 5
Close the Settings window.

https://www.practice-labs.com/app/platform/print.aspx 37/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 2.8 Screenshot of PLABWIN10: Displaying closing the Settings window.

Step 6
Back on the Desktop, notice that Windows Security has removed the infected
file from the system.

https://www.practice-labs.com/app/platform/print.aspx 38/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 2.9 Screenshot of PLABWIN10: Displaying the Windows desktop with the Test Virus removed.

https://www.practice-labs.com/app/platform/print.aspx 39/54
12/10/24, 5:32 PM Practice Labs | Print

Exercise 3 - Implement Malware Removal Best


Practices
Windows System Restore allows users to create point-in-time configuration
snapshots that can be used to return a Windows machine to an early
configuration. The goal is to create a restore before remediation, and if one is
not created ahead of time, then one should be created after malware removal.

In this exercise, you will perform post-remediation best practices by enabling


System Restore and creating a System Restore Point.

Learning Outcomes
After completing this exercise, you should be able to:

Enable System Restore in Windows 10


Create a System Restore Point
Verify System Restore Point

Your Devices
You will be using the following devices in this lab. Please power these on now.

PLABDC01 - (Windows Server 2019 - Domain Controller)


PLABWIN10 - (Windows 10 - Domain Member Workstation)

Task 1 - Enable System Restore in Windows 10


In this task, you will enable System Restore in Windows 10.

Step 1
Connect to PLABWIN10.

Right-click the Start charm and select System.

https://www.practice-labs.com/app/platform/print.aspx 40/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 3.1 Screenshot of PLABWIN10: Displaying right-clicking the Start charm and selecting System.

Step 2
In the Settings - About pane, scroll down and select the Advanced system
settings link under the Related settings section.

https://www.practice-labs.com/app/platform/print.aspx 41/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 3.2 Screenshot of PLABWIN10: Displaying the Settings - About pane with the Advanced system
settings link selected.

Step 3
In the System Properties window, select the System Protection tab.

https://www.practice-labs.com/app/platform/print.aspx 42/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 3.3 Screenshot of PLABWIN10: Displaying the System Properties window with the System
Protection tab highlighted.

Step 4
In the System Properties - System Protection tab, select Configure.

https://www.practice-labs.com/app/platform/print.aspx 43/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 3.4 Screenshot of PLABWIN10: Displaying the System Properties - System Protection tab with
Configure selected.

Step 5
In the System Protection for Local Disk (C:) window, select the Turn on system
protection option under the Restore Settings section.

Click OK.

https://www.practice-labs.com/app/platform/print.aspx 44/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 3.5 Screenshot of PLABWIN10: Displaying the System Protection for Local Disk (C:) window with
the required settings performed and the OK button selected.

Keep the System Properties window open.

Task 2 - Create a System Restore Point


In this task, you will create a system restore point.

Step 1
In PLABWIN10, the System Properties window is open.

From the System Protection tab, select Local Disk (C:) (System) under
Protection Settings.

Click Create.

https://www.practice-labs.com/app/platform/print.aspx 45/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 3.6 Screenshot of PLABWIN10: Displaying the System Properties - System Protection tab with Local
Disk (C:) (System) selected and Create highlighted.

Step 2
In the Create a restore point input box type:

Initial remediation point

Click Create.

https://www.practice-labs.com/app/platform/print.aspx 46/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 3.7 Screenshot of PLABWIN10: Displaying the Create a restore point input box with the required
text entered and the Create button highlighted.

Note: The restore point could take a few minutes to create.

Step 3
Select Close in the System Protection information box.

https://www.practice-labs.com/app/platform/print.aspx 47/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 3.8 Screenshot of PLABWIN10: Displaying the System Protection information box with the Close
button highlighted.

Keep the System Properties window open.

Task 3 - Verify System Restore Point


In this task, you will verify the system restore point.

Step 1
Ensure you are connected to PLABWIN10 and the System Properties window is
open.

Select System Restore…

https://www.practice-labs.com/app/platform/print.aspx 48/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 3.9 Screenshot of PLABWIN10: Displaying the System Properties - System Protection tab with
System Restore selected.

Step 2
In the System Restore - Restore system files and settings page, click Next.

https://www.practice-labs.com/app/platform/print.aspx 49/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 3.10 Screenshot of PLABWIN10: Displaying the System Restore - Restore system files and settings
page with Next selected.

Step 3
In the System Restore - Restore your computer to the state it was in before
the selected event page, notice that the previously created Initial remediation
point is present.

https://www.practice-labs.com/app/platform/print.aspx 50/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 3.11 Screenshot of PLABWIN10: Displaying the System Restore - Restore your computer to the
state it was in before the selected event page with Cancel selected.

Note: If there is a future malware infection, this restore point can be utilized
to return the system configuration to an earlier point in time.

Step 4
Click Cancel.

Close the System Properties and Settings windows.

https://www.practice-labs.com/app/platform/print.aspx 51/54
12/10/24, 5:32 PM Practice Labs | Print

Figure 3.12 Screenshot of PLABWIN10: Displaying closing the System Properties window.

Keep all devices that you have powered on in their current state and
proceed to the review section.

https://www.practice-labs.com/app/platform/print.aspx 52/54
12/10/24, 5:32 PM Practice Labs | Print

Review
Well done, you have completed the Malware Removal and Remediating Best
Practices Practice Lab.

Summary
You completed the following exercises:

Exercise 1 - Scanning for Malware


Exercise 2 - Analyzing and Removing Malware
Exercise 3 - Implement Malware Removal Best Practices

You should now be able to:

Scan for Malware


Analyze Malware Attributes
Remove Malware from Infected Systems
Enable System Restore in Windows 10
Create a System Restore Point
Verify System Restore Point

Feedback
Shutdown all virtual machines used in this lab. Alternatively, you can log out
of the lab platform.

https://www.practice-labs.com/app/platform/print.aspx 53/54
12/10/24, 5:32 PM Practice Labs | Print

https://www.practice-labs.com/app/platform/print.aspx 54/54

You might also like