FLASH CARDS

7.07 Detect, remove, and prevent malware using the appropriate tools and methods

What is malware?
Malware is harmful software designed to damage, disrupt, or gain unauthorized access to computers or networks.
What is a malware vector?
A vector is the method by which malware enters or infects a computer.
What is a virus?
A virus is malware that hides in executable files, like .EXE or .DLL files, and runs when the infected file is executed.
What is a boot sector virus?
A boot sector virus infects the boot sector or partition table of a disk drive, hijacking the boot process.
What is a Trojan?
A Trojan is malware disguised as legitimate software. It gets installed along with seemingly normal programs and often grants attackers the same permissions as the legitimate software.
How do worms spread?
Worms spread by replicating themselves between processes in system memory and can spread across a network without user action.
What makes fileless malware difficult to detect?
Fileless malware doesn’t rely on files stored on disk but uses the system's own scripting environments like PowerShell or JavaScript, making it harder to detect.
What is a backdoor (RAT)?
A backdoor, or RAT, allows attackers to remotely control an infected system, often used for stealing data or installing more malware.
What does spyware do?
Spyware secretly collects information from the user’s system, such as browsing habits, personal data, and can redirect traffic to fake sites.
What is a keylogger?
A keylogger is a type of spyware that records keystrokes to capture sensitive information like passwords and credit card numbers.
What is a rootkit?
A rootkit is malware that gains high-level (administrator or system) access to a computer and hides itself from detection tools, often modifying system files or logs.
What is ransomware?
Ransomware is a type of malware that encrypts files on a system and demands payment in exchange for the decryption key.
What does cryptominer malware do?
Cryptominer malware hijacks the system’s resources to mine cryptocurrency without the user’s consent, often slowing down the computer.
What performance symptoms might indicate malware infection?
Slow startup, frequent crashes, lockups, slow network access, or unusual network activity may indicate malware infection.
How can malware affect applications?
Malware can cause security-related applications like antivirus or firewalls to stop functioning and may cause frequent crashes in other applications.
What are common file system symptoms of malware infection?
Missing or renamed files, unauthorized executable files, altered file permissions, and access denied errors are common file system symptoms.
How does rogue antivirus malware trick users?
Rogue antivirus displays fake virus alerts or notifications that mimic legitimate system warnings, tricking users into installing fake security software.
What are common browser-related symptoms of malware infection?
Frequent pop-ups, changes to the homepage or search engine, unexpected browser crashes, and being redirected to unwanted websites are common browser symptoms.
What is the role of the HOSTS file in malware infections?
The HOSTS file can be altered by malware to redirect URLs to malicious websites, leading to fake search results or redirection.
What do certificate warnings in a browser indicate?
Certificate warnings indicate that the website’s certificate is invalid, untrusted, or expired, possibly signaling a malware attack or misconfigured site.
What is an on-path attack?
An on-path attack occurs when malware intercepts the communication between a user and a website, often by presenting a fake certificate to the browser.
What should be done when malware is suspected on a system?
Quarantine the system by disconnecting it from the network to prevent further spread of malware.
Why should System Restore be disabled when removing malware?
Disabling System Restore prevents malware from hiding in restore points and being restored during future system rollbacks.
Why is Safe Mode useful during malware removal?
Safe Mode prevents most malware from running at startup, allowing for more effective scanning and removal.
What tools can be used for manual malware removal?
Task Manager to stop processes, Command Prompt or Registry Editor (regedit) to remove malicious entries, and msconfig to enable Safe Mode are useful tools.
When is OS reinstallation necessary for malware removal?
Reinstallation may be necessary if malware has gained a persistent foothold or cannot be fully removed by antivirus software.
What is on-access scanning?
On-access scanning checks files for malware each time they are opened, providing real-time protection.
Why are scheduled scans important?
Scheduled scans run regular checks on the system to detect malware, even when the system appears to be functioning normally.
How can DNS settings affect malware prevention?
Malware can alter DNS settings to redirect users to malicious sites; checking and securing DNS configurations is important for preventing reinfection.
Why is user education important in malware prevention?
Educating users about phishing, safe browsing, and password management reduces the risk of malware infections caused by human error.

BACK TO LESSON

KNOWLEDGE CHECK

HOME

FLASH CARDS

7.07 Detect, remove, and prevent malware using the appropriate tools and methods

What is malware?

Malware is harmful software designed to damage, disrupt, or gain unauthorized access to computers or networks.

What is a malware vector?

A vector is the method by which malware enters or infects a computer.

What is a virus?

A virus is malware that hides in executable files, like .EXE or .DLL files, and runs when the infected file is executed.

What is a boot sector virus?

A boot sector virus infects the boot sector or partition table of a disk drive, hijacking the boot process.

What is a Trojan?

A Trojan is malware disguised as legitimate software. It gets installed along with seemingly normal programs and often grants attackers the same permissions as the legitimate software.

How do worms spread?

Worms spread by replicating themselves between processes in system memory and can spread across a network without user action.

What makes fileless malware difficult to detect?

Fileless malware doesn’t rely on files stored on disk but uses the system's own scripting environments like PowerShell or JavaScript, making it harder to detect.

What is a backdoor (RAT)?

A backdoor, or RAT, allows attackers to remotely control an infected system, often used for stealing data or installing more malware.

What does spyware do?

Spyware secretly collects information from the user’s system, such as browsing habits, personal data, and can redirect traffic to fake sites.

What is a keylogger?

A keylogger is a type of spyware that records keystrokes to capture sensitive information like passwords and credit card numbers.

What is a rootkit?

A rootkit is malware that gains high-level (administrator or system) access to a computer and hides itself from detection tools, often modifying system files or logs.

What is ransomware?

Ransomware is a type of malware that encrypts files on a system and demands payment in exchange for the decryption key.

What does cryptominer malware do?

Cryptominer malware hijacks the system’s resources to mine cryptocurrency without the user’s consent, often slowing down the computer.

What performance symptoms might indicate malware infection?

Slow startup, frequent crashes, lockups, slow network access, or unusual network activity may indicate malware infection.

How can malware affect applications?

Malware can cause security-related applications like antivirus or firewalls to stop functioning and may cause frequent crashes in other applications.

What are common file system symptoms of malware infection?

Missing or renamed files, unauthorized executable files, altered file permissions, and access denied errors are common file system symptoms.

How does rogue antivirus malware trick users?

Rogue antivirus displays fake virus alerts or notifications that mimic legitimate system warnings, tricking users into installing fake security software.

What are common browser-related symptoms of malware infection?

Frequent pop-ups, changes to the homepage or search engine, unexpected browser crashes, and being redirected to unwanted websites are common browser symptoms.

What is the role of the HOSTS file in malware infections?

The HOSTS file can be altered by malware to redirect URLs to malicious websites, leading to fake search results or redirection.

What do certificate warnings in a browser indicate?

Certificate warnings indicate that the website’s certificate is invalid, untrusted, or expired, possibly signaling a malware attack or misconfigured site.

What is an on-path attack?

An on-path attack occurs when malware intercepts the communication between a user and a website, often by presenting a fake certificate to the browser.

What should be done when malware is suspected on a system?

Quarantine the system by disconnecting it from the network to prevent further spread of malware.

Why should System Restore be disabled when removing malware?

Disabling System Restore prevents malware from hiding in restore points and being restored during future system rollbacks.

Why is Safe Mode useful during malware removal?

Safe Mode prevents most malware from running at startup, allowing for more effective scanning and removal.

What tools can be used for manual malware removal?

Task Manager to stop processes, Command Prompt or Registry Editor (regedit) to remove malicious entries, and msconfig to enable Safe Mode are useful tools.

When is OS reinstallation necessary for malware removal?

Reinstallation may be necessary if malware has gained a persistent foothold or cannot be fully removed by antivirus software.

What is on-access scanning?

On-access scanning checks files for malware each time they are opened, providing real-time protection.

Why are scheduled scans important?

Scheduled scans run regular checks on the system to detect malware, even when the system appears to be functioning normally.

How can DNS settings affect malware prevention?

Malware can alter DNS settings to redirect users to malicious sites; checking and securing DNS configurations is important for preventing reinfection.

Why is user education important in malware prevention?

Educating users about phishing, safe browsing, and password management reduces the risk of malware infections caused by human error.

OSIBridge Program IT/Tech and Professional skills training.