A technician responds to a call from a user who claims to have a virus on a workstation. The technician observes the following notification from the system tray:
There are 1033 infected files on this computer. Click here to disinfect.
The link is blocked by the corporate content filter and displays a message stating the site contains known malware. Which of the following should the technician complete to secure the computer with MINIMAL impact to the user?
A. Compare the startup items and services to a known clean image, and remove any startup items not found in the other image. Run an anti-malware scan.
B. Validate that the alerts are false positives, and disable security software on the workstation to prevent further false notifications.
C. Back up the user’s files. Restore the system to the original system image designated by corporate IT policies. Restore the user’s files.
D. Request a content filter exception to allow access to the link from the notification. Once available, follow the instructions on the linked site.
CompTIA A+ 220-1102 (Core 1) ExamFULL Printable PDF and Software. VALID exam to help you PASS. |
 |
A – It would probably only take about 15 minutes or less to get a list of startup items and services from a known clean image and from the problem workstation. Comparing the two lists would take maybe 15 minutes or so – removing the the alien items from the workstation would probably take less than 10 minutes. Running an anti-malware scan would likely take less than an hour — so MINIMAL impact to the user.
Not C – First of all, in backing up the user’s files you may be backing up the virus that caused the problem in the first place. You would need to restore the user’s files from a backup taken prior to the virus. And from my personal experience in IT support, restoring a system from an image (usually via PXE over the network) can take up to an hour or more. If roaming profiles are not being used then all of the user’s profile settings (desktop, favorites, downloads, etc) will be lost – so these things together are not a MINIMAL impact to the user.]
C. Back up the user’s files. Restore the system to the original system image designated by corporate IT policies. Restore the user’s files.
I’d agree that’s the RIGHT thing to do, just not the choice with the most minimal impact. Especially when it looks like the A/V system is doing (most) of it’s job (scareware NOT malware slipped through) and has blocked the user from downloading the really nasty stuff.