Anti-Malware Tools – CompTIA A+ 220-1102 – 2.3

There are a number of different strategies for identifying and removing malware. In this video, you’ll learn about the Windows Recovery Environment, software firewalls, anti-phishing education, and OS reinstallation.

If you need to remove malware from a Windows computer, one way to go about doing that is through the Windows Recovery Environment. This is a command line that you can launch on your Windows computer that is used without having to start the entire operating system. This effectively gives you access to all of the files that are in your operating system. So it is a very dangerous way of changing things that are inside of your operating system, and it should be considered a method of last resort when it comes to removing malware.

But with that warning in place, this Windows Recovery Environment gives you a lot of access to the operating system, and you can effectively make any change you would like to any of the files in the OS. But of course, because this is simply giving you a command line prompt, you now have to be knowledgeable enough to know what to do at this prompt to be able to remove the malware.

From here, you can copy or modify files that are part of your operating system. You can enable or disable services from starting during startup. Or you can modify the file system, run some diagnostics, or modify any part of the underlying file system. One of the ways to start this recovery environment is from inside of Windows itself. When you click on the power icon, get the options for sleep shutdown and restart, you would click restart but you would hold down the Shift key while clicking that option.

You could also find the installation media for your version of Windows and boot from that media when your system starts. You can also tell Windows to restart, but restart in the advanced startup mode. In Windows 10, you’d find this under Settings, Update and Security, Recovery, and Advanced startup. In Windows 11, it’s under System, Recovery, Advanced startup, and Restart Now.

When Windows restarts, you’ll see this screen up here that says choose an option. You can continue to start your Windows version, you can turn off your PC, you can use the device, or you can choose the option that we’d like to troubleshoot. When you click that option, you’ll get another screen that has an option to reset this PC. If you’d like to choose the option for advanced options and underneath all of those advanced options, you want to choose command prompt.

When you select that option, the command prompt will appear on the screen and you now have complete access to the operating system. You can sometimes catch this malware before it executes on your system by simply running some antivirus or anti-malware software. You would need software that can stop both viruses and malware, and it’s very common that when you install this type of security software these days, it’s automatically protecting against both.

Some anti-malware software only works when you tell it to scan your system. Obviously, that’s not going to prevent malware that may have already been installed onto your computer. Instead, you want to be sure that you’re running a real time version of this software so that it’s always activated. And if you happen to accidentally download some malware, it can immediately prevent it from executing on your system.

And there’s even a new style of anti-malware software that looks for malicious activity on your system instead of relying on a set of signatures. This is an even more advanced form of anti-malware because it can look at the symptoms and results of anti-malware and prevent any of those malicious acts from occurring, regardless of the software that might be running.

We also want to prevent anyone from outside of our system from gaining access to our operating system across the network. One way to do this is to run a software firewall on your operating system so that it sits on your local computer and monitors all of the inbound and outbound traffic from your PC. This might stop malware that’s been recently installed from communicating outbound from your system, and it would certainly prevent any type of malware from coming inbound to your computer.

If you’ve installed Windows you’re already using software firewall in the form of Microsoft’s Defender Firewall and this is what you’d like to use at a bare minimum. This software runs by default it is constantly monitoring the network communication, and it can allow or block based on a number of different criteria. But even with all of the necessary security software in place, you still have vulnerabilities on your network in the form of the users.

Your users may click information on the screen that they weren’t intending to click or they may be providing information to a third party without realizing that they’re providing private details. An attacker will use a number of different techniques to fish or gain private information from users. So it’s useful to be able to have training that can have them recognize when these types of situations may be occurring.

Many companies will train their users and then send out phishing emails that were created by the company themselves just to see who might click on these emails and then provide information. And if a user does provide private information or their login credentials during this internal test, we can mark that user for additional training. This training might be one on one training where you’re giving someone personalized information about how they can prevent these types of vulnerabilities. You might put posters and signs up in your work area to remind people about what they should be looking for during these phishing attempts.

If you have an internal message board, you might want to post messages that can remind people about their requirements for security. And you might provide messages during login or updates on the intranet that make everyone aware of what they should be doing to prevent any of these phishing attacks. Ultimately, there’s only one way to guarantee that you’ve removed malware from a system, that’s to delete everything on the system and install a fresh version of the operating system or install from a known good backup.

It’s that known good part that is the important part of the backup. You don’t want to restore a version of the operating system that may have already been infected with malware. So make sure that your backup is one that is not already infected. You could also, of course, perform a manual installation of the operating system and go through all of the prompts that are necessary to be able to install that OS.

That’s obviously a much slower form of installation, but ultimately, it does provide you with a fresh version of the operating system. And many organizations have operating system images that have already been created. So you can delete everything on that computer and re-image with a known safe version of the operating system very quickly.