During a routine security audit, a technician discovers that a user's workstation has a program that records keystrokes and periodically sends the data to an external server. The user denies installing any software recently. Which type of malware is this?
A technician is investigating a security incident where multiple workstations on the same network are showing signs of infection: slow performance, unusual network traffic, and the presence of a file named 'svch0st.exe' in the Startup folder. The technician suspects a worm that spreads through network shares. What is the most effective containment strategy?
A technician is tasked with removing a persistent malware infection that survives reboots and re-infects the system even after a full antivirus scan in Safe Mode. The malware appears to hide in the Master Boot Record (MBR). Which removal method should the technician use?
A small business owner calls for support because all of their files on the server have been renamed with a .encrypted extension, and a text file named 'README_TO_DECRYPT.txt' appears on the desktop demanding a Bitcoin payment. What is the first step the technician should take?
A technician is dealing with a zero-day malware infection that has evaded all signature-based antivirus scans. The malware is polymorphic, changing its code each time it infects a new system. Which approach is most likely to detect and remove this type of malware?
A user reports that their computer is infected with a virus and they have been trying to remove it using a free online scanner, but the problem persists. The technician suspects the malware may have disabled the antivirus software. Which safe mode should the technician use to run a full system scan?
A user reports that their system is running very slowly, and they see frequent pop-up ads even when no browser is open. They also notice that their default search engine has changed without their permission. Which type of malware is most likely causing these symptoms?
A user reports that their computer has been acting strangely: files are missing, and the mouse cursor moves on its own, opening programs and typing messages. The technician suspects a remote access Trojan (RAT). What is the most effective immediate action to stop the unauthorized access?
A technician is troubleshooting a Windows 10 workstation that displays a fake security alert claiming the system is infected and prompting the user to call a toll-free number. The user cannot close the alert window or open Task Manager. Which type of malware is causing this behavior, and what is the best removal approach?
A technician is removing malware from a Windows 10 PC and wants to ensure that no remnants remain in the registry or startup folders. After running an antivirus scan and deleting infected files, which additional step should the technician perform?
A user reports that their web browser's homepage has changed to an unfamiliar search engine, and new toolbars have appeared without their consent. They have not installed any new software recently. Which type of malware is most likely responsible?
A customer reports that their desktop computer is running extremely slowly, and they see frequent pop-up advertisements even when no browser is open. Task Manager shows a process named 'svch0st.exe' consuming 95% CPU. Which type of malware is most likely causing these symptoms?
A small business owner reports that all their Microsoft Office documents are now encrypted with a '.crypt' extension and a ransom note demands payment in cryptocurrency. They have a backup from last week stored on an external drive that was disconnected after the backup. What is the best recovery strategy?
A technician is investigating a security breach where sensitive customer data was exfiltrated. The only malware found is a hidden driver that intercepts keystrokes and sends them to a remote server. Which malware type is responsible, and what is the best removal strategy?
During a routine security audit, a technician discovers that a user's computer has a program that opens a backdoor on port 4444 and allows remote control. The program was installed alongside a free PDF converter the user downloaded last week. Which malware type is this, and what is the most effective removal method?
A technician is configuring a new Windows 11 workstation for a user who frequently downloads free software. To reduce the risk of malware infections from bundled applications, which security setting should be enabled?
A user reports that their computer is sending out a large amount of network traffic even when they are not using the internet. The antivirus detects a file named 'expl0rer.exe' in the startup folder. What type of malware is most likely causing this behavior?
A technician is troubleshooting a computer that displays a fake security alert claiming the system is infected and urging the user to call a toll-free number. The alert cannot be closed and appears on top of all other windows. What is the best removal approach?
A technician is cleaning a computer that has been infected with a rootkit. After running a standard antivirus scan, the malware is still detected on reboot. Which step should the technician take next to ensure complete removal?
During a security incident, a user's files have been renamed with a '.encrypted' extension, and a ransom note demands Bitcoin to restore them. The user has no backups. What is the most appropriate immediate action?
A technician is investigating a computer that has been sending spam emails from the user's account without their knowledge. The user has not installed any new software recently. The technician finds a process running that matches a known botnet client. Which two steps should the technician take first to mitigate the threat?
A user reports that their computer is displaying a message claiming their files are encrypted and they must pay 0.5 Bitcoin to a specific address to regain access. The user cannot open any documents or photos. What is the first step the technician should take to respond to this incident?
A technician is troubleshooting a Windows 10 computer that exhibits strange behavior: system files are missing, and the computer fails to boot normally. A boot-time virus scan detects a virus that infected the Master Boot Record (MBR). Which tool should the technician use to repair the MBR?
During a security incident, a technician discovers that a user's computer has a program that hides its processes from Task Manager and allows an attacker to remotely control the system. The technician suspects a rootkit. Which removal method is most effective for a rootkit?
A technician is tasked with removing malware from a Windows 10 computer that has a Trojan horse that downloaded additional payloads. The technician has already run a full antivirus scan and removed the Trojan, but the computer still exhibits suspicious network activity. What should the technician do next?
A customer reports that their Windows 10 computer is running very slowly, and they see frequent pop-up ads even when no browser is open. They also notice a new toolbar in their browser that they did not install. What type of malware is most likely causing these symptoms?
A user reports that their computer is infected with a virus that has encrypted all their personal files and left a text file with instructions to pay a ransom. The technician has verified the infection is ransomware. The company has a backup policy. What is the best course of action to recover the data?
During a routine security audit, a technician finds that a user's computer has an unknown program running that is sending keystrokes and screenshots to a remote server. The user did not install this program. Which type of malware is this?
A user calls the help desk because their computer is running slowly and they see a fake antivirus program warning that their system is infected. The user cannot close the warning window. Which type of malware is this, and what is the best removal approach?
A small business owner reports that all their employees are receiving emails from each other containing a link that, when clicked, downloads a file that installs a program that spreads to other contacts. The emails appear to come from known senders. What type of malware is this?
More Malware Types and Removal questions available in the full practice test.