Task 3.5: Malicious Software Removal Tool
Much of a security professional’s responsibility involves preventing and removing malicious software. Malicious software continues to be a real problem. Infection may require nothing more than opening an email, browsing a web page, or simply plugging in a USB thumb drive.
Although many commercial tools have been developed to deal with this threat, there are also some simple, low-cost, and even free solutions. This exercise will look at one of these.
Scenario
A coworker accepted a game from an acquaintance and installed it from the acquaintance’s USB thumb drive. Since the game was installed, the computer has been performing erratically. The user has also noticed that clicking on a drive no longer opens it; instead, the user now must right-click and choose the Open command.
Scope of Task
Duration
This task should take about 10 minutes.
Setup
For this task, you will need a Windows computer, access to the Administrator account, an Internet connection, and the ability to download files.
Caveat
Malware-removal programs are quite efficient, but you must be careful when asked to remove programs or components, since this can cause the lack of functionality of a required component.
Procedure
In this task, you will learn how to run Microsoft’s Malicious Software Removal tool.
Equipment Used
For this task, you must have:
- A Windows computer
- Access to the Administrator account
- An Internet connection
Details
This task will show you how to install and run Microsoft’s Malicious Software Removal tool. This program will allow you to remove malicious software. The tool is freely distributed by Microsoft and is updated every month.
Installing and Running Microsoft’s Malicious Software Removal Tool
1. Once you have accessed your Windows computer and have logged in as Administrator, open your browser and go to www.microsoft.com/security/malwareremove/default.mspx, and click the link to download the program.
2. Once you start the download, a prompt will ask you if you would like to run on completion of installation. Choose Yes and allow the program to install and start.
3. Upon startup, the Malicious Software Removal Tool will launch a wizard that will ask you several questions. You will first be prompted to continue through the product or to view online documentation.
4. At the Scan Type screen, you will have the option of a quick scan (the default), a full scan, or a customized scan. A quick scan looks at areas of the system most likely to be affected by an infection. A full scan reviews all files and folders along with memory and the Registry. A customized scan allows you to specify what is to be scanned. For this exercise, select a quick scan.
With any malicious-code scanner, you should always run the most current copy. Microsoft updates this tool monthly.
5. Begin the scan by selecting Next. The scan will start at this point.
6. Once the scan is completed, you will have a list of any suspicious programs that were detected. You can remove these items at this time. Keep in mind that any recent backups are most likely infected. Therefore, a backup postcleaning should be completed.
7. The final step in this process is to click Finish to close the Malicious Software Removal Tool.
This type of tool is not a replacement for antivirus. The Malicious Software Removal Tool is a postinfection product designed to clean up systems that are already infected.
Criteria for Completion
You have completed this task when you have downloaded the Malicious Software Removal Tool, installed it on a Windows system, and scanned the system for malware programs.