220-802 Question #31: Real Exam Question with Answer & Explanation

The correct answer is B: Run the malware removal program in Windows Safe Mode. Persistent malware often survives removal attempts because it is actively loaded into memory when Windows starts normally. From memory, it can re-write deleted files, protect its registry entries, and block removal tools. Safe Mode loads only essential Windows drivers and service

Question

After several passes with a malware removal program, the program keeps detecting the same malware infection after a reboot. Which of the following should be done to attempt to remove the offending malware?

Options

ARun the malware removal program while disconnected from the Internet
BRun the malware removal program in Windows Safe Mode
CReinstall the malware removal program from a trusted source
DSet the malware removal program to run each time the computer is rebooted

Explanation

Persistent malware often survives removal attempts because it is actively loaded into memory when Windows starts normally. From memory, it can re-write deleted files, protect its registry entries, and block removal tools. Safe Mode loads only essential Windows drivers and services, preventing most malware from launching. With the malware not running in memory, the removal tool can freely delete its files and registry keys without interference. Running the tool while disconnected from the Internet (A) may prevent re-download of malware payloads but doesn't stop already-present malware from reloading. Reinstalling the removal tool (C) doesn't address the active-malware protection problem. Scheduling the scan on every reboot (D) will continue to fail as long as malware is active in memory.

Community Discussion

No community discussion yet for this question.

Full 220-802 Practice