nerdexam
Exams220-802Questions#821
CompTIA

220-802 · Question #821

220-802 Question #821: Real Exam Question with Answer & Explanation

The correct answer is B: Run the antivirus after rebooting in safe mode.. Safe mode starts Windows with a minimal set of drivers and services - it does not load third-party startup programs, including the processes that the virus uses to lock its own files. When the virus's protective processes are not running, the antivirus can access and remove the p

Question

A technician is trying to remove a resilient computer virus. The virus keeps coming back after rebooting the system because some program or service has locked some of the virus' files and is preventing the AV from cleaning the system. Which of the following is the BEST approach to try and remove the virus while minimizing negative impact to the system?

Options

  • AUse REGSRV32 to deregister the virus DLLs.
  • BRun the antivirus after rebooting in safe mode.
  • CUse the repair disk and follow the prompts.
  • DUse the recovery console to disable all windows services.

Explanation

Safe mode starts Windows with a minimal set of drivers and services - it does not load third-party startup programs, including the processes that the virus uses to lock its own files. When the virus's protective processes are not running, the antivirus can access and remove the previously locked virus files without interference. This is the best approach because it resolves the issue with minimal risk to system stability. REGSVR32 (A) registers/deregisters COM DLLs and is not an antivirus mechanism. The repair disk (C) is for OS repair, not virus removal. Disabling all Windows services (D) is far too aggressive and risks breaking the system.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 220-802 Practice