6.3.2.4. Lab 4: Malware Removal Simulation

6.3.2.4. Lab 4: Malware Removal Simulation (20 minutes)

Objective: Practice the malware removal methodology without actual malware.

Setup: Windows computer (VM highly recommended)

Simulated Scenario: You suspect malware on a system. Practice the removal methodology:

1. Investigate and verify

   • Open Task Manager - look for suspicious processes (unfamiliar names, high resource usage)
   • Check Startup tab for unknown entries
   • Open msconfig and review Services (hide Microsoft services first)
   • Check Programs and Features for recently installed unknown software

2. Quarantine

   • Disconnect from network (disable adapter in Network Connections)
   • Note: In a real scenario, you'd boot to Safe Mode here

3. Remediate

   • Run Windows Defender scan: Windows Security > Virus & threat protection > Full scan
   • Check scheduled tasks: taskschd.msc - look for suspicious entries

4. Document

   • Write a brief incident report: What did you check? What did you find?