Lab 4: Identifying and Removing Malicious Software from Windows Systems (Coursework Sample)

SECTION 1: Hands-On Demonstration Part 1. Use Antivirus Software to Scan the Infected System the number of threats identified by the AVG scan (screen capture): The AVG scan identified 20 threats as shown below. research on 5 threats identified by AVG and possible remediation steps: viruses found: * Trojan horse PSW.Generic11.NYJ * Potentially harmful program Tool.IT * Trojan horse Dropper.Generic4. BVMA * Trojan horse Hider. BNG * Trojan horse PSW.Generic11.NYJ is another troublesome Trojan horse virus. It does the same things as the Trojan horse hider, but it can also access your firewall and disable your antivirus program. This allows for more viruses to enter your computer through a backdoor. Usually hackers who want to steal your identity for their evil purposes do this. Removal is not so easy since most good removal virus programs can detect it but can’t remove it completely. You could manually remove this virus but it involves many steps that are a bit complicated. * I couldn’t find much on Potentially harmful program Tool virus. I did however keep getting one called Hack Tool in all my searches for this virus, which is pretty much another privacy attacking virus, just like the previous two. It can also be removed with an anti-virus program. * Trojan horse Dropper a very malicious application. It gives way for hackers to gain access to your computer to modify, steal, or install anything they want. These become installed through downloads of games, or extra third party downloads from infected websites. The purpose of this virus is like the name implies. It drops “other malware files onto the compromised computer”. Just like the Win32/DH viruses having AVG or another anti-virus program can help the prevention of or can remove the virus in a few easy steps. * Trojan horse Hider seems to be a destructive virus. It is acquired by hiding on a web page and comes along when you download a file from that site. This virus is more meddlesome since it is considered a rootkit virus, which means it can root itself very deep in your computer and infect vital files. It is hard to detect since its code is changing every day, but you can suspect it if your network connection slows down, if your browser settings change, if you have annoying pop-ups, or if you are re-directed to ads when on Google. Removing this type of virus can be done with an anti-virus software, but it is also recommended to run a total anti malware program to help remove and left over invalid files. the empty Virus Vault (screen capture): Part 2: Scan a Windows Server 2016 Machine with Windows Defender 1. the number of items scanned by Windows Defender: 82284 2. the number of potential threats identified by the scan (screen capture): 3. successful completion of the cleaning process (screen capture): SECTION 2: Applied Learning Part 1. Use Antivirus Software to Scan the Infected System 1. the number of threats identified by the AVG scan (screen capture): 2. details of the VBS/Heur virus (screen capture): 3. details of the Linux/Backdoor Trojan horse malware (screen capture): the emptied Virus Vault (screen capture): Part 2. Scan Windows Server 2016 with Windows Defender 1. the number of threats detected by Windows Defender (screen capture): 2. the threat details window (screen capture): SECTION 3: Challenge Questions Analysis and Discussion In the lab, you used two antivirus software applications: AVG and Windows Defender. Why might someone use more than one application to protect their computer? In as much as it is not advisable to run two antivirus programs at the same time, it is beneficial to have two antivirus programs in one’s computer. Most antivirus software tracks down viruses, to identifies them, then send an update with virus definitions so that the sys...