2.6 Given a scenario, implement procedures for basic small office/home office (SOHO) malware removal.
📘CompTIA A+ Core 2 (220-1202)
What does “quarantine” mean?
- Quarantine means isolating the infected computer or file so it cannot communicate with other devices or the network.
- Think of it as locking the system away from the network until it is clean.
- During quarantine, the system can still be analyzed, repaired, or cleaned, but it cannot spread malware.
Why is quarantining important?
- Stops malware propagation: Malware often spreads via network connections, USB drives, or shared folders. Quarantine prevents this.
- Protects other systems: By isolating the infected system, other computers on the network stay safe.
- Allows safe analysis: IT technicians can examine the malware without risking the network.
Steps to Quarantine an Infected System
Here’s a simple, step-by-step procedure that’s SOHO-friendly:
1. Identify the infected system
- Watch for signs of infection, such as:
- Slow performance
- Strange pop-ups or alerts
- Unknown programs running
- Disabled antivirus or firewall
- Use tools like Task Manager, antivirus alerts, or system logs to confirm infection.
2. Disconnect the system from the network
- Unplug Ethernet cables or turn off Wi-Fi.
- This prevents malware from spreading to other devices or servers.
- Do not share files or external drives from this system until it’s clean.
3. Enable Safe Mode (Optional but recommended)
- Booting into Safe Mode with minimal drivers can prevent malware from running.
- How:
- On Windows: Restart → press F8 (or hold Shift + Restart) → choose Safe Mode with Networking if internet access is needed, or Safe Mode if not.
- Some malware cannot start in Safe Mode, which makes removal easier.
4. Run antivirus or anti-malware scans
- Use the installed antivirus software, or a trusted malware removal tool.
- Most antivirus tools have a “Quarantine” or “Isolation” option for infected files:
- Quarantined files are moved to a safe folder where they cannot execute.
- They can later be deleted, repaired, or restored if needed.
5. Document actions
- For IT documentation, note:
- Which system is infected
- Which malware or alerts were detected
- Steps taken to isolate and remove malware
- This helps in case of future incidents or audits.
6. Clean the system
- After quarantining:
- Run a full system scan
- Update the operating system and antivirus
- Remove temporary files and unknown programs
- Once cleaned, reconnect the system to the network carefully, monitoring for suspicious activity.
Key Notes for the Exam
- Quarantining is a preventive measure: It doesn’t clean the malware directly but stops it from spreading.
- Disconnect from networks immediately: This is often tested in scenario questions.
- Safe Mode + antivirus scans is the recommended method for removal after quarantine.
- Documentation is part of IT best practices, even in SOHO setups.
Quick Summary Table
| Step | Action | Purpose |
|---|---|---|
| Identify infected system | Look for unusual behavior or antivirus alerts | Know which system is affected |
| Disconnect from network | Unplug Ethernet/Wi-Fi | Stop malware from spreading |
| Safe Mode boot | Boot Windows in Safe Mode | Prevent malware from running |
| Scan & Quarantine | Run antivirus/malware tool | Isolate infected files safely |
| Document actions | Record incident details | Maintain IT records |
| Clean & reconnect | Remove malware, update system | Return to safe operation |
✅ Exam Tip: In SOHO malware removal scenarios, CompTIA often gives a multiple-choice question like:
“A user reports their PC is behaving strangely. Which of the following should you do first?”
The correct answer is usually:
“Disconnect the system from the network to prevent malware spread.”
