A technician performs a virus cleaning on a computer that has been redirecting all browsers to a phishing website.
System Restore was turned off before the cleaning.
The technician runs the machine through several scanners, and then tests for redirection.
A smaller number of sites are still redirecting to the phishing website.
The antivirus software correctly blocks the website.
Which of the following should the technician do NEXT?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
Based on the scenario provided, the technician has performed a virus cleaning on a computer that was redirecting all browsers to a phishing website. Although the machine has been scanned through several scanners, a smaller number of sites are still redirecting to the phishing website. The antivirus software correctly blocks the website, which is a good sign. However, the technician needs to take further action to completely remove the infection from the computer.
Option A: Check the contents of the hosts file The hosts file is a simple text file that maps hostnames to IP addresses. It is used by the operating system to resolve domain names to IP addresses. Checking the contents of the hosts file is a good step to take to ensure that the redirect to the phishing website is not being caused by a rogue entry in the hosts file. The hosts file can be located in the Windows/System32/drivers/etc/ directory on a Windows system. If the technician finds any suspicious entries in the hosts file, they should delete them.
Option B: Do a System Restore to a date before the infection If System Restore was turned on before the infection occurred, then the technician could use this option to restore the computer to a previous state before the infection. However, since System Restore was turned off before the cleaning, this option is not available.
Option C: Rerun the antivirus scan with higher sensitivity Rerunning the antivirus scan with higher sensitivity is a good step to take to ensure that all infections have been removed. However, since the antivirus software has already blocked the phishing website, it is likely that the infection has been contained. The technician may still choose to rerun the antivirus scan, but it is not the next best step to take.
Option D: Rebuild the OS on the machine Rebuilding the OS on the machine is a drastic step and should only be taken as a last resort. If all other options have failed, the technician may need to rebuild the OS to ensure that the infection is completely removed. However, since the antivirus software has already blocked the phishing website, it is unlikely that a full OS rebuild is necessary.
Therefore, based on the scenario, the next best step for the technician to take is Option A: Check the contents of the hosts file.