CompTIA Security+ (SY0-501) — Question 805
A company is experiencing an increasing number of systems that are locking up on Windows startup. The security analyst clones a machine, enters into safe mode, and discovers a file in the startup process that runs Wstart.bat.
@echo off
:asdhbawdhbasdhbawdhb
start notepad.exe
start notepad.exe
start calculator.exe
start calculator.exe
goto asdhbawdhbasdhbawdhb
Given the file contents and the system's issues, which of the following types of malware is present?
Answer options
- A. Rootkit
- B. Logic bomb
- C. Worm
- D. Virus
Correct answer: B
Explanation
The correct answer is B, a Logic bomb, as the script is designed to execute repeatedly and cause disruption when the system starts. The other options do not fit the behavior exhibited here; a Rootkit is typically used to hide malware, a Worm spreads across networks, and a Virus attaches itself to files but doesn't operate in this looping manner.