Certified Ethical Hacker (CEH v11) — Question 65

A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may have installed a trojan on his computer.
What tests would you perform to determine whether his computer is infected?

Answer options

• A. Upload the file to VirusTotal.
• B. You do not check; rather, you immediately restore a previous snapshot of the operating system.
• C. Use ExifTool and check for malicious content.
• D. Use netstat and check for outgoing connections to strange IP addresses or domains.

Correct answer: A

Explanation

The correct answer is A because VirusTotal allows for comprehensive analysis of files for malware, providing a quick and reliable assessment. Option B is not advisable as it does not identify the current threat. Option C, while useful for analyzing metadata, may not specifically reveal trojan activity. Option D can be beneficial for identifying active connections, but it does not directly assess the file in question.