Certified Ethical Hacker (CEH v12) — Question 309

A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may have installed a trojan on his computer.

What tests would you perform to determine whether his computer is infected?

Answer options

• A. Upload the file to VirusTotal.
• B. You do not check; rather, you immediately restore a previous snapshot of the operating system.
• C. Use netstat and check for outgoing connections to strange IP addresses or domains.
• D. Use ExifTool and check for malicious content.

Correct answer: C

Explanation

The correct answer is C because using netstat allows you to identify any suspicious outgoing connections that may indicate a trojan is active on the system. Option A, while useful, only checks the file itself and does not assess the system's current state. Option B skips necessary checks and could lead to data loss, and option D is not as effective for detecting trojans compared to monitoring network traffic.