GIAC Certified Incident Handler (GCIH) — Question 10

Which of the following is the most effective at eradicating a system infected with a Rootkit?

Answer options

• A. Disable the rootkit service in Control Panel/Administrative Tools/Services
• B. Format the drive, reinstall the OS applying any applicable patches, and change passwords
• C. Uninstall the Rootkit via Add / Remove Programs
• D. Delete the rootkit files and remove the startup shortcut

Correct answer: B

Explanation

The correct answer, B, is the most thorough approach as it ensures that all traces of the rootkit are removed by formatting the drive and reinstalling the OS. Options A, C, and D may not completely eliminate the rootkit, as they could leave remnants that might allow the rootkit to persist or reinfect the system.