Your computer is infected by E-mail tracking and spying Trojan. This Trojan infects the computer
with a single file – emos.sys
Which step would you perform to detect this type of Trojan?
A.
Scan for suspicious startup programs using msconfig
B.
Scan for suspicious network activities using Wireshark
C.
Scan for suspicious device drivers in c:\windows\system32\drivers
D.
Scan for suspicious open ports using netstat
C
Anyone has explanation?
Some *.sys file trojans work as a service or driver. EMos is one of them.
emos.sys typically hides as a driver. But AV and Anti Malware will usually catch it. Manually looking for it might find it but it is actually a useful file and deleting it will cause issues. So scanning with AV is the best bet.