Page 2 902 Software Troubleshooting Study Guide for the CompTIA® A+ exam

PC Security Issues

Some computer issues have to do with security. To address them, you should spot the signs of particular problems and know what tools are available to render a solution.

Symptoms

There are numerous symptoms that become evident on a PC infected with malware. Be sure you are familiar with these symptoms and know how to address them.

  • pop-ups: Pop-ups occur from a variety of reasons. While in a browser, a pop-up may expose you to malware if you choose to click on the pop-up. Pop-ups that occur randomly should be addressed with one of the available malware cleaners.

  • browser redirection: If you find your browser has been changed, or that results of a search come from a third-party site, it is likely that your browser has been redirected by malware. An anti-malware cleaner may or may not address the issue. You may want to restore your system from a known good backup.

  • security alerts: While browsing on the Internet, you may receive a security alert. This may tell you that the site is not secure or the site certificate is not trusted. Your browser will give you an indication of the problem and you need to determine the best course of action.

  • slow performance: If a system is infected with malware, system performance may be slowed considerably.

  • Internet connectivity issues: Malware-infected systems may prevent you from browsing to certain sites or you may be redirected somewhere else altogether.

  • PC/OS lock up: Malware can attack the operating system in a number of ways, even to the point where the system will no longer boot. A malware cleaner may address the issue or you may have to restore to a known good backup. You may be able to find the root cause by accessing the Event Viewer

  • application crash: Malware may cause applications to crash or you may get a message that says the program is no longer working.

  • OS update failures: Malware can interfere with normal operating system updates.

  • rogue antivirus: A rogue antivirus is actually a virus introduced when adding an anti-virus to the system. Always use trusted sites for antivirus software.

  • spam: Spam is unsolicited email messages, usually advertising a product, but may actually be a phishing attack. A good spam filter is one way to control this.

  • renamed system files: Malware can attack an operating system by simply renaming a system file, rendering it useless.

  • files disappearing: Malware can cause files to disappear by deleting the file or simply renaming it.

  • file permission changes: File permissions and ownership can be modified by malware.

  • hijacked email: One of the results of spam is to make a user the author of yet more spam. The unknown user is now being hacked to send out spam to others. If a user is receiving numerous responses from other users regarding email he supposedly sent, or starts to receive automated responses from users unknown to him, then there is a good chance his email has been hacked.

  • access denied: Malware can change the permissions of files, preventing access to the rightful user.

  • invalid certificate (trusted root CA): If you are browsing the Internet and receive a security alert that the site has an invalid certificate, it could indicate the site should be avoided or possibly something as simple as an incorrect PC clock setting because the site certificate date is too far from your PC’s.

Tools

Here are the tools used for troubleshooting security issues on a PC. Be certain you are familiar with each of them.

  • antivirus software: Antivirus software compares what is running on your system against lists of known signatures of malware. It is extremely important to keep your antivirus updated.

  • anti-malware software: Anti-malware software compares what is running on your system against lists of known signatures of malware. Be sure to keep your anti-malware updated.

  • recovery console: The Windows Recovery Console Command Prompt is accessible before the operating system boots by pressing F8. Since viruses are normally attached to the operating system, this allows you to run the system without the operating system actually loaded.

  • terminal: Linux and MAC OS X have a terminal screen that serves nearly the same function as Windows Command Prompt.

  • system restore/snapshot: System Restore allows you to go back to a previous time, bypassing any changes to the operating system that have occurred since the image was created. This is very useful in eliminating any virus that has attached to the operating system since that time. In Linux, the logical volume manager (LVM) creates a snapshot that serves the same purpose as Windows System Restore.

  • pre-installation environments: When using a repair DVD, you are in a Windows pre-installation environment that provides minimal features, such as a GUI. This minimal environment bypassed many of the drivers that may have caused problems initially.

  • Event Viewer: To see what is happening at any time, use the Event Viewer, which displays information about running applications, security data, and warning messages. Critical issues will be labeled there, as well.

  • refresh/restore: Refresh allows Windows 8 and 8.1 to reinstall the operating system without loss of your files and settings. This has the advantage of a fresh restore. Restore allows you to revert to an earlier point in time.

  • MSCONFIG/safe boot: In MSCONFIG, you can change the boot parameters in safe boot. In it, a minimal operating system is loaded, allowing access to the drive without having to load the operating system from the hard drive.

Malware Removal

Discovering malware is just the first step. Its removal is vital and you need to be completely familiar with malware removal methods.

  1. Identify malware symptoms. Malware is not often as obvious as strange error messages and odd security warnings. It may be as subtle as a slight slow down of the system or unexplained files appearing.

  2. Quarantine infected system. Any system suspected of being infected by malware should immediately be quarantined. Maintain all the files on the machine and don’t attempt to move them to another system.

  3. Disable system restore (in Windows). The next step after quarantine would be to disable system restore in Windows. You do not want the virus to infect your restore points.

  4. Remediate infected systems. The first step would be to ensure you have an updated anti-virus application with a new engine and signature files. Restart the system in Safe Mode, pre-installation environment, and run the virus scan.

  5. Schedule scans and run updates. When a virus is removed, set the anti-virus to automatically update the signature files and schedule scans to run.

  6. Enable system restore and create restore point (in Windows). The next step is to re-enable system restore and create Windows restore points.

  7. Educate end user. Perform some on the spot training for the user, explaining the proper procedures for email and Internet usage.