A plus 1002 Sub-objective 3.2 – Dumps4shared

A plus 1002 Sub-objective 3.2

A plus 1002 Sub-objective 3.2 – Given a scenario, troubleshoot and resolve PC security issues.

Click here if you want to go back to the A+ 220-1002 Core 2 Table of Content.

Welcome to ExamNotes by Dumps4shared! If you are following these in order we hope you came through 3.1 intact!  Here in 3.2 we will use some of the same tools from 3.1 while paying closer attention to the security aspects of our situations and actions. Enjoy!!

Click here for the A+ Practice Test Bundle for A+ Exams 220-1001 & 220-1002

Common symptoms

Here we will look at some of the indicators that the system is
infected with malware or a virus. The term malware and virus can will be used
interchangeably on an infected system.

Pop-ups

Most users block browser pop-ups in their system. Many sites use pop-ups to generate revenue and some are targeted based on your behavior.  As a rule, your first real indication that your system is infected is the appearance of pop-up ads which can appear inside or outside the browser window. The presentation of pop-up ads in the browser while popups are disabled is a potential sign of problems, essentially the tip of the iceberg. The condition can be accompanied by unwanted browser toolbars. Many infections change your browser homepage to redirect traffic to a malicious site. Pop-ups outside the browser window leave little doubt, you have a problem. We will cover the techniques for dealing with this problem in detail later is “Best practice procedure for malware removal”. Just be sure that when you see a random message that your PC may already be infected don’t click the link in the pop-up, this is a classic infection attempt.

Browser Pop-up Blocker On

Browser
redirection

As mentioned earlier malware programs can change your homepage
or in the stealthiest cases route the traffic through a malicious site and then
display your correct homepage. All traffic handled on or through a malicious
site should be considered compromised. Watch the address line in the browser
for indications of this problem.

Security
alerts

False security alerts are a very common way to get novice users to click on links to malware and install it. User education is the best prevention method. The ability to discriminate between valid and invalid errors is essential. For example, a PC tool that does not exist on your computer cannot legitimately display an error.

Slow
performance

Slow performance can be attributed to a number of real system issues, too many programs and underpowered equipment being the most common non-malware issues. In the case of malware, you will find the offending programs consuming processor cycles, email, network resources, and local disk and memory.  Use the steps outlined in “Best Practices” below to resolve.

Internet
connectivity issues

When you experience issues connecting to a site it is important to be able to discriminate between actual problems and those written by older outdated malware. Use the command line to ping the local gateway. Use Ipconfig /all to check your settings. If necessary reboot to Safe mode with networking and access the command prompt.  If you are successful at the command prompt you have an infection and you should see the steps outlined in “Best Practices” further down this post.

Click here for the A+ Practice Test Bundle for A+ Exams 220-1001 & 220-1002

PC/OS lock up

Infected systems exhibit slow performance and system errors
caused by manipulation or deletion of system files. In the worst case the
system locks up or Blue screens. Reboot and take the steps necessary listed in
best practices.  Look at the Task manager and Event Viewer along with
update log files for your anti-malware programs and system update logs.

Application
crash

Applications that behaved normally before then suddenly crash
could very likely be exhibiting signs of an infection. Changes made by malware
to shared support files commonly lead to program failures for example if
malware infects a shared file like a .DLL or .OCX file any program that
attempts to use it will fail with the potential for infection. Take the steps
necessary listed in best practices.

OS updates
failures

Any self-respecting virus author will set his product to block
internet access for all known antivirus and antimalware websites they will also
prevent system protections like updates for Windows defender and any system
updates to prevent detection. Here is a look at a blocked AV/malware program
update.

Antivirus Fails to Connect to Server

Rogue
antivirus

Let’s use an example here. Your customer was presented with a
popup that warned of an infection and offered a fix using their free tool. They
click ok and allow the program to install.  Now not only are they infected
their basic system safeguards may be compromised allowing other infections. It
is not unusual to find malware that disables windows protections like the
Windows firewall or defender. Here is a Firewall that has been taken over.

Compromised Firewall

Spam

Undoubtedly a familiar term to most SPAM is the term we use for unsolicited email messages. These messages are often simple commercial ads sent to your email address because you inadvertently shared it. On the other hand, valid email address lists are prizes for malware perpetrators. They can be used to send you malicious payloads disguised as images or web links.  It is important that you handle unsolicited emails especially those with attachments with caution. Do not open them under any circumstance. Here is a typical attempt to get you to open an infected document. It is disguised as an electronic receipt from a business. The user may or may not have made a purchase so there is a percentage of the recipients that will click the attachment and become infected.

Example of Spam-Phishing Malware

Renamed system
files

System errors related to the filesystem can be attributed to
malware. The malicious payload can rename system files making them unusable by
the system. This can cause errors up to and including the dreaded BSOD.

Disappearing files

Certain malware can create a backdoor allowing hackers to do any
number of things. One tactic set the file attributes to hidden and although the
files are actually present the user cannot see them. While this will not impact
system files the user will have difficulty accessing the content.

File
permission changes

Another malware tactic is to alter the users file permissions to
make files seemingly disappear and or become inaccessible.

Hijacked email

Your email account can be compromised in cases where you have
clicked a phishing email, use a weak password or if you communicate with your
email server in plaintext (unencrypted). Unencrypted communications can be
intercepted in wireless hotspots and your credentials can be used to send
malware email blasts of spam through your server. This will appear as
legitimate traffic until it is detected by either your administrative staff or
by you as you begin to receive bounced back emails from failed attempts to
reach bad email addresses. There is a difference between hijacking and spoofing
as we will see next.

Responses from
users regarding email

You can consider your account hijacked if you begin to get
replies from people you know about strange emails that you did not send. This
is a sign that the malware has access to your contacts. Hopefully the
recipients have enough sense to recognize spammed communications. If your
account is spoofed it does not use your email credentials only your email
address as the “From” address and you will receive anything that bounces back.

Automated
replies from unknown sent email

If you receive “Out of Office” type replies from people you
don’t know this is another sign of malware. The recipient’s automated response
is sent to anyone attempting to send email to that person. Interestingly this
automated reply can be used to validate email addresses and return server
information.

Access denied

As we noted earlier a sure sign that you have a malware issue is the inability to access your files. Hackers with administrative access to your system can wreak irreversible damage. You will notice this when you get an access denied message while attempting to access a file or folder that you created. This indicates a permission change on your account or the content itself. Either situation is bad. In the worst case of ransomware a covertly installed program encrypts the Master File Table and holds it for ransom. The user is accused of everything from terrorism to pornography and is locked out of their system until a ransom is paid and a decryption key is issued.  You may or may not get the decryption key but that is the only practical way to recover your data. One infected user actually turned themselves into the FBI as a result of this attack as he was guilty of some of the charges. Long story short be careful what you open and click on.

Click here for the A+ Practice Test Bundle for A+ Exams 220-1001 & 220-1002

Invalid
certificate (trusted root CA)

Security is often handled behind the scenes. When accessing a secure website (HTTPS) for example its SSL Certificate is examined. There is a main Certificate Authority (CA) that issues root certificates which are downloaded to the clients validating the server authenticity. The certificate is examined upon access and compared to the stored list. First, we will look in the Internet Properties Content tab to see the Trusted Certificates installed and look at a bit of the Microsoft Trusted CA’s 4096 bit Public key.

Microsoft Root CA

If there is a problem you will have to bypass a warning to
continue. The errors could be an expiration of the certificate, a certificate
issued to a host other than the one being accessed, issued by an untrusted
root, revoked and more. Here is a sample of an untrusted root. The
recommendation is that you close the page. You have the option to continue or
get more information as shown. Examine these messages carefully before you
decide to continue.
Well, that’s
everything for objective 3.2. Hope you enjoyed it! Don’t just sit there! Look
for 3.3! This stuff doesn’t learn itself!

Pass Your IT Certification Exams With Free Real Exam Dumps and Questions

Full Version 220-1002 Dumps

Tagged ,