3.1 3.2 3.3 3.4 3.5 Flashcards
An IT support technician needs to know how to recognize that a system is infected.
Step 1: Identifying and Researching Malware Symptoms
are small windows or dialog boxes that suddenly appear on top of a website’s content when you visit a web page. These windows typically contain advertisements, promotions, or other marketing messages.used by advertisers to capture the user’s attention and promote their products or services
Pop-up ads
Browser redirection occurs when you are redirected from the webpage you intended to visit to a different webpage
Browser Redirection
When the user tries to run Windows Defender (anti-malware software embedded in Windows 10), it refuses to run. She opens the Action Center to find that Defender has been disabled because other antivirus software she did not install is running.
Rogue antivirus software
Generally, the system works much slower than before. Programs take
longer than normal to load. Strange or bizarre error messages appear. Programs that once worked now
give errors. Task Manager shows unfamiliar processes running. The computer’s operating system___
Lock up
These types of problems seem to plague the system with no reasonable explanation that is specific to the network, application, or Windows update.
Internet connectivity issues, application crashes, and OS update failures.
The Administrative Events logs in Event Viewer report system and application errors, system crashes, application crashes, and failed OS updates.
System and application log errors.
File names now have weird characters or their file sizes seem excessively large. Executable files have changed size or file extensions change without reason. Files mysteriously disappear or appear. Windows system files are renamed. Files constantly become corrupted. Files you could once access now give access-denied messages, and file permissions change.
Problems with files.
You receive email messages from other users saying you have sent someone spam or an infected message, or you receive automated replies indicating you sent email you didn’t know about. This type of attack indicates that your email address or email client software on your computer has been ___. Extra spam you’re not accustomed to seeing shows up.
hijacked
Even though you can browse to other websites, you cannot access anti-malware software sites such as symantec.com or mcafee.com, and you cannot update
your anti-malware software.
Invalid digital certificates. An
Problems updating your anti-malware software
An OS is responsible for validating certificates used to secure communication. For Windows, Microsoft maintains a database of trusted root certificates issued by __
Certificate
Authorities (CAs).
A root certificate is the original certificate issued by the CA. When a Windows system opens a secure email or visits a secure website and encounters a new digital certificate, it requests Microsoft’s trusted ____, which is downloaded to the computer. The download happens seamlessly without the user’s knowledge unless there’s a problem. If Windows cannot obtain the ____ to validate the email or website, it displays an error
root certificate
You can use the ___to view and delete root certificates
Certificate Manager (certmgr.msc)
If an infected computer is connected to a wired or wireless network, immediately disconnect
the network cable or turn off the wireless adapter. You don’t want to spread a virus or worm
to other computers on your network.
Step 2: Quarantining an Infected System
A ____ is not allowed to use the regular
network that other computers use. If you need to use the Internet to download anti-malware
software or its updates, take some precautions first. Consider your options. Can you disconnect other
computers from the network while the infected computer is connected? Can you isolate the computer from
your local network and connect it directly to the ISP or a special quarantined network? If neither option is
possible, try downloading the anti-malware software updates while the computer is booted into Safe Mode
with Networking or after a clean boot. (Safe Mode doesn’t always allow downloads.) Malware might still
be running in Safe Mode or after a clean boot, but it’s less likely to do so than when the system is started
normally.
Always keep in mind that data on the hard drive might not be backed up. Before you begin cleaning up
the system, back up data to another media.
quarantined computer
In Windows, some malware hides its program files in restore points stored in the System Volume Information folder that’s maintained by System Protection. If System Protection is on, anti-malware software can’t clean this protected folder. To get rid of the malware,____System Protection so that anti-malware software can clean the System Volume Information folder
turn off / Step 3: Disabling System Restore
Before selecting anti-malware software, read reviews and check out reliable web sites that rate anti-malware software
When An Infected Computer Will Not Boot:
- The boot manager, boot loader, or kernel mode drivers might be infected or damaged
-Launch the computer into Windows Recovery Environment (Windows RE)
- Use the Startup Repair process to repair the system
-Update and Run Anti-Malware Software Already Installed
-Update software and perform a full scan
-Run Anti-Malware Software from a Networked Computer
-Install and Run Anti-Malware Software on the Infected Computer
-Install and Run Anti-Malware Software in Safe Mode
-Run An Anti-Malware Scan Before Windows Boot
-Run More Than One Scan of Anti-Malware Software
Step 4: Remediating the Infected System
-Clean Up What’s Left Over
Respond to any startup errors
Research malware types and program files
Delete files
Clean the registry
Clean up your browsers and uninstall unwanted programs
Step 4: Remediating the Infected System
Once your system is clean, you want to keep it clean
Three best practices to protect a system against malware:
-Use anti-malware software
-Always use a software firewall
-Keep Windows updates current
Step 5: Protecting the System With Scheduled Scans and Updates
Once the system is clean:
-Turn System Protection back on if necessary
-Create a restore point
Step 6: Enabling System Protection and Creating a Restore Point
Go over with the user some tips presented earlier in this chapter to keep the system free from malware
Even with all your security measures in place:
A user can still download and execute a Trojan, which can install more malware in the system
Step 7: Educating the End User
-Startup and shutdown _________
* Bad hardware, bad drivers, bad application
- Use Last Known Good, System Restore, or Rollback Driver
if you think your problem is related to recent change to the system
* Try Safe mode
- Re-seat or remove the hardware
- If possible
hardware maybe lose connection.
For example,
Memory sticks and Hard drives - Run hardware diagnostics
- Provided by the manufacturer
- BIOS may have hardware diagnostics
Blue Screen of Death (BSOD)
Proprietary crash screens such as the Windows STOP error ___ can be caused by operating system, application, or
hardware errors.
Blue Screen of Death (BSOD)
If Windows is configured to reboot when a STOP error occurs, the system will continuously reboot until the error is resolved. To leave a STOP error message onscreen until you decide to restart the system, clear the Automatically Restart check box in the System Failure setting in the Startup and Recovery section of Advanced System Properties. This is accessed via Control Panel > System > Advanced System settings.
Under Startup and Recovery, select Settings.
Blue Screen of Death (BSOD)
Regardless of when a _____ error occurs, your system is halted by default. If the computer does not restart on its own, you must turn off
the system and turn it back on. Before you do that, however, record the error message text and other information so that you can research the
problem if it reoccurs.
Blue Screen of Death (BSOD)
The symptom of ___ Incompatible or defective hardware or software:
Solution :
Start the system in Safe Mode and uninstall the last hardware or software installed. Acquire updates before you reinstall the hardware or software. Exchange or test memory. Run SFC/scannow to check for problems
Blue Screen of Death (BSOD)
The symptom of ___ Registry problems:
Solution :
System Restore can also be used to revert the system and registry to an earlier state.
Blue Screen of Death (BSOD)
The symptom of ___Viruses:
Solution :
Scan for viruses and remove any that are discovered.
Blue Screen of Death (BSOD)
The symptom of ___ Miscellaneous causes:
Solution :
Check the Windows Event Viewer and also check the system log. Research the BSOD with the Microsoft Support website.
Blue Screen of Death (BSOD)
Researching ___Causes and Solutions To determine the exact cause of a STOP error, note the number or name of the error (for example, “STOP 0x0000007B, HAL INITIALIZATION FAILED”) and look it up at the Microsoft support website: https://support.microsoft.com. When you search for the error, be sure to specify the version of Windows in use.
Blue Screen of Death (BSOD)
System is not configured for maximum performance
solution
To solve this problem, set the Power setting to High Performance using the Power options icon in the notification area or the Power options in the Control Panel. This option is not available on tablets.
Sluggish Performance
Drive containing paging file and temporary files is nearly full or badly fragmented
Solution:
Use Disk Cleanup in the drive properties to remove unwanted files, check the drive for errors, and defragment the drive. If you have more available space on a different drive, use the Advanced tab in the system properties to change the location of the paging file and temp files.
Sluggish Performance
System is overheating and CPU is running at reduced speed
Solution: Remove dust and dirt on the CPU and system fans. Check for adequate airflow through the system. Change back to the Balanced power setting.
Sluggish Performance
Memory is running low
Solution: Add RAM; this fixes many performance problems. For better performance, exceed the minimums recommended for the version of Windows in use.
Sluggish Performance
Sudden performance drop occurs
Solution: Check for viruses and malware; this is especially important if performance has suddenly plunged.
Sluggish Performance
Registry error messages appear
Solution:
The program CCleaner is widely used for this task.
Sluggish Performance
____ such as failure to boot can be caused by several issues, including incorrect boot order configuration in the BIOS/UEFI, corrupt or missing boot files, missing driver files, or even a failing CMOS battery.
Boot problem
The symptom of ___ bootmgr is missing
Solution:
1) Boot to the System Recovery options and select the Startup Repair option. This should automatically repair the system and require you to
reboot. To access the options in Windows 10, locate the Advanced Startup Settings menu.
2)Boot to the System Recovery options and select the Command Prompt option. Type the bootrec /fixboot command
Boot problem
This command repairs or replaces the Master Boot Record (MBR) of the system partition. The MBR is a critical component of the boot process and contains information about how the operating system is loaded.
bootrec /fixmbr