< All CompTIA A+ Notes

neler13 | CompTIA A+ | Module 4.7 - Troubleshooting Security Issues

By: neler13 | Related Course: CompTIA A+ | Published: February 11, 2018 | Modified: February 12, 2018
Join Cybrary

NotepadTroubleshooting Part 2

May notice renamed system files. New or unknown files

Files disappearing.  Deleted or corrupted files look as if they are deleted but are not.

File permission changes – unable to open files/folders.

New system permission changes

New file ownerships

Access Denied

  unable to access files/directories

   Can’t take ownership of administrator files. 

Tools to use to remove from our system:

Signatures are cut and dry





Bootable scanners

Multiple Different Brands of malware

Search for rootkits

File/web protection


Recovery Console:

Restore system files/registry back to original state.

Command Prompt

-System Restore:

Restore to Point may become infected.  disable system restore.

Not change files/documents

Malware may infect

Best to have a disk that we can boot to that will remove the malware, viruses.

Pre Installation Environment-

     Able to boot and access files

     Recovery features

Use Event viewer to  show what malware has been doing and where it has spread. 

Any file/permission changes


Errors when we tried to access files or folders.

Mark this


NotepadTroubleshooting Security Issues

5. Schedule scans and updates.

Completing regular scheduled backups.

Update OS/applications

6. Enable System restore

Create a new restore point.

7.  Educate users why this happened.

Websites not to go to

8.  Installing Applications – don’t install everything unless

Data backups – let users know that encryption keys

Phishing Emails

Password – strong and change often

Update regularly  force updates if users are not updated.

Educate users on the importance of updates


NotepadTroubleshooting Security Issues (Part 3)

1.  Infected computer – Identify malware symptoms;

Unexpected behavior

Security alerts

Strange behavior

2.  Quarantine system

Remove from network

Remove Storage devices, external drives, etc

Disable file transfers /backups

3.  Disable System Restore that will delete all our system restore points.

4.  Remediate infected System

Update Antivirus

Scan again to verify the removal

Restart computer and scan again for antivirus.

Can become malware infected

Delete Restore Points

4.  Remediate infected system

update Antivirus

Scan/verify removal

INFECTED COMPUTER Identify Malware Symptoms

1. Unexpected Behavior

2. Security Alerts

3. Strange behavior

Quarantine System

1. Remove from Network

2. Remove storage Devices –

3. Disable file transfers/Backups shared folders

Disable System restore

1. Can become malware Infected

2. Delete restore points

Remediate infected System

1. Update Antivirus to current

2. Scan/verify removal/use more than one. Run from bootable device.  Scan all devices and servers/shares.

3. Restart computer and scan antivirus again.





Notepadtroubleshooting Security Issues Part 1

What symptoms for malware or virus?

1. Increase in popups may redirect to another website.

2. Browser redirection – hijacked Internet settings.

3. Security alerts – Trojans & Ramsomeware be aware of real security alerts and fake

4.  Slow performance on computer -Unnecessary resource usage. Maybe indication of malware.

5. Issues connecting to internet- using a lot of resources or poor performance.  Monitor baseline to track down issues.

6. PC lockups- maybe self replicating to stay alive.  Uses a high amount of resources.

7. What is normal

8.  Windows or security updates or antivirus does not install.  It changes your settings so you cant update services that blocks viruses.

9.  Antivirus – Don’t pay them the money to update our computer that was installed . Programs – look carefully at the information about another program. Make sure it is legitimate.

10  Phishing email – spam email,   Others complain to you that they are getting email from you that is malware, key logger or virus.Change password and clean up

< All CompTIA A+ Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?