Time
5 hours 33 minutes
Difficulty
Beginner
CEU/CPE
3

Video Description

Troubleshooting Security Issues Part 1 Welcome to Cybrary IT's A+ course. In today's lesson we examine how to identify and resolve security oriented issues that materialize on computing system as well as the network. We begin with a discussion how to identify adware, malware ad what types of security issues they present such as Popups, or Browser redirection which are significant issues, we'll discuss what happen to allow this and what can happen as a result of them sniffing internal network traffic. Other issues that materialize include slow performance, security alerts from the antivirus tool we're using, and poor internet connectivity issues, SPAM, what happens when email is hijacked and how rouge antivirus software attacks a system. So we discuss in detail how to identify them, avoid them and minimize their affects once discovered.

Video Transcription

00:04
Hi and welcome to cyber dot i t. My name's Anthony and I'm your local subject matter expert here for a plus. And today we're gonna be talking about troubleshooting common security issues.
00:13
So when we encounter malware or viruses on our computer, what symptoms we're going to see,
00:17
Well, it's important to remember that these symptoms may not be very obvious. Part of the best features of good malware or good virus is being ableto hide, not being very obvious. As soon as the malware becomes very loud or soon as a virus makes itself known, then it makes it easier for it to be discovered.
00:33
Once it's discovered, its signatures could be added into anti virus programs, and these anti virus programs could be updated for the malware to be removed.
00:41
So again, malware wants to be quiet. So it's important to be able to know these symptoms and know the see these minute symptoms that may occur so that we can notice malware, and we may be able to get this removed from our system. One of the more obvious symptoms we may see is we may notice an increase in pop ups.
01:00
Now, pop ups are going to be ads that
01:03
advertises anything from new furniture. Two things we can buy on the Internet to illegitimate items. So we want to try to track down this these pop ups and they may be provided by adware. Malware. Now these pop ups may look like they're part of Web pages that were visiting,
01:21
or they may just pop it randomly on our desktop.
01:23
This may be because of redirection by our browser. We may click on one particular website and we go to that Web site. But then we also get redirected to a different website. So we want to make sure that we're looking out for that. We say, Hey, this isn't how this website usedto look. It didn't seem like this website used to have all these pop up ads everywhere that I can't get rid off.
01:45
This may be pop ups that are caused by adware at malware. This on our computer.
01:49
Speaking of browser redirection, browser redirection is when our
01:55
Internet is hijacked, our Internet settings, this hijack our hijack and our browser is essentially being redirected to different websites. This may be because of a script that has been added in to our Internet settings. This maybe because our Internet is now being redirected through a proxy
02:12
or maybe simply being redirected to other websites.
02:15
It's important to get rid of this browser hijacking as soon as possible, or the sprouts of redirecting as soon as possible, because our hijacked Internet settings can make it so that any information we're trying to send to the Internet is going through.
02:29
Someone else's proxy is going through a location where someone else could monitor. Everything we're doing on the Internet can monitor the traffic that we're pushing out on the Internet. And if they're able to sniff our traffic or sniff passwords and sniff credentials from our traffic, they may be able to use those against us and steal our information.
02:46
So we may also be receiving security alerts. Now these security alerts may be in the form of our legitimate security alerts. Obviously, if we get an anti virus alert where we get some firewall alerts, then we're probably gonna have probably having some malware. We're having an attack is coming against us. There's always
03:05
the thing that's known as false positives
03:07
that that's when our anti virus picks up on something that is not a virus, but it thinks it ISS. So it pops with a message that says, Oh, hey, you have an infection, this file's virus And we say, No, it's not. It's a file that I that I know is good.
03:22
I researched this file and found that it is good, but I found also information
03:27
from legitimate sources that it may pop a couple of anti virus is. So I'm gonna add usedto exclusions list. But our security alerts, maybe from false anti virus programs, these anti virus programs may say, Hey, you need to update your anti virus. You need to pay me $29 so I can remove this many 100 viruses.
03:46
Well, that could be some Trojans or some ransomware.
03:50
We want to be aware of the difference between legitimate security alerts and fake security alerts and be able to, you know, use the knowledge of when we're getting the security alerts that we need to clean up our system.
04:00
So we also may be noticed some slow performance. We may start up our computer and without even doing anything, our computer seems slow. It seems sluggish has longer boot times and load times we may want to pull up in a task manager, look at a resource monitor and see what service is, what applications. Maybe you'd utilizing all of these. Resource is,
04:20
we may notice that there's one particular service that we don't know what that is. There's one particular application running in the background
04:27
that seems to be rude. Resource Heavy seems to be using a lot of our processes and seems to be using a lot of network connectivity. Seems like it's sending out a lot of data, and we want to track down and see if we can find out if that's malicious or not, so we can go online. We can search by that application name. We can go to some foreign security forms
04:44
that provide information on different applications, whether they're good or not,
04:47
and see if we can track down and see if that service is malicious or not.
04:51
Root kits will actually attempt to hide their own service's will attempt to hide their activity, so just because we can't see where the slow performance is coming from doesn't mean that slow performance. If we've checked all of our other settings and make sure it's not an application issue or a resource issue or a hard disk having problems,
05:12
it seems like it's just coming out of nowhere
05:14
on a slow performance may be an indicator of malware infection.
05:18
Now we have our Internet connectivity. If we have issues connecting to our Internet, maybe we have some intermittent network connectivity problems or we seem to have really high network usage. We're not doing anything. And we turned off all of our applications turned off Spotify. We've turned off our outlook, turned up our windows updates with
05:36
temporarily disabled our windows updates.
05:40
We say with everything that could be really talking out and trying to use our network connectivity. But
05:46
we run a net stat. We see what network locations were connecting to and there's still a couple going on. There were still using a lot of network connectivity. Well, this could be it. This could be a symptom of malware collecting our information and sending it out to somebody. There may be a connection into our computer ATT that point in time which
06:04
it's scary to think about that. Maybe someone connecting,
06:08
promoting into and watching our computer right at that moment.
06:11
So we need to make sure that when we're seeing unusual Internet connectivity uses when we're seeing slow performance, that's just coming out of nowhere. We haven't recently installed any applications. We haven't made any recent changes to our computer. Or maybe we did install an application, and that application was a little bit sketchy.
06:28
We need to make sure that we're monitoring that were monitoring our computer baselines. And we know what our computer it acts like normally,
06:34
so that when it starts to act abnormally, when it starts to act incorrectly, we can use that information. We can track down issues, and we've been tracked down if we're possibly infected with malware.
06:46
Next, we have PC rock ups much like slow performance PC lockups. Everyone's experienced went. You may also experience it when you're running several different application, and all of a sudden you just can't do anything. Your computer's having problems. Actually, being able to perform it may freeze. You may not be able to open a certain application. You may not be able to copy and paste,
07:06
and these PC lockups may be a symptom of a malware infects infection.
07:11
Malware may use ha. High amount of resource is especially if this on the malware isn't coded very well, and it keeps self replicating and creating several different instances of itself to try to keep itself alive, Some our has some mall wears have persistency modules, which will try to create new instances of themselves if they
07:30
if they think that they're old instances, have been terminated,
07:33
so they may just keep creating new instances they may keep creating new service is they're using, Ah, high amount of our resource is and causing these PC lockups. We may notice that we have several back out ground processes and several background applications that we've never noticed before. This is why it's good to have a good understanding
07:51
of what background processes are. Computer runs normally,
07:57
maybe we want to create a list of the background applications and processes that are computer runs on startup that it just has running. When our computer was fresh out of the box. When you need to compare those, we need to know what one. What processes are normal, be able to research those online
08:13
and possibly narrow down these background process is with me
08:18
come out of nowhere, which are an indicator of malware. We may notice Windows updates, updates fail as well as different applications such as our anti virus may just suddenly fail. We may go and try to pull these updates when they try to pull certain security updates, and we can't we can't pull them. We can't download them, we can install them,
08:37
and the same with our anti virus or anti virus may turn off. Our anti virus may stop pulling updates,
08:41
and this may be a result of malware infection. Mom, where our malware may go in and change the registry settings, may change our Windows update settings so that we can't patch our system. We can't fix the holes that the Mauer's created so that it can come in and so that it confected us. So if we're noticing of normal,
09:01
a normal update pulling
09:03
for noticing their applications, suddenly telling us to update that we've river installing these applications. Frankly, we need to make sure that this isn't a malware infection, that this isn't a this isn't malware, preventing us from updating service's, which could block the malware. Next. We have rogue anti virus
09:20
if we use our computer and we use it on a regular basis, or we manage your own computer and we know what applications go on the computer
09:26
and all of a sudden and anti virus program pops up out of nowhere. We didn't insult this anti virus program. We never we have an 80 virus program we didn't install the 2nd 1 that we've never heard of. And all of a sudden, this anti virus program starts telling us that we have 100,000 viruses on our computer.
09:41
Well, we severely doubt that.
09:45
Um,
09:46
so this road anti virus may actually be malware itself A lot of times, it may be a Trojan that came bundled with some other software that we installed. It may be a drive by download and may just be a Web page that popped up and that said that we needed to do a malware scan and we could just close the web page, um,
10:05
this rogue anti virus. We need to make sure that we don't pay them the money that they're requesting to clean up our computer a lot. But many of the times we end up lucky. If the 29 95 that we paid them actually was all that they took from our credit card information.
10:24
So we need to be careful when we see these rogue anti viruses pop up.
10:28
And
10:30
most of the time, these rogue anti viruses that we never installed that we didn't put on our system are illegitimate.
10:37
Legitimate programs aren't just going to install themselves on our computer without any consent at all.
10:45
We may run into programs that installed because they were bundled with other applications, but those programs are. That's why it's important to make sure that warrant when we're installing applications. We look very carefully at the next, next next next next button and just don't click all the way through. We may hit next
11:03
to the terms of service, and then the next three screens are asking us, Do you want to install this cool program that's a partner with us and pays us and gives us money to put this program here to see if you want to install it and has Yes, I want it install automatically checked. If that's not the program you're trying to install. We want uncheck that box before we hit next,
11:22
So be careful and look at what you're installing
11:24
before you just hit the next button.
11:26
Now we have spam.
11:28
Spam is e mails that were receiving that.
11:31
We know our illegitimate. They may be trying to sell us.
11:37
They may be trying to sell us a product that we never requested information for. They may be phishing e mails that are trying to get us to click a link or click a download that we don't want, and we may notice that we all sudden start getting a lot of these sent to us. We may have accidentally clipped one of the links, and that link may have triggered a virus alert on our system.
11:56
We may have
11:58
a lot of these spam emails coming from our email account.
12:01
Our next topic is our hijacked email. We have others complaining that spam is coming from our email account.
12:07
Well, a sudden influx of spam or a seven
12:13
complaint from people that we know that spam is coming to their computers may be an example of virus on our computer, even though we may host our email on another. Another company's Web servers we may actually use Gmail or Yahoo Mail or Microsoft
12:31
are Microsoft Live Male or Hotmail.
12:33
These e mail service is
12:35
a lot of times, especially in the case of hijacked emails. If we have a strong password, if we're careful about how we log in and what computers we used to log into our email, our computer, our own computer may actually have now on it. There may be a key logger on our computer that's logging on that information logging what websites we go to on what usernames and passwords we use
12:56
and sending them to some other source who's there logging and after us
12:58
and using our account to send all this mail or may just be a virus on our computer that really recognizes when we're logged into email and then starts using that email to send out spam. So we need to take spam that sent us and spam that is being sent from us very seriously and recognize that they may not just be a compromise password,
13:18
but they may actually be Mao on our system. So we need to try to clean up our system, and we want to also change our password and not just leave it,
13:24
leave our password the same just cause we've gotten rid of the malware

Up Next

Troubleshoot Critical Systems

Diagnosing system malfunctions and finding a solution is an important skill for help desk professionals to develop. Expand your knowledge of the troubleshooting theory in less than an hour.

Instructed By

Instructor Profile Image
Anthony Harris
Systems Analyst and Administrator at SAIC
Instructor