Time
5 hours 33 minutes
Difficulty
Beginner
CEU/CPE
3

Video Description

Troubleshooting Security Issues Part 3 For this segment of the module, we look at the necessary steps to cleaning an infected system, and steps to assure Malware is gone. Before we remove malware, we review how identify the characteristics of malware such as strange behavior and security alerts. Then we discuss how to quarantine and what that process really does, how to determine if we need to disable system restore and how to remediate an infected computing system and what we need to do to verify our desired removal outcomes.

Video Transcription

00:04
So we have malware on our system. We took a look at what we need to do to identify that we have it on our system. We took a look at some of the tools that we're gonna need to remove the malware and to identify it. Our system. Now, let's take a look at the steps we need to take to make sure that we remove the malware correctly. We remove it
00:21
fully, and we don't allow it back on our system.
00:24
So
00:25
over here on our right side of the board, we're going to start with
00:29
infected computer and get it uninfected. And then after that, we're gonna move to our left side, and we're going to talk about what we do after our computer is now clean.
00:38
So we've identified our malware symptoms. We talked in depth about the different
00:44
symptoms. That meat may be presented. We have malware on our system on everything from unexpected to strange behavior. Security alerts on our system, high network usage. Hi. Resource usage, password, a password, protected files or permission in our files that we no longer have permissions. The access
01:02
that suddenly appear on our system or suddenly are changed on our system.
01:06
We again talked in depth about this a little bit earlier, so we'll go ahead and move on to our next step, which is quarantining our system. So now we know we have malware on our system or were at least pretty sure that we have now. We're on our system.
01:19
We want a quarantine that system away from other computers so we don't spread our malware to the network or to other computers,
01:26
or even to a location where we could reinfect ourselves. When we quarantine our system, the first thing to do is remove it from the network, unplug our computer from the network, turn off our wireless card and we are now isolating our computer off of the network.
01:42
We want to remove any storage devices that we may have connected to our computer in the external hard drives in the USB devices, Mao work and spread to those, and we need to take those devices, and later we're going to scan those with our anti virus as well. So in another situation, we would take those devices after we've cleaned our computer, and we would scan
02:00
hold the devices that we connected to recently.
02:04
Then we would need to disable all of our file transfers and backups if we have any shared folders off of our computer. Yes, we've already disabled ourselves from the network, but we want to disable those shares folders as well. We want to disable any backups that are scheduled to run on our computer because those backups may be infected with malware. And we now also have to scan those backups for the malware. If it hit in those
02:23
we want to disable system restore. We mentioned how system restore the system. Restore points could become infected with malware. We may have restored points that malware was infected on our computer during and if we inadvertently restored back to one of those system restore points, we could re introduce malware to our computer.
02:40
So we want to disable system restore and by disabling the system, restore functionality of our computer.
02:46
It will also delete all of our previous restore points, which is what we wanted to d'oh.
02:52
Now that we've identified our malware, now that we've quarantined our system and now that we've disabled our system restore, we're going to remediate are infected system remediation means we're going to
03:02
clean our system of malware, and we're gonna bring it back into standard. So we're going to first update whatever anti virus tool that we're going to use. Our anti virus isn't going to be as helpful to us if it's outdated. So we need to update our anti virus tools on possibly another computer
03:20
to the standard the current anti virus aversion for those different tools
03:23
we're going to scan and we're going to verify removal. We're gonna scan our computer not just with one mouth where anti malware antivirus tool, but several. The more the merrier, with as long as their legitimate anti virus or malware tools. And we're not running running them. At the same time, we can scan our computer using these tools.
03:44
These tools are especially useful if we scan them from a bootable. We scan our computer from a bootable device
03:49
while our operating system is not running and allow the devices to boot to these anti malware tools. Scan our drive that them hours on and see if it can locate any mountain, many of the malware, and then remove it. After we remove the malware, we want to scan again to make sure that we there aren't any leftover pieces.
04:09
There wasn't anything missed the first time.
04:11
And so we'll scan our first time, removed everything it recommends to remove and then scan again with all of our tools the second time to make sure that we're still okay.
04:19
We also want to make sure that we're scanning all of those removable devices. We mentioned earlier that we disconnected from our computer as well as any locations where we may have sent our backups for our computer data. If we backed up to a server, we want to take that server and we want also scan that server for malware because it may have been infected.
04:38
So you want to scan any devices we want to scan any of our shares. We want to scan any
04:43
of our backups
04:45
if possible. After we've scanned and verified removal, we may want to restart our computer and possibly scan again now that our computers restarted and we're no longer scanning from a bootable device. This will help us to make sure that there aren't any left of Rex cuticles. There aren't any service is that are trying to run
05:01
that may be infected with malware or trying to reconnect us with malware.

Up Next

Troubleshoot Critical Systems

Diagnosing system malfunctions and finding a solution is an important skill for help desk professionals to develop. Expand your knowledge of the troubleshooting theory in less than an hour.

Instructed By

Instructor Profile Image
Anthony Harris
Systems Analyst and Administrator at SAIC
Instructor