Troubleshooting Security Issues – CompTIA A+ 220-1002 – 3.2

Some troubleshooting tasks can be related to security issues on a workstation. In this video, you’ll learn about browser redirections, security alerts, malware symptoms, and more.

<< Previous Video: Troubleshooting Solutions Next: Removing Malware >>

Pop-ups that appear in your browser could indicate a security problem. Often, these pop-up windows look exactly like a legitimate application or legitimate website, but it may be a symptom that malware has infected your computer. One of the things you can do is to make sure you’re using the latest version of your browser software.

Usually, there is an Update option inside of the browser itself. There’s also a blocking feature built into many browsers that will block pop-ups. Although this may block pop-ups created by malware, it could potentially block legitimate pop-ups as well. And of course, you should scan your computer for malware.

If you do find malware, you’ve got the option to clean the malware from your system, although cleaning the malware is not 100% guaranteed to remove all of the malware. The only way to be sure you’ve removed that malware is to remove all of the software from your computer, and restore from a known good backup.

Another security challenge is the browser redirection. This is when you would type information into a Google search or click on a Google Search result, and instead of going to that result, your browser ends up sending you somewhere else. That obviously should not be occurring.

This usually indicates there’s malware running on your computer that’s intercepting your Search queries, or intercepting the results and sending you to different pages. To resolve that issue, you want to clean the malware from your system. But as we’ve already stated, that’s not 100% guaranteed. The best possible answer would be to delete what’s on your system already, and restore from that known good backup.

You should also be on the lookout for browser security alerts. These are usually presented in your browser screen, and they may say things like, this site’s security certificate is not trusted, or may have another message about the security of that particular website. One of the things you can do is to look at the certificate that’s on that particular website. There should be a lock icon that has HTTPS next to it. And if you click that lock, you can look at the certificate for that server and examine information about what it says the server name is, what the dates are for this particular certificate, and other details.

If the date shows that it’s expired or it shows a different domain name than what you visited in your browser, then you’ll probably get one of these messages about the certificate not being trusted. You might also find that the browser doesn’t trust the certificate. In that case, it may say that the certificate is invalid, or it may show that the signature on the certificate is invalid. It may be the certificate was signed by a certificate authority that is not trusted by your browser, so you should contact the owner of the website to get more information on this particular certificate.

Sometimes a malware infestation can really affect your network performance, or even prevent you from visiting certain sites. Malware has complete control of the system, and of course has complete control over where you go on the network. In fact, it’s not uncommon for malware to block you from downloading anti-malware software, thereby making sure that there’s nothing that can remove it from the system that it’s on.

This malware might also block the automatic Windows Update function, preventing your operating system from getting patched, and also removing the malware from the system. The only way to remove this malware, then, is to have software available from another resource, or to completely wipe the system and restore from a known good backup.

At the operating system level, this malware can create a number of problems. It can delete or rename system files, which may leave your system unusable. There may be files that are deleted and simply disappear from your system, or the malware will encrypt the files, making them unavailable for you.

It may change the permissions of the files so that you no longer are able to access those files with your user account, and of course, the malware itself will set permissions so it’s impossible for you, at the end-user level, to be able to delete those malware files from your system. Many malware cleaners can remove some or most of the malware. The best practice, of course, is to delete everything and restore from backup.

When the system completely locks up, we often think that we’re having a hardware problem, but it could be related to some type of security issue. Sometimes you can get a feel for how locked-up the system might be by pushing the Caps Lock button or Num Lock buttons to see if those lights will register on your keyboard. You may also be able to terminate apps that may be causing a problem.

In Windows and Linux, you can use the Task Manager, which is Control-Alt-Delete and Task Manager. In Mac OS, the same option is called Force Quit and you can access that by pressing Command-Option-Escape. If you do reboot your system after one of these lock-ups, you can check the system log to see what occurred prior to the reboot. It might give you some clues as to what caused this problem to begin with. And if you’re concerned about security, this might be a good time to perform a virus and malware scan. And of course, the system lock-up may be related to hardware, so ultimately, a hardware diagnostic may be in order.

If you’re running into an application problem or a problem with an application that’s caused by a security concern, then you’ll probably get an error message on the screen telling you the application has stopped working. Sometimes the application simply disappears. You don’t get any messages on the screen.

In both of those cases, you can check the event log. There’s usually interesting information there that can tell you what was happening prior to the application failing. And ultimately, the Windows Reliability Monitor may be able to give you a longer view of how this application has been performing. You may need to perform some antivirus or antimalware scans, or reinstall the application and see if you’re able to resolve these particular errors.

Virus and malware authors want to get their software onto your systems so they can control your computer. They might do this using pop-ups that say that they’ve identified a problem on your computer, and you need to install their software to resolve this. And once their software’s been installed, it may lock your computer and require you to pay money to be able to get control back. You can sometimes use antivirus or antimalware software to get rid of these virus alerts or hoaxes, but it can be very, very difficult to get these off your system once they’ve embedded themselves.

Email is a significant security concern. Many of the bad guys will use email to send files and their malware directly to a user’s desktop. We generally categorize any type of unsolicited email message as spam. We often think of spam as an advertisement, but spam can also bring phishing attacks, where someone’s trying to get personal information from you, and they might be embedding the viruses as an attachment in the emails. Specialized spam filters can look for this type of traffic and filter out any unwanted emails.

For the bad guys to send all of these phishing and malware emails, they’re going to need some help, and they’re going to find that help on your computer. Once they infect your computer with malware, they’ll use your system to be able to send email. Your system is generally thought of as a trusted source, so they’re going to take advantage of that and send all of these emails out from your email account.

You may start receiving odd replies from other users asking about things that you sent to them that you don’t recall sending, or you may get bounced messages back from email addresses that you never sent mail to. In reality, the bad guys were hijacking your email and using that to be able to send their spam. One of the things you can do is to scan for malware, and see if you can identify and remove that malware from your system.

You can often find interesting information about these types of attacks in your system log. You’ll find that, in the Event Viewer, you’ll just need to know exactly what you’re looking for. And it may take quite a bit of time to go through this, because Event Viewer tends to hold thousands and thousands of events inside of that list.

But if you know what to look for, you can find someone logging in that you weren’t expecting to log into your system. Maybe you’re able to find applications running that you weren’t expecting to be running, or maybe you’re finding that a particular username and password keeps trying to log into your account over and over again. All of this information is saved in your Event Viewer, and it can provide you with important information when you’re trying to resolve these security problems.