Always immediately quarantine an infected system. It is extremely important that you do all you can do to contain a virus and stop it from spreading to other systems in your network.

Common Symptoms

Pop-Ups

Whenever a user enters a website and another window of some kind (new window or new tab) opens up right in front of everything else, it is called a pop-up.

If it opens in the background; it is called a pop-under.

Both Pop-Ups and Pop-Unders are pages or sites that you did not specifically request and may only display ads or bring applets that should be avoided

Most browsers nowadays have Pop-Up Blockers that prevent pop-ups and pop-unders from appearing.

image

⁠

Overlay

the next evolutionary step-up from pop-ups.

Javascript code is written to overlay a screen on top of the desired page.

The screen requests a signup of some kind, is an ad, or tries to redirect you to another webpage.

Looks less suspicious and more legitimate.

image

⁠

Browser Redirection

Pharming is a form of redirection in which traffic intended for one host is sent to another.

This can be accomplished on small scale by changing entries in the hosts files and on a large scale by changing entries in a DNS server (poisoning).

In either case when a user attempts to go to a site, they are immediately redirected to another site.

Most of the time the site that they are redirected to is a fake knock-off of a real legitimate one. Ex. A fake knock-off of Amazon where an unsuspecting user enters in their credit card information.

Affiliate Redirection is another form of browser redirection.

When you search for a product and click the link in the results, the malware will redirect your browser to the intended site with an affiliate link attached.

Now every time a user makes a purchase, the person who attached that affiliate link to the website will receive some type of commission.

Normally caused by a unknown plug-in the web browser.

Security Alerts

Users already have real viruses and threats to worry about, but some pranksters will send out fake security alerts to create widespread panic.

Check

cert.org⁠

to get the status of the latest viruses and also track any updates on a virus.

Sometimes these security alerts will be real legit threats. It’s important that users are educated on not just clicking any ole security alert just because it pops up and “seems” legitimate.

Clicking on these phony security alerts may actually cause malware to enter your PC

Slow Performance

Viruses, worms, and other malware can slow performance because they rob resources from the other applications and services forced to share them.

By using tools such as task manager and resource monitor, you can correctly narrow the cause of the slow performance down to virus if that’s the case

If the application is unknown and is taking up system resources and slowing PC performance, then it’s prob malicious.

Internet Connectivity Issues

In some situations, network problems can be related to security threats.

Although you may not have a proper internet connection, the network interface card could be just fine. The real culprit could be a malicious program that has crashed the network settings.

The malware will act as a proxy for the network traffic on the local network. This type of malware is usually intent on stealing login credentials or banking information.

Not all malware that causes internet issues use proxys.

Some malware changes network settings, DNS server settings, and cause browser redirections.

PC/OS Lockup

System Lockups occur when a computer is asked to process too many instructions at once with too little memory available.

It’s rare but still happens; system lockups can be attributed to malware or a virus on your OS.

If you suspect this is happening, then run an antivirus scan to identify and remove the threat.

Application Crash

Application crashes should first be isolated to either a compatibility issue, a hardware issue, or malware issue.

Look for updates/patches/fixes to the application released by the vendor. Always test these updates out in a sandbox before rolling them out to all machines.

Application crashes can also be attributed to malware or viruses.

When a malware tries to hook into an application, such as a web browser, it can make the application crash instantly.

This is mainly due to how sloppily written malware and viruses really are.

Perform a complete virus scan to take care of this security issue.

OS Updates failure

Failed updates can often be due to misconfigured settings.

Malware may also block the automatic windows OS updates that are released. By doing this, this increases the chances of the virus staying on the system a bit longer to deliver some last minute damage.

Rogue Antivirus

One of the smarter ways of spreading a virus is to disguise it so that it looks like an antivirus program.

Attackers will recreate a trusted image of a trusted source on these rogue antiviruses

It is not unusual to find malware that disables windows protections like the Windows firewall or defender.

By doing this, it lowers the gated fence so the malware can walk right through the front door!

Spam

Spam is not actually a virus or a hoax, but it’s really annoying emails or texts sent to your device without your permission.

Because it’s so many emails and texts at once, it can potentially open the door to actual legitimate virus infected websites.

Do not open SPAM for anything.

Install good antispam software

Renamed System Files/Disappearing Files/Permission Changes/Access Denied

Creators of malware have a number of methods by which they can wreck havoc on a system.

One of the simplest ways is to delete important key system files and replace them with malicious files.

When this happens, you can no longer perform the operation that you were originally trying to accomplish because the file was deleted.

Changing Permissions

Changing permissions can cause similar problems’; this causes the files to not be accessible by those who have the correct permissions

Renaming System Files

System errors related to the filesystem can be attributed to malware.

The malicious payload can rename system files making them unusable by the system.

This can cause errors and the dreaded BSOD.

Disappearing Files

Certain malware can create a backdoor allowing hackers to do any number of things.

One tactic sets the file attributes to hidden and although the files are actually present, the user cannot see them.

While this will not impact system files the user will have difficulty accessing the content.

User Account Control was invented in Windows Vista to reduce the number of background virus activities happening.

Now you’ll have to enter in admin credentials into UAC to make changes to files

Viruses don’t know admin login credentials

Hijacked Email

One of the easiest ways to spread malware is to capture the email contacts of a user and send the malware in email form to everyone in the user’s circle.

The recipient is likely to open the attachment because the sender’s email address is someone that they know.

This is why it’s important to scan all email, both internal and external, and identify problems before they spread.

Scanning for malware and End user education is key.

Invalid Certificate (trusted root CA)

An invalid certificate usually means that the certificate has expired or has another security-related problem.

Certificate errors can happen for a number of reasons.

The most common being that you OS’s time or date is off and should be adjusted. Verify that you are in the right time zone.

If the time settings are correct, then there may be a security related issue to blame.

System/Application Log Errors

Event Viewer can show a lot of detailed information about what is running on your OS.

Most of the security-related information will be in the application logs and system logs. From these logs, you can see errors and warnings that will alert you to potential security-related problems.

When you suspect an issue with the OS or an application that interacts with the OS, you should check these logs for clues.

There 3 types of Event Viewer Logs to lookout for Security reasons

Application Logs

Events generated by applications installed on the OS, check for security related suspected issues, shows any suspicious app behavior

Security Logs

Events generated by the security reference monitor in the executive kernel

System Logs

Events generated by the OS, check for security related suspected issues, shows suspicious system log behaviors

You can find security issues by looking for

improper logins

unexpected application use

Any failed login attempts (could be brute force attacks)

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.