Presentation is loading. Please wait.

Presentation is loading. Please wait.

CompTIA A+ Guide to Managing & Maintaining Your PC By: JEAN ANDREW Computer Maintenance Chapter 5 Security (Computer & Network) Part II.

Published byLynne Burns Modified over 9 years ago

Similar presentations

Presentation on theme: "CompTIA A+ Guide to Managing & Maintaining Your PC By: JEAN ANDREW Computer Maintenance Chapter 5 Security (Computer & Network) Part II."— Presentation transcript:

1 CompTIA A+ Guide to Managing & Maintaining Your PC By: JEAN ANDREW Computer Maintenance Chapter 5 Security (Computer & Network) Part II

2 Copyright © 2007 - CIST 2 Objectives After you have completed this lesson, you will be able to: Identify the system that is infected by malware Identify and explain about malware Explain how a virus works Explain how malware replicates and hides Identify steps to clean up an infected system

3 Copyright © 2007 - CIST 3 Scenario In this chapter, you will learn: –You’ve got malware –Here’s the nasty list –Step-by-step attack plan –General location of viruses –How to deal with virus –Virus tools

4 Copyright © 2007 - CIST 4 DEALING WITH MALICIOUS SOFTWARE What is Malicious Software? Malicious sofware, also called malware or a computer infestation, is any unwanted program that means you harm and is transmitted to your computer without your knowledge. The best-known malicious software is a virus

5 You’ve got malware Here are some warning that suggest malicious sofware is at work: Pop-up ads plague you when surfing the Web Gernerally, the system works much slower than it used to. The program take longer than normal to load The number and length of disk access seem excessive for simple tasks. The number of bad sectors on the hard drive continue to increase The access lights on the hard drive and floppy drive turn on when there should be no activity on the devices. Copyright © 2007 - CIST 5

6 You’ve got malware Strange error message appear. Program that once worked now give errors. Less memory than usual is available, or there is a noticeable reduction in disk space Strange graphic appear, or there is strang noise The system cannot recognize the CD-ROM drive In Windows Explorer, filenames now have weird charactors or their size seem excessive large. Executable file have changed size or file extensions change without reason. Files mysteriously appear or disappear. Files constantly become corrupted. Copyright © 2007 - CIST 6

7 You’ve got malware The OS begins to boot, but hang before getting a Windows desktop. Your antivirus display one or more message. You receive e-mail message telling you that you have sent someone an infected message Task manager show unfamiliar process running When you try to use your browser to access the Internet, strange things happen and you can’t surf the Web. Home page is changed, new toolbars appear A message appear that a download document contains macros, or an application asks whether it should run macro in the document. Copyright © 2007 - CIST 7

8 8 Scenario In this chapter, you will learn: –You’ve got malware –Here’s the nasty list –Step-by-step attack plan –General location of viruses –How to deal with virus –Virus tools

9 Here’s the Nasty List A virus is a program that replicates by attaching itself to other programs. The infected program must be executed for a virus to run. The program might be an application, a macro, a system file, or the boot sector programs. Adware produces all those unwanted pop-up ads. Adware is secretly installed on your computer when you download and install shareware or freeware, including screen savers, wallpaper, music, cartoons, news, and weather alerts. Spam is junk e-mail that you don’t want, that you didn’t ask for, and that gets in your way. Copyright © 2007 - CIST 9

10 Here’s the Nasty List Spyware is software that installs itself on your computer to spy on you, and collects personal information about you that it transmits over the Internet to Web-hosting sites that intend to use your personal data for harm. A worm is a program that copies itself throughout a network or Internet without a host program. A worm creates problems by overloading the network as it replicates. Worms cause damage by their presence rather than by performing a specific damaging act, as a virus does. A worm overload memory or hard drive space by replicating repeatedly. Copyright © 2007 - CIST 10

11 Here’s the Nasty List A browser hijacker, also called a home page hijacker, does mischief by changing your home page and other browser settings. A dialer is software installed on your PC that disconnects your phone line from your ISP and dials up an expensive pay-per-minute phone number without your knowledge. The damage a dialer does is the expensive phone bill. A keylogger tracks all your keystrokes, including passwords, chat room sessions, e-mail messages, documents, online purchases, and anything else you type on your PC. All this text is logged to a text file and transmitted over the Internet without your knowledge. A keylooger is a type of spyware. Copyright © 2007 - CIST 11

12 Here’s the Nasty List A logic bomb is a dormant code added to software and triggered at a predetermined time or by a predetermined event. For instance, an employee might put code in a program to destroy important files if his name is ever remove from the payroll file. A Trojan horse does not need a host program to work; rather, it substitutes itself for a legitimate program. In most cases, a user launches it thinking she is launching a legitimate program. A Trojan is likely to introduce one or more virus into the system. These Trojan are called downloaders. Copyright © 2007 - CIST 12

13 How a virus works A virus attacks your system and hides in several different ways. Consider the following: A boot sector virus hides in the boot sector program of a hard drive or floppy disk or in the master boot program in the Master Boot Record. A file virus hides in an executable (.exe,.com, or.sys) program or in a word-processing document that contain a macro. A multipartite virus is a combination of a boot sector virus and a file virus and can hide in either. Copyright © 2007 - CIST 13

14 How a virus works A macro is a small program contained in a document that can be automatically executed either when the document is first loaded or later by pressing a key combination. Virus that hide in macros of document files are called macro viruses. Macro viruses are the most common virus spread by email, hiding in macros of attachment document files. A script virus is a virus that hides in a script, which might execute when you click a link on a Web page or in an HTML email message, or when you attempt to open email attachment. Copyright © 2007 - CIST 14

15 How Malware Replicates and Hides A virus searches a hard drive for a file with an.exe extension and then create another file with the same file name but.com file extension. The virus alter OS information to mask the size of the file in which it hides. The virus monitors when files are opened or closed. When it see the file in which it is hiding is about to be opened it temporarily removes itself or substitutes a copy of the file that does not include the virus. A virus that does this or changes the attributes of its host program is called a stealth virus. Copyright © 2007 - CIST 15

16 How a virus works As a virus replicates, it changes its characteristics. This type of virus is called a polymorphic virus. Some viruses can continually transform themselves so they will not be detected by AV software that is looking for a particular characteristic. A virus that uses this technique is called an encrypting virus. The virus create more than one process Entries are often made in obscure places in the registry that allow the software to start One type of malware, called a rootkit, loads itself before the OS boot is complete. Copyright © 2007 - CIST 16

17 Copyright © 2007 - CIST 17 Scenario In this chapter, you will learn: –You’ve got malware –Here’s the nasty list –Step-by-step attack plan –General location of viruses –How to deal with virus –Virus tools

18 Step-by-step attack plan Run AV software 1.Purchase the AV software 2.Disconnect from the Internet 3.Boot into safe mode, choose Safe Mode with Networking 4.Insert AV software CD 5.Enter the information to register AV software 6.During the installation, when given the opportunity to scan the system for viruses. Set to scan for all drives. 7.Tell AV software to delete virus when it founded 8.Reboot into Safe Mode with networking, connect to the internet, and update current 9.After the updating finished, scan the system again. 10.Now it’s time to see where you stand. Copyright © 2007 - CIST 18

19 Step-by-step attack plan Run adware or spyware removal software Search out and destroy what’s left –Respond to any startup errors –Delete malicious files –Purge restore points –Clean the registry –Root out rootkits –A rootkit is a program that uses unusually complex methods to hide itself on a system, and many spyware and adware programs are also rootkits. Copyright © 2007 - CIST 19

20 Step-by-step attack plan Generally, anti-rootkit software works using these two methods: –The software look for running processes that don’t match up with the underlying program filename –The software compares files, registry entries, and processes provided by the OS to the lists it generates from the raw data. If the two lists differ, a rootkit is suspected. Two good anti-rootkit program are: –RootkitRevealer by Sysinternals (www.sysinternals.com)www.sysinternals.com –BackLight by F-Secure (www.f-secure.com)www.f-secure.com For best result when scanning for rootkits, run the anti- rootkit software from another computer Copyright © 2007 - CIST 20

21 Copyright © 2007 - CIST 21 Scenario In this chapter, you will learn: –You’ve got malware –Here’s the nasty list –Step-by-step attack plan –General location of viruses –How to deal with virus –Virus tools

22 General location of Viruses Virus Location (General) –C:\ –C:\WINDOWS –C:\WINDOWS\system32 –D:\ –And other places General Registry Location: –My Compute r  HEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run –HEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\ CurrentVersion\Winlogon\(shell, userinit).. Copyright © 2007 - CIST 22

23 General location of Viruses How to know your computer has virus: –Start  Run  msconfig  Startup  Try to find the name and the location in the start up process that you suspect it is the virus.  you can disable all the process and then restart PC. After restart, which process still running are virus. How do you think if when you restart the PC and you see one or more process in startup …………….??? Copyright © 2007 - CIST 23

24 Copyright © 2007 - CIST 24 Scenario In this chapter, you will learn: –You’ve got malware –Here’s the nasty list –Step-by-step attack plan –General location of viruses –How to deal with virus –Virus tools

25 How to deal with virus Go to web site www.symantech.com, www.threatexpert.com … and search the process you foundwww.symantech.com www.threatexpert.com Use tools like: –ERD boot disk, –Registryeditorunlocker.exe –Hidden File.reg –TCPowerPack.exe –TOTALCMD.EXE –ComboFix.exe –Other Copyright © 2007 - CIST 25

26 How to deal with virus Ctrl + Alt + Delete  Task Manager  Process –End the process that you suspect it is the virus before go to delete the sources of it. –You can use the programs to help you make sure it is the process of virus or not. Note : Before delete the source you should note the Size and Modify date and then we can use the CD for help. Copyright © 2007 - CIST 26

27 How to deal with virus Try to use “search” function in the registry Normally in the registry value doesn’t content two dot(.). (Ex: explorer.exe.shell). Internet is the very useful for you to change the registry value. Ex: –www.threatexpert.comwww.threatexpert.com –www.symantec.comwww.symantec.com –www.google.com and more….www.google.com Copyright © 2007 - CIST 27

28 Copyright © 2007 - CIST 28 Scenario In this chapter, you will learn: –You’ve got malware –Here’s the nasty list –Step-by-step attack plan –General location of viruses –How to deal with virus –Virus tools

29 Virus Tools Most Popular tools in present: ERD Commander CD –All the process can not run when we boot the Window from this CD –We can delete the source file of virus without go to stop the process in Task Manager –Normally the process can start by run from the source file. If the source file deleted, how can process continue running registryeditorunlocker.exe –Can enable: run, registry, task manager, search. Hidden File.reg, TCPowerPack.exe, and TOTALCMD.EXE – show hidden files Copyright © 2007 - CIST 29

30 Virus Tools ComboFix.exe –Can scan for the process, show the hidden file and delete some file or process that is suspect the virus. Clean-Flashy-Virus-UnHookExec.inf and EnablieReg.inf –Can allow the extension “.exe” file can run when the virus disable file exe or not allow file.exe to run in computer  Ex: when we double click on the.exe file, it alert the message “Can not find the specific part, location, …” CleanVirus-Autorun.bat –Can clean the Autorun file procexp.exe and Tuneup 2007&2008 –Let we easy to determine witch process is the virus by display the color and the company name of the virus. Norton_Removal_Tool.exe –Remove Norton Produce Startup.exe –Show all the file that have in startup ( C:../startup, regedit/run ). Copyright © 2007 - CIST 30

31 Vocabulary adwareantivirus sofware (AV)authentication boot sector virusbrowser hijackerdialer Encrypted File System (EFS)encrypting virusencryption file virusgraywareinfestation kerberoskey fobkeylogger logic bombmacromacro virus malicious softwaremalwaremultipartite virus passphrasephishingpolymorphic virus rootkitscam emailscript virus smart cardsmart card readersocial engineering spamspywarestealth virus Trojan horsevirusvirus hoax virus signaturewormzero-fill utility Copyright © 2007 - CIST 31

32 Copyright © 2007 - CIST 32 Summary Malicious software includes viruses, adware, spam, spyware, worms, browser hijackers, dialers, keyloggers, logic bombs, and Trojan horses. To clean a system of malicious software, run AV software and anti-adware software, respond to any startup errors, delete files, purge restore points, and remove orphan entries in the registry or other location.

33 Copyright © 2007 - CIST 33 Review Questions Define and explain the differences between viruses, worms, logic bombs, and Trojan horse? Where can virus hide? Where does Virus come from? How did you know about Virus? What are impact and risk when your computer have virus? How to solve the problem when your face the Virus?

34 Copyright © 2007 - CIST 34 Question Questions? and now it’s time to practice

Download ppt "CompTIA A+ Guide to Managing & Maintaining Your PC By: JEAN ANDREW Computer Maintenance Chapter 5 Security (Computer & Network) Part II."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Unit 18 Data Security 1.

Unit 18 Data Security 1.
Spyware! THE BAD, THE WORSE, AND THE Ugly … ARE ALL INDICATIONS THAT SPYWARE MAY BE TAKING OVER YOUR COMPUTER!

Spyware! THE BAD, THE WORSE, AND THE Ugly … ARE ALL INDICATIONS THAT SPYWARE MAY BE TAKING OVER YOUR COMPUTER!
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
A+ Guide to Managing and Maintaining Your PC, 7e Chapter 20 Security Practices.

A+ Guide to Managing and Maintaining Your PC, 7e Chapter 20 Security Practices.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.

Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.
Viruses & Destructive Programs

Viruses & Destructive Programs
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 9 Optimizing and Protecting Hard Drives.

A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 9 Optimizing and Protecting Hard Drives.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.

Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.
Video Following is a video of what can happen if you don’t update your security settings! security.

Video Following is a video of what can happen if you don’t update your security settings! security.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

Similar presentations

Ads by Google