Investigate and verify malware symptoms.

2.6 Given a scenario, implement procedures for basic small office/home office (SOHO) malware
removal.

📘CompTIA A+ Core 2 (220-1202)

When working in a SOHO environment, understanding how malware affects computers and networks is crucial. Before you remove malware, you need to investigate and verify that a system is infected. This step ensures you don’t remove legitimate software or miss the real problem.

1. Understanding Malware

Malware is malicious software designed to damage, disrupt, or gain unauthorized access to a system. Common types of malware include:

  • Virus: Infects files and spreads when files are shared.
  • Worm: Spreads automatically across networks without user interaction.
  • Trojan: Pretends to be useful software but has malicious intent.
  • Ransomware: Encrypts files and demands payment for access.
  • Spyware/Adware: Monitors user activity or displays unwanted ads.
  • Rootkits: Hides deep in the system to avoid detection.

2. Signs and Symptoms of Malware

To investigate malware, you look for abnormal behavior in a system. Symptoms include:

a) Performance Issues

  • Computer is slower than usual or programs take longer to open.
  • High CPU, memory, or disk usage in Task Manager without heavy applications running.
  • Programs crash or freeze unexpectedly.

b) Unexpected Pop-ups or Ads

  • Frequent ads or pop-ups, especially when not using a web browser.
  • Browser redirects to unknown websites.

c) Unusual Network Activity

  • Network usage is high without heavy internet activity.
  • Unknown programs are sending data over the network.

d) Security Warnings

  • Antivirus or firewall alerts for suspicious activity.
  • Disabled security software that you didn’t turn off.

e) Strange Files or Programs

  • Unknown programs installed without permission.
  • Files with unusual names, strange extensions, or suddenly missing files.

f) Browser or System Changes

  • Homepage or search engine changed unexpectedly.
  • New toolbars or extensions appear in the browser.
  • System settings changed without user action.

g) Email or Messaging Symptoms

  • Contacts receive strange emails/messages from your account.
  • Emails stuck in Outbox or bounced back with error messages.

3. Steps to Investigate Malware

To verify that the symptoms are caused by malware:

Step 1: Interview the User

  • Ask what problems they noticed.
  • Find out when the symptoms started and if they installed new software or clicked suspicious links.

Step 2: Observe the System

  • Open Task Manager or Resource Monitor to check CPU, memory, and disk usage.
  • Look for suspicious processes (unfamiliar program names).

Step 3: Check for Unusual Startup Programs

  • Open msconfig or Task Manager > Startup to see which programs run automatically.
  • Disable unknown programs temporarily for testing.

Step 4: Scan for Malware

  • Use a reputable antivirus or antimalware tool to perform a scan.
  • Some malware hides in safe mode, so sometimes a safe mode scan is necessary.

Step 5: Review Logs

  • Check Windows Event Viewer for warnings, errors, or unusual logins.
  • Look for repeated system or application errors that coincide with the symptoms.

Step 6: Network Analysis

  • Check network traffic for abnormal connections using network monitoring tools.
  • Identify if malware is trying to communicate with an external server.

4. Key Notes for the Exam

  • Symptom-based diagnosis: You don’t need to know every malware type in-depth, but you must recognize the symptoms.
  • Verification before removal: Always verify that the issue is malware-related before taking removal steps.
  • Document findings: Write down observed symptoms, processes, and unusual activity. This helps in remediation and prevents mistakes.
  • SOHO environments: Focus on single computers or small networks, often with basic antivirus protection, no enterprise-grade monitoring.

5. Example Table of Malware Symptoms (Easy to Remember)

SymptomPossible MalwareHow to Verify
Slow computer, apps crashingVirus, WormTask Manager, Resource Monitor
Pop-ups/adsAdware/SpywareCheck browser extensions, run antimalware scan
Files encryptedRansomwareTry opening files, check ransom note
Unknown programs at startupTrojanTask Manager startup, msconfig
High network trafficWorm, TrojanResource Monitor, firewall logs
Emails sent automaticallyWorm, TrojanCheck sent emails, antimalware scan

Summary for the Exam:

  1. Identify unusual behavior.
  2. Verify symptoms through observation and scanning.
  3. Use logs, startup programs, and network checks.
  4. Document all findings before removal.
  5. Focus on small networks and single machines (SOHO).
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by