Troubleshooting

Perspective &
Computer
Infestation
Class, do you know
what is computer
infestation?
 Computer infestation is
an unwanted program
transmitted to a
computer without user’s
knowledge.
It was designed to
damage data and
software (does not
physically damage PC
hardware)
 Three categories
(viruses, worms,
Trojan horses),
each differing in
the way they
spread, what
damage they do,
and how they hide
Computer Infestation is like an
electronic diseases. It can affect your
computer and anything attached to it.
PC support PC service Bench Help-desk
technician technician technician technician
PC SUPPORT TECHNICIAN
• PC support technicians are the "fix-it" people of the IT
world. Just as TV repairmen, auto mechanics,
plumbers and electricians are needed to maintain the
health of your home, PC support technicians are
needed to maintain your PC in good working order.
• Obviously, a good PC technician needs to be
mechanically inclined.
• Nevertheless, more than that, they need to be
proficient communicators.
• Diagnosing and repairing PC problems requires a
thorough understanding of the situation, which often
needs to be ascertained through conversations with
end-users
PC SUPPORT TECHNICIAN
• Depending on the users’ level of knowledge, the
response to the support technician's question of
"What is wrong with your PC?" can vary widely.
• Experienced users may say, "The network card is
intermittently disconnecting from the network".
• Less experienced users in the same situation may
respond, "I can't get to Yahoo to check my email".
• Novices may say, "My computer doesn't work."
• In the last case, the technician must use his
interpersonal skills to elicit enough information from
the user to give him a basis for formulating an opinion
about what is wrong with the PC
PC SUPPORT TECHNICIAN

Responsibilities
• Diagnose and Repair PC's
• Correct Software Faults
• Deal with Peripheral Issues
• Set-up and install new equipment
• Perform preventative maintenance
• Provide informal or "ad hoc" training
• Evaluate new products
Skills
• Knowledge of PC Hardware
• Knowledge of PC Software
• Understanding of Internet Communications
• Solid Grasp of Networking Theory
• Knowledge of PC Peripherals
HELP-DESK TECHNICIAN
• In days of yore (the early 1970's), there were no PCs.
• Computers were large mainframes sold by a handful
of major manufacturers.
• Back then, there weren't any help desks either.
• When there was a problem with the computer, the
manufacturer was called.
• The engineers who designed the computer had to
attempt to solve the problem.
• This took time away from their main task of designing
new computers as well as not earning revenue for the
computer manufacturer
HELP-DESK TECHNICIAN
• IBM, being a relatively perceptive organization hit
upon a wonderful idea.
• They encouraged customers to pre-screen calls to for
assistance internally before calling IBM for help.
• The incentive IBM offered was discounts on
equipment.
• By calling a central point for help, IBM hoped that the
customer would minimize the number of calls for
technical support by solving repeat problems
internally.
• Thus the concept of the modern help desk was born
HELP-DESK TECHNICIAN

• Screening problems is very different from

solving them.
• Eventually, management realized that moving
help desks from a reactive role (screening
calls for help) to a proactive role (solving
problems) should save the company money.
• Therefore, help desks evolved into the
problem solving entities that they are today
HELP-DESK TECHNICIAN

Internal Help Desks – Support

internal customers (employees).

External Help Desks – Support

external customers (i.e. – the
people who buy the product or
services of the company).

Hybrid Help Desks - Support both

internal and external customers.
These are usually found in small
or medium size companies.
HELP-DESK TECHNICIAN

Responsibilities
• Taking customer calls and logging problem incidents
• Analyzing and resolving problems
• Documenting new solutions to problems
• Participation in Change Management Process (i.e. - recording
new solutions in the appropriate database)
• Communication with customers and other employees in your
organization
• Training

Skills
• Business Skill
• Technical Skills
• Facility with database
• Soft skill
PC SERVICE TECHNICIAN

• Goes to customer site in response to a

service call
BENCH TECHNICIAN

• Works in a lab environment. May/may not

interact with the PC user and not permanently
responsible for this PC.
• A bench technician is a person who maintains,
repairs, and fabricates electronic components
in a workshop
• In companies that manufacture electronics,
bench technicians are responsible for
fabricating prototype models.
BENCH TECHNICIAN

• These models are used for testing, further

design refinements, and quality checks.
• Ultimately, they will be used to develop plans
used in mass production of these
components.
• Bench technicians performing this type of
work must think not only about how to
assemble components, but how to create
components for mass production, ideally using
existing equipment and technology
ANTIVIRUS SOFTWARE

▪Designed to discover and

remove a virus
▪Important defense
against computer
infestations
 Performance

System
Related
Issues
Issues Security

in AV
S/W
Rogue
False
Security
Positive
Application
PERFORMANCE

• Some antivirus software can considerably

reduce performance.
• Users may disable the antivirus protection to
overcome the performance loss, thus
increasing the risk of infection.
• For maximum protection, the antivirus
software needs to be enabled all the time —
often at the cost of slower performance.
SECURITY

• Antivirus programs can in themselves pose a

security risk as they often run at the 'System'
level of privileges and may hook the kernel —
• Both of these are necessary for the software
to effectively do its job, however exploitation of
the antivirus program itself could lead to
privilege escalation and create a severe
security threat.
SECURITY

• When purchasing antivirus software, the

agreement may include a clause that the
subscription will be automatically renewed,
and the purchaser's credit card automatically
billed, at the renewal time without explicit
approval.
• For example, McAfee requires one to
unsubscribe at least 60 days before the
expiration of the present subscription.
• Norton Antivirus also renews subscriptions
automatically by default.
ROGUE SECURITY APPLICATIONS

• Some antivirus programs are actually spyware

masquerading as antivirus software.
• It is best to double-check that the antivirus
software which is being downloaded is
actually a real antivirus program.
FALSE POSITIVES

• If an antivirus program is configured to

immediately delete or quarantine infected files
(or does this by default), false positives in
essential files can render the operating
system or some applications unusable.
SYSTEM RELATED ISSUES

• Running multiple antivirus programs

concurrently can harm performance and
create conflicts.
• It is sometimes necessary to temporarily
disable virus protection when installing major
updates such as Windows Service Packs or
updating graphics card drivers.
 Virus

Computer
Infestation
Trojan
Worm
Horse
 What ‘s
wrong?

Huh, My whole
internal system is
damaged by virus
 Do you
have a
backup?

Don’t think so. But

I have an antivirus
install within the
system
 Don’t worry. Just
scan your hard
disk using
Antivirus

Is that so? Thank

you Mr Officer!
UNDERSTANDING COMPUTER INFESTATIONS
• Virus
▪ Most common computer infestation
▪ Has an incubation period
▪ Is contagious (replicates itself by
attaching itself to other programs)
▪ Is destructive

continued
UNDERSTANDING COMPUTER INFESTATIONS
• The term "virus" is also commonly but erroneously used to refer to other types of
malware, including but not limited to adware and spyware programs that do not
have the reproductive ability.
• A true virus can spread from one computer to another (in some form of
executable code) when its host is taken to the target computer; for instance
because a user sent it over a network or the Internet, or carried it on a removable
medium such as a floppy disk, CD, DVD, or USB drive
UNDERSTANDING COMPUTER INFESTATIONS
• Trojan horse
▪ Does not need a host program to work
▪ Substitutes itself for a legitimate program
▪ Unable to replicate
TROJAN HORSE
• The Trojan Horse is a tale from the Trojan War, as
told in Virgil's Latin epic poem The Aeneid and by
Quintus of Smyrna. The events in this story from the
Bronze Age took place after Homer's Iliad, and
before his Odyssey. It was the stratagem that
allowed the Greeks finally to enter the city of Troy
and end the conflict.
• In one version, after a fruitless 10-year siege, the
Greeks constructed a huge wooden horse, and hid a
select force of 30 men inside.
• The Greeks pretended to sail away, and the Trojans
pulled the horse into their city as a victory trophy.
• That night the Greek force crept out of the horse and
opened the gates for the rest of the Greek army,
which had sailed back under cover of night. The
Greek army entered and destroyed the city of Troy,
decisively ending the war.
TROJAN HORSE PAYLOAD

Remote Access

Data Destruction

Downloader/dropper

Server Trojan(Proxy, FTP , IRC, Email,

HTTP/HTTPS, etc.)

Disable security software

Denial-of-service attack (DoS)

TROJAN HORSE
• Since Trojan horses have a variety of forms, there is
no single method to delete them.
• The simplest responses involve clearing the temporary
internet files file and deleting it manually.
• Normally, antivirus software is able to detect and
remove the Trojan automatically
UNDERSTANDING COMPUTER INFESTATIONS
• Worm
▪ Overloads a network as it replicates itself
▪ Does not need a host program
• A computer worm is a self-replicating malware computer program, which uses a
computer network to send copies of itself to other nodes (computers on the
network) and it may do so without any user intervention.
• This is due to security shortcomings on the target computer. Unlike a virus, it does
not need to attach itself to an existing program.
• Worms almost always cause at least some harm to the network, even if only by
consuming bandwidth, whereas viruses almost always corrupt or modify files on a
targeted computer
EXAMPLE OF WORM
• Christma Worm
▪ A student at a university in Germany created a worm in the REXX language. He
released his worm in December 1987 on a network of IBM mainframe
computers in Europe. The worm displayed an image of a conifer tree on the
user's monitor, while it searched two files on the user's account to collect e-mail
addresses, then automatically sent itself to all of those addresses
• Morris Worm
▪ On 2 November 1988, Robert Tappan Morris, then a first-year graduate student
in computer science at Cornell University, released his worm that effectively shut
down the Internet for several days.
▪ The Morris Worm succeeded in infecting approximately 3000 computers, which
was about 5% of the Internet at that time
▪ Morris was the first person to be arrested, tried, and convicted for writing and
releasing a malicious computer program. He was found guilty on 22 Jan 1990
and appealed, but the U.S. Court of Appeals upheld the trial court's decision
ILOVEYOU WORM
• The ILOVEYOU worm was first reported in Hong Kong
on 4 May 2000 and spread westward on that day
• The ILOVEYOU worm arrived at the victim's computer
in the form of e-mail with the ILOVEYOU subject line
and an attachment. The e-mail itself was innocuous,
but when the user clicked on the attachment to read
the alleged love letter, LOVE-LETTER-FOR-YOU.TXT.VBS,
the attachment was a Visual Basic program that
performed a horrible sequence of bad things:
▪ deletion of files from victim's hard disk
▪ password theft
▪ worm propagates (send email)
WHERE VIRUSES HIDE

• Boot sector viruses

▪Hide in a boot sector program
▪Replace boot program with a modified, infected
version of boot command utilities, often causing
boot and data retrieval problems
• File viruses
▪Hide in an executable (.exe or .com) program
▪Can spread whenever the program is accessed

continued
WHERE VIRUSES HIDE
• Macro viruses
▪Hide in a word-processing document that contains a
macro
▪Most common viruses spread by e-mail
• Multipartite viruses
▪Combination of a boot sector virus and a file virus
▪A multipartite virus is a computer virus that infects
multiple different targets.
▪For a complete cleanup, all parts of the virus must
be removed.
▪Because of the multiple vectors for the spread of
infection, these viruses could spread faster than a
boot or file infector alone
THE DAMAGE AN INFESTATION CAN CAUSE
▪ Ranges from very minor to major
▪ Is called the payload
▪ Can be accomplished in a variety of ways
THE DAMAGE AN INFESTATION CAN CAUSE
THE DAMAGE AN INFESTATION CAN CAUSE
HOW INFESTATIONS SPREAD
Trading storage containing
program files

Connecting computer to an
unprotected network

Buying software from unreliable

sources

Downloading programs from

Internet

Using storage from unknown

sources
continued
HOW INFESTATIONS SPREAD

Using shared network programs

Using used, preformatted storage

media

Reading e-mail that automatically

executes a word processor to read
attached files

Not write-protecting original

program disks
HOW A VIRUS REPLICATES
VIRUS HOAXES
• A letter or e-mail warning about an nonexistent virus.
Overloads network traffic
• A computer virus hoax is a false email message
warning the recipient of a virus that is going around.
• The message usually serves as a chain e-mail that
tells the recipient to forward it to everyone they know.
• Most hoaxes are easily identified by the fact that they
say the virus will do nearly impossible things, like blow
up the recipient's computer and set it on fire.
• They often claim to be from reputable organizations
such as Microsoft and IBM, but include emotive
language and encouragement to forward the message
which would not come from an official source.
EXAMPLE OF VIRUS HOAX
Invitation attachment (compute virus hoax)
•The invitation virus hoax involved an e-mail spam in 2006 that advised computer
users to delete an email, with any type of attachment that stated "invitation" because
it was a computer virus.

AIDS
•Not to be confused with AIDS (computer virus) or AIDS (trojan horse), this hoax is
about a non-existent virus that is purportedly distributed via electronic mail messages
that have "OPEN: VERY COOL! :)" as their subjects.

Amish Virus
•This joke email claims to be authored by the Amish who have no computers or
electricity to program viruses, thus ask you to delete your own hard drive manually
after forwarding the message to your friends.

Antichrist
•This is a hoax that warns about a supposed virus discovered by Microsoft and Mcafee
named "Antichrist" telling the user that it is installed via an e-mail with the subject
of:"SURPRISE?!!!!!!!!!!" after which, destroys the quadearasusalim.bdset one of the
most important sectors of the hard disk rendering it unusable.
PROTECTING AGAINST COMPUTER INFESTATIONS

▪Regularly make backups

▪Use virus scan software
▪Use wisdom when managing programs
EXAMPLES OF VIRUS SYMPTOMS

• A program takes longer than normal to load

• Less memory than usual is available
• Noticeable reduction in disk space
• Executable files have changed size
• Files constantly become corrupted
• Unusual error messages occur regularly
WHAT TO DO WHEN YOU SUSPECT A VIRUS
INFESTATION
• Run a virus scan program to detect and delete
the virus
• Use latest upgrade of your AV software
PROTECTING AGAINST VIRUSES
ANTIVIRUS SOFTWARE FEATURES TO LOOK FOR

• Ability to download new software upgrades

from the Internet
• Ability to automatically execute at startup
• Ability to detect macros in a word-processing
document as it is loaded by the word
processor
• Ability to automatically monitor files being
downloaded from the Internet
USING ANTIVIRUS SOFTWARE
▪Can be configured to scan memory and boot
sector of hard drive for viruses each time PC is
booted
▪Consider scheduling AV software to run at same
time every day
▪Can be set to run continuously in the
background and scan all programs that are
executed
▪Can cause problems with other software,
especially during installations
MCAFEE VIRUS SCAN SOFTWARE
MCAFEE VIRUS SCAN SOFTWARE
PLANNING FOR DISASTER RECOVERY

• Prepare for a disaster before it occurs

• Know how to recover lost data
• Know when the backup was made and what
you must do to recover information since the
last backup (recordkeeping)
• Verify that your recovery plan will work by
practicing it before a disaster occurs
SPYWARE
• Spyware is a type of malware that can be installed on
computers, and which collects small pieces of
information about users without their knowledge.
• The presence of spyware is typically hidden from the
user, and can be difficult to detect.
• Typically, spyware is secretly installed on the user's
personal computer.
• Sometimes, however, spywares such as keyloggers are
installed by the owner of a shared, corporate, or public
computer on purpose in order to secretly monitor
other users
SPYWARE & ADWARE
• The term adware frequently refers to any software
which displays advertisements, whether or not the
user has consented
• Most adware is spyware in a different sense than
"advertising-supported software": it displays
advertisements related to what it finds from spying on
users
• Unlike viruses and worms, spyware does not usually
self-replicate.
• Like many recent viruses, however, spyware—by
design—exploits infected computers for commercial
gain
 COMMON SPYWARE IN DIGITAL AGE

"Stealware" and Browser Personal Digital rights Identity theft

Advertisements
affiliate fraud cookies relationships management and fraud
EXAMPLES
• These common spyware programs illustrate the diversity of
behaviours found in these attacks. Note that as with computer
viruses, researchers give names to spyware programs which may
not be used by their creators:
▪ CoolWebSearch, a group of programs, takes advantage of
Internet Explorer vulnerabilities. The package directs traffic to
advertisements on Web sites including coolwebsearch.com. It
displays pop-up ads, rewrites search engine results, and alters
the infected computer's hosts file to direct DNS lookups to
these sites
▪ HuntBar, aka WinTools or Adware.Websearch, was installed by
an ActiveX drive-by download at affiliate Web sites, or by
advertisements displayed by other spyware programs—an
example of how spyware can install more spyware. These
programs add toolbars to IE, track aggregate browsing
behavior, redirect affiliate references, and display
advertisements
REMEDIES AND PREVENTION
• As the spyware threat has worsened, a number of techniques
have emerged to counteract it.
• These include programs designed to remove or to block spyware,
as well as various user practices which reduce the chance of
getting spyware on a system.
▪ Anti-spyware programs
▪ Security practices
▪ Many system operators install a web browser other than IE,
such as Opera, Google Chrome or Mozilla Firefox. Though no
browser is completely safe, Internet Explorer is at a greater
risk for spyware infection due to its large user base as well
as vulnerabilities such as ActiveX