Sunday, September 1, 2019

Discussion question Essay

The lab consist of using the AVG scan in the virtual machine to detect the different threats that were found which were moved to the virus vault. The window defender was used to verify the different infections and spyware that were found in the virtual machine. Malware and spyware are growing trends in the world of technology. It is good to know the steps to take just in case your system is infected with these nasty malicious malware and spyware. This is a screenshot of the number of threats that were identified by the scan. Screen shot of the detailed view of the 1st infection â€Å"†;†C:HelixIRRAMwin32ddwin32dd.sys†;†Trojan horse Hider.JI†;†Moved to Virus Vault† Screen shot of the detailed view of the 2nd infection â€Å"†;†C:HelixIR irsoftLSASecretsView.exe†;†May be infected by unknown virus Win32/DH{HhMXFE8VGw}†;†Moved to Virus Vault† Screen shot of the detailed view of the 3rd infection†Ã¢â‚¬ ;†C:HelixIRinpwdump2.exe†;†May be infected by unknown virus Win32/DH{HhRPFRs}†;†Moved to Virus Vault† Screen shot of the detailed view of the 4th infection â€Å"†;†C:HelixIRinPsh.exe†;†Trojan horse Dropper.Generic4.BVMA†;†Moved to Virus Vault† Screen shot of the 1st detailed spyware â€Å"†;†C:HelixIR irsoftastlog.exe†;†Potentially harmful program Logger.IAC†;†Moved to Virus Vault† Screen shot of the 2nd detailed spyware â€Å"†;†C:HelixIRFoundstoneFPipe.exe†;†Potentially harmful program Tool.IT†;†Moved to Virus Vault† Screen shot of the 3rd detailed spyware â€Å"†;†C:HelixIRincryptcat.exe†;†Potentially harmful program RemoteAdmin.IH†;†Moved to Virus Vault† This is a screenshot of the Virus Vault. This is a screenshot of the AVG’s Threat Detected alert window. This is a screenshot of the productreview.pdf file displayed in the vault. Remediation Steps There are many steps that can be followed to remove malware and spyware. There are several steps to remove infections such as a Trojan horse or a Trojan dropper from your computer system. 1. Reboot the system 2. Make the system restore is turned off so that the system does restore the infected file. 3. Launch anti-virus software that is installed on the system. 4. Go to disk view and highlight your computer and then select scan/ repair to that the anti-virus can detect the Trojan and put it in the recycle bin. 5. Restart the system and make sure the recycle bin is emptied. 6. Make sure the Trojan was deleted successfully by running another scan. The steps to remove spyware are different than the steps to remove an infection. The steps are as follows: 1. First, delete the temporary files. 2. Make sure the system restore is turned off. 3. Then install anti-virus/ anti-spyware program, an examples would be bit defender, or malwarebyte ant-malware. 4. Run a full scan and whatever is found, then delete it 5. Restart computer to make sure the spyware is deleted. This is a screenshot of the File Transfer file. Lab Assessment Questions and Answers 1. Workstation and desktop devices are prone to viruses, malware, and malicious software, especially if the user surfs the Internet and World Wide Web. Given that users connect to the Internet and World Wide Web, what security countermeasures can organizations implement to help mitigate the risk from viruses, malware, and malicious software? Organizations can restrict certain sites, keywords like blogs, and mirror sites. Organizations can block ingress of files that contain potentially dangerous content and also consider blocking all compressed executables from entry (Centre for the Protection of National Infrastructure, 2004). They can also make sure specific ports are shut down; this can prevent back doors when accessing a site. There are a lot of websites out there that do not need accessibility, especially for work environment. 2. Your employees e-mail file attachments to each other and externally through the organization’s firewall and Internet connection. What security countermeasures can you implement to help mitigate the risk of rogue e-mail attachments and URL Web links? Many business owners must examine what is at risk when they communicate sensitive data over email. The first thing is to make sure that a good virus protection software is install and updated on everyone computer place. Second it is good that all key departments within the organization, such as legal IT and H, understand the policies; require them to sign off on the email filtering, retention, retrieval and analysis policies (Small Business Computing Staff, 2011). 3. Why is it recommended to do an antivirus signature file update before  performing an antivirus scan on your computer? Signature files contain the latest list and behavior of known viruses that why it’s important to update the antivirus signature file before performing a scan on your computer. Anti-virus programs release signature files updates regularly sometimes daily sometimes more often because new viruses are being identified on a daily basis (Loza, 1999). 4. Once a malicious file is found on your computer, what are the default settings for USB/removable device scanning? What should organizations do regarding use of USB hard drives and slots on existing computers and devices? Many of the USB devices have serial numbers associated with them. Most of the scanning and tracking details would be use with most of the USB mass storage devices. Organizations should immediately disable the auto run on the system. The devices that are connected to the infected computer should be scan for malicious malware and spyware. 5. If you find a suspect executable and wish to perform â€Å"dynamic analysis,† what does that mean? Dynamic analysis is the testing and evaluation of a program by executing data in real-time (Rouse, 2006). The objective of the dynamic analysis is to find errors in a program while it is running rather than repeatedly examine the code offline. The codes are easily notice while the program is in use to help detected the error codes. 6. What is a malware and malicious code sandbox? A sandbox is a virtual environment with its own its own guest operating system where intercepted incoming can be observed (Jackson, 2013). By observing the behavior in the sandbox, it should notice and blocked malware regardless of whether the code or the vulnerability it exploits is already known. 7. What are typical indicators that your computer system is compromised? There are several indicators that your system may be compromised. The computer is extremely slow Applications won’t start Can’t connect to the Internet The antivirus is turn off There are entirely different browsers, and item are opening up and there are a lot of pop ups. 8. Where does AVG Business Edition 2012 place viruses, Trojans, worms, and other malicious software when it finds them? When going through the steps in the AVG Business Edition 2012 in the lab the viruses, Trojans, worms, and other malicious software were put in a vault. It was then deleted out of the virus vault. The viruses are quarantined and then isolated and deleted by the user. 9. What other viruses, Trojans, worms, or malicious software were identified and quarantined by AVG within the Virus Vault upon completion of the Whole Computer Scan? There were 4 infections that were found during the whole computer scans. The 4 infections are as follows: Trojan horse Hider.JI† Win32/DH{HhMXFE8VGw Win32/DH{HhRPFRs} Trojan horse Dropper.Generic4.BVMA In the scan was also 3 spyware that were found as well Logger.IAC Tool.IT RemoteAdmin.IH 10. What elements are needed in a workstation domain policy regarding use of antivirus and malicious software prevention tools? It is important that the needed elements are included in the workstation policy to make sure that the antivirus and malicious software are used properly. Tech support must make sure that everyone is following the guidelines of keeping the system safe from malware and spyware. A policy should be in place to let the employees know the importance of using the antivirus and malicious tools properly. Conclusion By going through the steps in the lab, there were many infections and spyware that were detected and later moved to the virus vault. The different viruses were moved to the vault so that they would not infect the rest of the system. In assessment were steps that must be taken to make sure that the infections and spyware are completely deleted from the system. There were many techniques that were learned about infections and spyware and where they should be moved when they are detected by the AVG scan. Reference Centre for the Protection of National Infrastructure (2004). Mitigating the risk of Malicious Software. Retrieved from http://www.cpni.gov.uk/documents/publications/2004/2004002 advice_malicious_software.pdf Jackson, W (2013). Hackers’ new trick for slithering through sandboxes Retrieved from http://gcn.com/blogs/cybereye/2013/02/hackers-new-trick-outwitting- sandboxes.aspx Loza, C, (1999). Why Is It Important to Constantly Update Antivirus Software? Retrieved from http://www.ehow.com/facts_6850079_important-constantly-update-antivirus-software_.html Rouse, M (2006). Dynamic Analysis Retrieved from http://searchsoftwarequality.techtarget.com/definition/dynamic-analysis Small Business for Computing Staff (2011). 5 Email Security Tips to Protect Your Small Business. Retrieved from http://www.smallbusinesscomputing.com/webmaster/article.php/3928231/5-Email-Security-Tips-to-Protect-Your-Small-Business.htm

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.