1. Viruses, Worms, and Trojans
    1. General System Protection Guidelines:
      1. Install anti-virus and anti-malware software, update it regularly, or allow it to auto-update, and schedule periodic automatic scans.
      2. Ensure your computer applications and OS have the latest updates available. If possible, enable automatic updates.
      3. Enable and update your software-based firewall.
      4. Deploy and configure a hardware-based firewall.
      5. Use separate hard drives for the OS and data.
      6. Encrypt important data. Windows Encrypting File System (EFS) can perform this function.
      7. Perform periodic (weekly or bi-weekly) system backups.
      8. Take periodic snapshots of the OS state.
      9. Install and use a File Integrity Checker (FIC).
    2. Malware Removal:
      1. Identify malware symptoms.
      2. Quarantine infected systems.
      3. Disable System Restore (in Windows).
      4. Remediate infected systems:
        1. Update anti-malware software.
        2. Use scan and removal techniques (for example, Safe Mode and pre-installation environments).
      5. Schedule scans and run updates.
      6. Enable System Restore and create a restore point (in Windows).
      7. Educate end users.
    3. Virus, Worm, & Trojan Indicators of Compromise (IoCs):
      1. Computer runs slower than usual.
      2. Computer locks up frequently or stops responding altogether.
      3. Computer restarts on its own or crashes frequently.
      4. Hard drives, optical drive, and applications are not accessible or don't work properly.
      5. Strange sounds occur.
      6. You receive unusual error messages.
      7. Display or print distortion occurs.
      8. New icons appear or old icons (and applications) disappear.
      9. There is a double extension on a file attached to an e-mail that was opened; for example: .txt.vbs or .txt.exe.
      10. Antivirus programs will not run or can't be installed.
      11. Files have been corrupted or folders are created automatically.
      12. System Restore capabilities are removed or disabled.
  2. Adware and Spyware
    1. Spyware System Protection Guidelines:
      1. Use and update anti-spyware programs such as Windows Defender.
      2. Adjust web browser security settings:
        1. Disable or limit cookies
        2. Configure trusted traffic zones
        3. Turn on phishing filters
        4. Restrict unwanted websites
        5. Turn on automatic website checking
        6. Disable scripting such as JavaScript and ActiveX
        7. Clear the browser cache on exit
      3. Uninstall unnecessary applications and turn off unnecessary services.
      4. Educate users on how to surf the web safely. User education is the number one method of preventing malware!
      5. Don't click OK or Agree to close a window; instead press Alt+F4 on the keyboard to close that window, or use the Task Manager to close out of applications.
      6. Be wary of file-sharing websites and the content stored on those sites. Be careful of e-mails with links to downloadable software that could be malicious.
      7. Consider technologies that discourage spyware. Use a browser that is less susceptible to spyware, and consider using virtual machines.
      8. Verify the security of sites you visit by checking the certificate.
    2. Spyware Indicators of Compromise (IoCs):
      1. The web browser's default home page has been modified.
      2. A particular website comes up every time you perform a search.
      3. Excessive pop-up windows appear.
      4. The network adapter's activity LED blinks frequently when the computer shouldn't be transmitting data.
      5. The firewall and antivirus programs turn off automatically.
      6. New programs, icons, and favorites appear.
      7. Odd problems occur within windows (slow system, applications behaving strangely, and such).
      8. The Java console appears randomly.
    3. Troubleshooting Spyware:
      1. Disconnect the infected system from the Internet.
      2. Uninstall the malware from the Control Panel or Settings
      3. Scan your system with Anti-Virus software - in Safe Mode, if possible.
      4. Scan your system with Anti-Spyware software.
      5. Verify that your Hosts file (C:\Windows\System32\drivers\etc\Hosts) has not been hijacked, and that no sites have been added to the list of trusted sites.
  3. Rootkits
    1. Detection:
      1. If you believe a machine has been infected with a rootkit, do not rely on the OS to detect it.
      2. Often, the only way to detect a rootkit is to to use removable media
        1. Boot from a USB or CD
        2. Use a Rescue CD such as Hiren's Boot CD.
    2. Because of the difficulty involved in removing a rootkit, often the best solution is to reinstall all software on the machine.
  4. Wipe
    1. Back up the data (if possible).
    2. Flash the UEFI/BIOS.
    3. Reinstall the OS.
    4. Check the system for after effects.