Skip to main content
Revy's Tech Journey, powered by Revtek
Back to Study
A+ Core 2 · CompTIA 220-1202 V15 · Objective C2-3.4

Given a scenario, troubleshoot common personal computer (PC) security issues

Drill flashcardsFocused quizBrowse all objectives (sidebar view)

Objective 3.4: Given a scenario, troubleshoot common personal computer (PC) security issues

Cert: CompTIA A+ Core 2 (220-1202) V15 Domain: 3.0 Software Troubleshooting Weight: Part of the 23% Software Troubleshooting domain Depth: Given a scenario, troubleshoot. The candidate must diagnose PC security symptoms and apply the right cleanup using the procedure from obj 2.6.

What this objective tests

You should recognize PC security symptoms (network access loss, alerts, fake AV, altered files, unwanted notifications, update failures, browser pop-ups, certificate warnings, redirection, slow browser) and apply the malware cleanup procedure when appropriate.

This objective is the diagnostic counterpart to obj 2.6 (the removal procedure).

Key facts

Unable to access the network:

  • PC can't reach internal or external resources. Could be: malware blocking network (some ransomware disables network to prevent backup), firewall set wrong, DNS hijacked, proxy hijacked, Windows networking corruption.
  • Check Settings > Network. Compare to other PCs on the same network. Disable any unfamiliar VPN/proxy.

Desktop alerts:

  • Pop-up alerts on the desktop, often claiming the PC is infected or needs an update.
  • Real Windows alerts come from Windows Security or Action Center, not random websites.
  • Symptom of adware, browser hijack, or scareware.

False alerts regarding antivirus protection:

  • Fake "Your AV is expired" or "Click here to install protection" notifications.
  • Real AV doesn't ask you to enter payment info via pop-up.
  • Often delivered via web ads, malicious extensions, or installed adware.

Altered system or personal files:

  • Files renamed, missing, replaced with placeholders, or inaccessible.
  • Top causes: ransomware (encrypts files), malware that overwrites for persistence, accidental sync/cloud action.

Missing / renamed files:

  • Specific files disappear or take new names.
  • Ransomware often renames files with a custom extension (.locked, .encrypted, vendor-specific). Look for ransom notes in folders.

Inability to access files:

  • Files exist but won't open. Common ransomware symptom (encrypted).
  • Verify with file properties; encrypted files often show different size, can't be read.

Unwanted notifications within the OS:

  • Pop-ups, notification bar items, browser notifications the user didn't subscribe to.
  • Likely a malicious site that asked for "Show notifications" permission and was granted.
  • Fix: browser settings > Notifications > revoke permission for the offending site.

OS update failures:

  • Windows Update fails repeatedly with errors.
  • Causes: corrupted system files (run sfc and DISM), insufficient disk space, malware blocking the update service.
  • Check Event Viewer for Windows Update errors.

Random / frequent browser pop-ups:

  • New tabs open spontaneously. Pop-ups appear on every page.
  • Almost always adware extension or malicious site permissions.
  • Disable suspicious extensions. Reset browser to defaults if needed.

Certificate warnings:

  • Browser warns that a site's certificate is not trusted.
  • Legitimate causes: expired cert, self-signed cert, internal site without proper CA.
  • Malicious causes: on-path attack with bad cert, corporate decryption proxy not installed correctly.
  • Verify the URL; don't bypass for sites you don't trust.

Redirection:

  • Browser sends you to a different site than requested.
  • Causes: hijacked browser homepage/search, DNS hijack, malicious extension, hosts file edits, malware.
  • Fix: reset browser to defaults; check hosts file; check installed extensions; full malware scan.

Degraded browser performance:

  • Browser feels slow, high CPU/memory.
  • Causes: too many tabs, malicious extension, adware, malware running in the browser (cryptominer in a tab).
  • Check Task Manager: which browser tab/process is the consumer.

Common gotchas

  • Fake Windows Defender notification linking to phone number. Vishing follow-up. Real Defender alerts don't include phone numbers.
  • Ransom note tells you which decryptor to download. Don't. Check No More Ransom (nomoreransom.org) for legitimate community decryptors.
  • Certificate warning on a public site. Don't bypass; usually means something's actually wrong (phishing, MITM).
  • Browser keeps reopening "you have a virus" pop-up. Site has notification permission. Browser settings > Notifications > Block.
  • "OS update failing" with cryptic error. Run sfc /scannow, DISM RestoreHealth, then Windows Update troubleshooter (Settings > Update & Security > Troubleshoot).

Real-world context

PC security symptom-to-action map:

  • Encrypted files + ransom note: Disconnect from network. Don't pay. Verify scope. Restore from backup (covered in obj 4.3). Reimage affected PCs.
  • Browser hijack (homepage/search changed, pop-ups, redirects): Reset browser to defaults. Disable suspicious extensions. Run anti-malware scan. Check Task Manager for the source.
  • Fake AV pop-ups: Identify the source (browser ad, installed app, browser extension). Remove. Verify with real AV scan.
  • Unable to reach network after suspected malware: Boot to safe mode with networking. Reset Winsock and TCP/IP (netsh winsock reset, netsh int ip reset). Scan for malware. If badly compromised, reimage.
  • OS update failures concurrent with other security symptoms: Treat as compromise. Some malware specifically disables Windows Update.

Full cleanup follows obj 2.6's 10-step procedure: verify, quarantine, disable Restore (Home), remediate, update AV, scan in safe mode/PE, reimage if needed, schedule scans, re-enable Restore, educate user.

Sources

  • [CompTIA A+ 220-1202 Exam Objectives Version 4.0, Section 3.4](../../../../../../30-RevyTechJourney/CompTIA%20A%2B%20220-1202%20Exam%20Objectives%20%284.0%29.pdf)
  • [CISA: Stop Ransomware](https://www.cisa.gov/stopransomware)
  • [No More Ransom Project](https://www.nomoreransom.org/)
  • [Microsoft Learn: Reset and reset network](https://support.microsoft.com/en-us/windows/reset-your-pc-without-losing-windows-installation-7d3b59cf-9c47-aa55-cf21-3cf7e6f2c2e1)