- Unknown devices can be found in the WLAN
In many company networks that have existed for a long time, no optimal security configurations are used for the WLAN. The outdated WEP protocol for encrypting WLAN data can easily be bypassed. Employees may also have read out the WLAN key, which is very easy to do in Windows, for example, via the properties of the network connection, and passed the key on to acquaintances or outsiders. Former employees may still be able to connect to the network. You should therefore always check regularly whether unknown computers and users are connected to the WLAN and identify known devices. This is very easy to do with additional tools.
With the iPad app Fing you can find currently connected devices in the WLAN
For example, you can use the free iPad app Fing for regular searches . This shows all currently connected devices and also supports the storage of descriptions. You can also find the relevant data in the web interface of your WLAN device. There are also numerous other tools in this area.
Real or false virus reports appear on the computers
As soon as any virus warnings appear on the computers, you should take them seriously. Make sure whether the message comes from your real virus scanner or from a so-called fake anti-virus program. Both are bad, because the fake anti-virus is also a virus that has smuggled onto your computer without authorization.
If you use your virus scanner to remove the virus, check to see if it keeps reappearing because the virus may have come from another source on the network. In this case, scan all affected computers.
If it is a fake virus program, you can use tools such as Remove Fake Antivirus to find it and have it deleted.
- The browsers open other Internet sites without the user starting anything
Very often it is not the entire computer that is infected by viruses or Trojans, but primarily the browser. This manifests itself in the fact that unwanted Internet pages are constantly opened without users wanting to. If that happens, you can be pretty sure that the browser has been hijacked.
In general, a virus scan and deleting the temporary Internet files help here. You should also check in the browser settings whether an external proxy server has been entered or whether additional tools have been installed as add-ins. Remove them from the computer and install security add-ins such as the powerful and free NoScript.
Microsoft also offers a help page in this area . But Symantec also helps with programs such as Norton Power Eraser.
Unknown programs run on the computers, which also slow down the system
Even if the virus scanner does not show a message or the PCs are otherwise running clean, an attacker can be up to mischief in the network. This is often noticed when unknown programs are running on the computer, including via the Windows autostart. Even if individual programs consume a lot of computing resources, an attacker can have lodged on the system. In this case you can start the computer with a rescue CD like the one from Kaspersky or with the PC-WELT emergency DVD and have it scanned.
You can also display the autostart programs on the computer using tools such as AutoRuns .
You start the Task Manager in Windows via the context menu of the taskbar. Check here whether there are any unknown programs. You can also search for the program name on the Internet.
- Partners / customers inform you that virus / spam emails have been sent from your network
If you are informed that virus and spam e-mails are being sent from your company’s e-mail addresses, you can be almost 100 percent certain that either your mail server has been hacked or one or more PCs in your company have been hacked. In this case you should immediately have the server and all workstations searched with virus scanners, including the rescue CDs mentioned above. In this case, also cut off the internet line until you have isolated the problem.
Mail servers must be cleaned with special scan programs, and the settings must also be examined by professionals.
Numerous popups, menu bars and windows open in the browser on the desktop PCs
No third-party websites open, but popups and other annoying tools when you open the browser, make sure that the installed programs have no annoying menu bars. To do this, call up “Control Panel, Programs, Programs and Features” in Windows (you can reach this menu more quickly if you enter appwiz.cpl in the “ Search programs and files” input window of the Windows Start menu). Remove programs you don’t need here.
In addition, let the computer search with Spybot Search and Destroy . Remove all browser add-ins that you do not know about.
- The internet connection is constantly busy
If you notice that your Internet connection is constantly busy, you should check which computers it is coming from and which programs are causing the load. To do this, check your firewall and router regularly.
You should regularly keep an eye on the load on your Internet connection
Viruses and Trojans also transmit data to the Internet. Open a new command prompt on the relevant computers.
Enter netstat -o at the command prompt . If you want to redirect the output to a text file, enter the command netstat -o> C: \ netstat.txt . You can then edit and read the file with an editor. You can see all running programs and their current connection status. In the Remote address column you can see to which server or to which address in the Internet the tool will establish a connection.
- The virus scanner on the client PCs or the server is constantly switched off
Many virus scanners do not have sufficient self-protection. This means that attackers first switch off the virus scanner and can then attack the system unhindered. In this case, check the computer’s event display to see whether this happens regularly and make sure that the scanner’s self-protection is activated. You should also have the computer checked with another virus scanner. For example with an external virus scanner from CD / DVD or with a stand-alone tool like the Microsoft Windows tool for removing malicious software. However, you should not install two full-fledged virus scanners on one PC at the same time. These can block each other and paralyze your PC.
Download: Microsoft Windows Malicious Software Removal Tool
The virus scanner’s self-protection should always be activated
The action center in Windows 7/8 / 8.1 is also an important point of contact. You start this by entering wscui.cpl in the input field of the Windows start menu . In the Security area, check whether the virus scanner and firewall are activated.
The action center provides information about security functions in Windows 7/8 / 8.1
You receive alleged reports from the police / GEZ that pirate copies can be found on your computers
Such messages are in all cases viruses and Trojans. No authority locks a PC, no matter how real the message looks. Here you only have one chance: You have to start the computer with a rescue CD, such as the PC-WELT emergency DVD , and have it scanned. If the scanner cannot remove the virus, back up all files on the computer and reinstall the computer. Check the backed up files for viruses.
- False reports are constantly being published via the users’ social network accounts
If you allow access from social networks in the company, there is also a risk that users will catch Facebook Trojans. These unauthorized post false status messages that attract other users and identify their computers. Such messages can often be found as vouchers or appeal for donations. Here you will find reports about current attackers and what you can do about them.