Skip to main content

CompTIA A+

PC Security Symptoms

25 min read

When a PC starts acting "infected," the worst move is guessing and changing settings at random. For CompTIA A+ Core 2 (220-1202), Domain 3.0 (Software Troubleshooting), Objective 3.4 (Given a scenario, troubleshoot common personal computer (PC) security issues), you're expected to spot common symptoms fast and tie them to the right next check. That matters because security problems often look like simple misconfigurations, while quick fixes can erase clues or make the system less safe. In other words, recognizing symptoms comes first, then you choose a controlled response.

This section focuses on three signals you'll see in real support tickets: being unable to access the network, persistent desktop alerts, and false alerts about antivirus protection. You'll learn what each symptom can mean, what to verify first, and how to avoid "fixes" that create new risks.

Quick Checks

For CompTIA A+ Core 2 (220-1202), Domain 3.0 (Software Troubleshooting), Objective 3.4 (Given a scenario, troubleshoot common personal computer (PC) security issues), the fastest wins come from basic checks you can do before you change anything. These checks help you separate a true security problem from a bad update, a broken network setting, or a single app that is misbehaving. They also protect evidence, which matters if you need to escalate the case to a senior tech or follow company incident steps.

Confirm what changed and what still works

Start with a simple timeline. Security symptoms often begin right after a change, even when the user does not connect the two events. Ask for a clear "before and after," then write it down.

Focus your questions on common triggers:

  • When did it start? Get the date and rough time. "After lunch today" is still useful.
  • What was installed or updated? New apps, drivers, "PC cleaner" tools, cracked software, or a printer utility can all be relevant.
  • Any new browser extensions? Extensions can cause redirects, toolbars, and fake alerts.
  • Recent Windows updates? A failed or partial update can break networking and security tools.
  • New Wi-Fi network or router change? A new network can add captive portals, DNS filtering, or weak security.
  • New VPN or remote access tool? Some VPN clients change DNS, proxies, and firewall rules.
  • Did you open an email attachment or click a link? Note the sender, subject line, and file type (for example, .zip, .docm, .iso).

Next, check what still works because scope tells you where to look. If only one app fails, think app settings, browser add-ons, or a blocked permission. If the whole system feels "off," think broader causes like malware, corrupted system files, or a damaged profile.

Use quick comparisons to narrow it down:

  • Try a different browser. If Chrome redirects but Edge does not, suspect extensions or browser settings.
  • Test another user account if available. If only one profile shows pop-ups, it may be profile-level.
  • Check other devices on the same network. If phones and other PCs also lose access, the problem may be the router, DNS, or ISP.
  • Confirm whether the PC can reach internal resources but not the internet, or neither. That split points to different causes.

This step saves time because it turns a vague symptom into a controlled problem statement.

Look for signs of a security issue without making it worse

Before you "fix" anything, observe. Many security problems imitate normal errors, and quick actions can erase clues. Treat the system like a scene you do not want to disturb.

Watch for patterns that often match security issues:

  • Browser redirects to search pages you did not choose, shopping pages, or "security warning" sites.
  • New toolbars or homepages you cannot change back.
  • Slow logins or repeated sign-ins, especially if the password is correct.
  • High CPU or disk use when the PC is idle, with fans running hard.
  • Unknown processes with random names, or multiple copies of the same odd task.
  • Security tools blocked, such as antivirus not opening, updates failing, or websites for security vendors not loading.
  • Fake warnings, especially pop-ups that demand payment, a phone call, or an urgent download.

Capture evidence safely. Take screenshots of alerts (including the system clock if possible) and write down the exact wording. Small details matter, such as a fake "Microsoft Support" number or a misspelled product name. Also note where the message appears. A warning inside a web page is different from a Windows notification.

If a pop-up asks for your password or payment details, don't type anything. Close the browser tab or end the browser task, then reassess from a safer position.

Avoid risky actions during this phase. Don't install random "removal tools" from the alert itself. Don't grant remote access to unknown helpers. If the message claims "your antivirus is expired," confirm it in Windows Security or the real vendor app, not through the pop-up link.

Finally, keep user behavior in mind. A user might say "nothing changed," yet they recently allowed an extension, accepted a browser notification prompt, or ran an attachment. Calm, specific questions usually uncover the real trigger.

Use built-in tools to collect clues

Windows includes enough tools to gather solid clues without jumping into deep forensic work. The goal is to answer, "What is happening right now?" and "What changed recently?"

Start with Windows Security:

  • Open Windows Security and go to Virus and threat protection. Check if it shows errors, disabled protection, or missing updates.
  • Open Protection history. Look for recent detections, quarantines, or items that were "allowed." Note the time and the action taken.
  • If the system says "Your IT administrator has limited access," that can be normal in a managed workplace, or it can be a red flag on a personal PC.

Then check Task Manager (press Ctrl + Shift + Esc). You are not trying to "hunt malware" by name. Instead, you are looking for odd behavior:

  • Processes: unknown apps using high CPU, memory, or disk when idle.
  • Startup apps: new items that launch at boot without a clear reason.
  • Users: unexpected sessions or multiple sessions when one user is present.

Next, use Event Viewer for basic signals. Open it and look at:

  • Windows Logs > System for network, driver, or service failures near the time the issue started.
  • Windows Logs > Application for repeated app crashes, especially browsers or security tools.

You can also open Resource Monitor (from Task Manager's Performance tab). Check the Network section to see which processes are making connections. A browser will talk to many sites, but a random background process making constant connections is worth noting.

Finally, verify proxy settings, because malware and "helper" apps often change them. In Windows, search for "Proxy settings" and confirm whether "Use a proxy server" is on. If the user never uses a proxy and one is set, that is a strong clue.

Built-in tools won't prove infection by themselves, but they can show clear inconsistencies that guide your next step.

Protect the user and the network while you troubleshoot

If you suspect a real security issue, protect people first, then the device. A compromised PC can expose passwords, files, and even other machines on the same network.

Disconnect when there is a risk of active harm. For example, if you see ransomware notes, unknown remote access tools, or constant outbound network traffic, disconnect from Wi-Fi or unplug Ethernet. That limits data theft and stops some threats from spreading. On the other hand, if you need internet briefly to check Windows Security status or download a trusted tool, reconnect only when necessary and only after you have a plan.

When the network itself looks suspicious (new public Wi-Fi, captive portal, or unknown router), switch to a known-good network. A phone hotspot you control can be safer for short tests than an open café network. In a company setting, follow the approved network and isolation steps, not personal workarounds.

Password changes require care. If you think credentials may be stolen, change important passwords from a clean device, not from the possibly infected PC. Prioritize email accounts first because email resets many other passwords. If multi-factor authentication is available, turn it on.

Keep a simple record as you go:

  • What symptom you saw
  • When it started (best estimate)
  • What you checked (tools, settings, and results)
  • What you changed (if anything)

In a workplace, follow company policy for incident handling and escalation. Some environments require you to stop, isolate the device, and notify a security team. That is not bureaucracy, it protects evidence and reduces liability.

Network Access Issues

For CompTIA A+ Core 2 (220-1202), Domain 3.0 (Software Troubleshooting), Objective 3.4 (Given a scenario, troubleshoot common personal computer (PC) security issues), being unable to access the network is a key symptom because it can signal either a normal outage or a security control. The difference matters because the wrong "fix" can hide evidence or weaken the system. Start by confirming what fails (Wi-Fi, Ethernet, DNS, or specific sites), then test in a way that changes as little as possible.

Tell the difference between a network outage and a security block

First, decide whether the problem is local to the PC or shared across the network. If other devices on the same Wi-Fi work, your PC likely has a configuration issue or a security block. If everything is down, suspect the router, modem, or ISP.

A few quick tests can separate these cases without deep tools:

  • Check other devices online: If phones and another PC can browse, your router and ISP are probably fine.
  • Open the router page: If you can reach your router's admin page (often a local address like 192.168.1.1), your PC can at least talk to the local network.
  • Ping the gateway (high level): If a basic ping to the default gateway fails, the PC may not have a valid local connection. If it succeeds but websites fail, the issue often shifts to DNS, proxy, or firewall policy.
  • Compare site behavior: If one site loads but another does not, that pattern can point to filtering, DNS tampering, or browser-level interception.

Security issues often create "selective" failures. For example, malware may block antivirus update sites while normal news sites still load. Another red flag is unexpected redirects, such as typing a bank URL and landing on a look-alike page, or searches going through an unknown engine.

DNS and proxy manipulation can look like random internet trouble, but the symptoms tend to cluster:

  • DNS hijacking signs: common domains fail, addresses resolve to odd locations, or you see repeated captive portal style pages on a trusted network.
  • Malicious proxy signs: browsing works, but pages load slowly, certificates warnings appear, or you see injected ads even on reputable sites.

If the network works on other devices but your PC can only reach a few sites, treat it like a security symptom first, not a router problem.

Common security causes, rogue proxy, bad DNS, VPN misuse, firewall changes

When a PC "loses the internet" due to security causes, the root issue is often a forced traffic detour. Adware and malware rarely break networking by accident. Instead, they redirect it so they can watch, modify, or block traffic.

Start with the most common culprits:

Rogue proxy settings often come from adware bundles or fake "security" tools. On Windows, a proxy can be set system-wide, so every browser inherits it. If the user never configured a proxy but one is enabled, that is suspicious. A proxy can also explain why only web traffic fails while other apps behave differently.

Bad DNS servers are another frequent cause. Malware can change DNS at several layers, including adapter settings or router settings (if the router is compromised). Bad DNS can send you to the wrong IP address, block security vendor sites, or redirect common domains. Besides browser redirects, watch for frequent "server not found" errors that do not match what other devices see.

Hosts file tampering can silently reroute traffic. A modified hosts file can force a domain to resolve to a local or malicious IP. This often targets update servers, security sites, and payment domains.

VPN misuse or unwanted VPN profiles can cut off access. A legitimate VPN client configured incorrectly can break routing or DNS.

This lesson is part of ExamWizardz Pro

Unlock every lesson, unlimited practice tests, and the AI tutor.

See Pro pricing

or start with a free account