Malware/virus infection.
When a computer does unintended behaviour like too much traffic, advertisements, pop-ups, creation/deletion of files, etc. It can be malware infected. A virus can be a malware except it will spread to other devices. There can be many different types of malwares and their own functions such as ransomeware for encrypting sensitive data, spyware to log or send personal/sensitive data, remote tools for command execution and connections to C2 servers, etc.
Indications:
- Strange behaviours such as reboots, high memory usage, blue screen crashes, etc.
- Browsers opening automatically to advertisements, pop ups or unwanted links.
- New hidden files or folders in different disks or storage devices.
- Changes in user settings, especially regarding anti-virus or security preferences.
- Account takeovers on sites accessed via the device.
Steps to prevent:
- Up-to-date anti-virus softwares or Windows Defender should be used to scan the device periodically.
- All softwares, mainly available for public and internet connections should be kept up-to-date.
- Prevention of opening untrusted files. Especially binaries or Microsoft Office documents with macros.
- No unknown storage devices should be plugged in without proper scanning.
- A proper firewall with rules for port opening and unknown connections should be implemented.
- Cookies and cache for web browsers should be cleaned periodically.
- Password storage applications are useful to avoid sending passwords to keyloggers.
Mitigation:
- In case of a suspicious infection, some trusted anti-virus and virus removal softwares should be used.
- If possible, the device should be disconnected from the internet and other storage devices.
- Regular use of the infected device should be avoided.
- A whole operating system reset is usually required if the anti virus software cannot remediate the issue. After proper reset, caution should be taken to prevent the same mistake again.
- For forensics investigation, a memory dump and a file system dump can be useful.
- Researching online (mostly for Ransomwares) might help finding a good mitigation.