Answer Description

You should assume the user's login and PC are compromised. Its possible that the PC has malware that was used to send the emails, steal the user's password or that only the account credentials were compromised and the PC is not infected. Until you can determine how the credentials were compromised, you should assume anything that belongs to the user is unsafe.

Answer Description

MSConfig is an application available on Windows OSs that is helpful when troubleshooting or configuring the OS startup. It offers several configuration options, including a tab that lists processes configured to startup when the PC first boots.

Wikipedia

MSConfig (officially called System Configuration in Windows Vista, Windows 7, Windows 8, Windows 10, or Windows 11 and Microsoft System Configuration Utility in previous operating systems) is a system utility to troubleshoot the Microsoft Windows startup process. It can disable or re-enable software, device drivers and Windows services that run at startup, or change boot parameters. It is bundled with all versions of Microsoft Windows operating systems since Windows 98 except Windows 2000. Windows 95 and Windows 2000 users can download the utility as well, although it was not designed for them.

Answer Description

Blocking access to anti-virus or anti-malware websites is a common tactic used by malware once installed. It may block access to the website, show a fake error message or redirect to a fake version of the website to trick the user. Its likely this PC has been infected with malware.

Answer Description

Defragmenting a hard drive means rearranging the data as saved on the disk so it is in a sequential order. If you imagine a magnetic drive as a sentence, multiple files would read something like "Create file1.txt; Create file2.txt; Add data to file1.txt; Create file3.txt" and so on. Over time as more files are created and updated each file's data is spread out throughout the disk and the drive becomes slower. Degragmention rearranges the files so that the data is sequential: "Create file1.txt; Add data to file1.txt; Create file2.txt; Create file3.txt" and so on. By grouping each file's data into the same area of the disk the performance improves greatly. Solid State Drives (SSD) do not need to be defragmented.

Wikipedia

In the maintenance of file systems, defragmentation is a process that reduces the degree of fragmentation. It does this by physically organizing the contents of the mass storage device used to store files into the smallest number of contiguous regions (fragments, extents). It also attempts to create larger regions of free space using compaction to impede the return of fragmentation. Some defragmentation utilities try to keep smaller files within a single directory together, as they are often accessed in sequence. Defragmentation is advantageous and relevant to file systems on electromechanical disk drives (hard disk drives, floppy disk drives and optical disk media). The movement of the hard drive's read/write heads over different areas of the disk when accessing fragmented files is slower, compared to accessing the entire contents of a non-fragmented file sequentially without moving the read/write heads to seek other fragments.

Answer Description

A Spam Filter is a common feature of email clients and email servers. It will automatically detect and quarantine emails believed to be malicious or simply unhelpful (e.g. junk mail).

Answer Description

You can configure and rollback updates in Windows 10 by opening Windows Settings and selecting Update & Security followed by Windows Updates

Answer Description

Most likely your email has been compromised or hijacked. Malicious actors often compromise or purchase compromised emails so they can send links to viruses or phishing websites to that email's contact list. Because the emails come from a real account they are often trusted by the recipients, leading them to click links that ask them for usernames, passwords or to download some malicious application.

Answer Description

This type of application is known as Ransomware. It will block access to files using encryption, by deleting them or by changing file permissions to lock out the end user. Ransomware will often ask for payment using cryptocurrencies like Bitcoin and state it will re-enable file access after the ransom fee is paid.

Wikipedia

Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult. Ransomware attacks are typically carried out using a Trojan disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction.Starting as early as 1989 with the first documented ransomware known as the AIDS trojan, the use of ransomware scams has grown internationally. There were 181.5 million ransomware attacks in the first six months of 2018. This record marks a 229% increase over this same time frame in 2017. In June 2014, vendor McAfee released data showing that it had collected more than double the number of ransomware samples that quarter than it had in the same quarter of the previous year. CryptoLocker was particularly successful, procuring an estimated US$3 million before it was taken down by authorities,

Answer Description

The screen described is the Blue Screen of Death (BSOD). When Windows PCs encounter an unrecoverable error it will show the all blue screen with an error code like HAL_INITIALIZED_FAILED. This error code is your source for finding the underlying issue and identifying the best fix.

Wikipedia

The Blue Screen of Death (BSoD), officially known as a Stop error, Blue screen error, fatal error, bugcheck, Stop error screen, Stop message, or Blue Screen, is a critical error screen displayed by the Microsoft Windows or ReactOS operating systems in the event of a fatal system error. It indicates a system crash, in which the operating system has reached a critical condition where it can no longer operate safely. Possible issues include hardware failure, an issue with or without a device driver, or unexpected termination of a crucial process or thread. Contrary to popular belief, the Windows Embedded Compact (formerly known as Windows CE) line of embedded operating systems does not use a Blue Screen of Death.

Answer Description

Many laptops will enter a power-saving mode while not charging. The power-saving mode is most likely configurable, and will reduce power available to components like the CPU thereby reducing their functionality. You could consider providing a more powerful laptop, disabling the power-saving mode or instructing the user to plug in the charger while in meetings.

Answer Description

The two most common ways to inject pop-up windows into a web browsing session is by using a malicious application which will most likely be found by the anti-virus software, or by installing a plugin or extension to the browser that creates the pop-ups. Some free applications downloadable from the internet will install these plugins as a way to create ad revenue.

Wikipedia

A browser extension is a small software module for customizing a web browser. Browsers typically allow a variety of extensions, including user interface modifications, cookie management, ad blocking, and the custom scripting and styling of web pages.

Answer Description

Windows system events and some applications will log events including errors to the Event Viewer. You can open event viewer using eventvwr.msc or eventvwr.exe. This isn't a guaranteed method of finding the issue, for example if a sudden power loss or other hardware failure occurred it most likely caused the shutdown before Windows has a chance to log anything to the Event Viewer. Still, its a great place to start to see if Windows was able to record any issues before the PC was shut down.

Wikipedia

Event Viewer is a component of Microsoft's Windows NT operating system that lets administrators and users view the event logs on a local or remote machine. Applications and operating-system components can use this centralized log service to report events that have taken place, such as a failure to start a component or to complete an action. In Windows Vista, Microsoft overhauled the event system.Due to the Event Viewer's routine reporting of minor start-up and processing errors (which do not, in fact, harm or damage the computer), the software is frequently used by technical support scammers to trick the victim into thinking that their computer contains critical errors requiring immediate technical support. An example is the "Administrative Events" field under "Custom Views" which can have over a thousand errors or warnings logged over a month's time.

Answer Description

Event Viewer ( or eventvwr.msc, eventvwr.exe) is a great place to start when troubleshooting application failures. Applications and components of the Windows itself will log events to Event Viewer so they can be reviewed. This may includes information about the application running like configuration details, warning messages and error messages.

Wikipedia

Event Viewer is a component of Microsoft's Windows NT operating system that lets administrators and users view the event logs on a local or remote machine. Applications and operating-system components can use this centralized log service to report events that have taken place, such as a failure to start a component or to complete an action. In Windows Vista, Microsoft overhauled the event system.Due to the Event Viewer's routine reporting of minor start-up and processing errors (which do not, in fact, harm or damage the computer), the software is frequently used by technical support scammers to trick the victim into thinking that their computer contains critical errors requiring immediate technical support. An example is the "Administrative Events" field under "Custom Views" which can have over a thousand errors or warnings logged over a month's time.

Answer Description

Based on the information you have its unclear if something malicious is really going on. Certificates are used on websites running the HTTPS protocol to verify the server's identity and provide encryption. While it is possible that this is a spoofed email, or that the sender's account has been hacked, it's also possible this is a valid link and the web server is simply misconfigured (e.g. the certificate expired and the web server was not updated). The best way to proceed is to forward the email to whomever is responsible for IT Security at the company so the details can be determined in an investigation.

Answer Description

pkill is not a Windows command, but can be found on some Linux OSs and Mac OS. taskkill, using Task Manager and pressing ALT+F4 while using an application are all common ways to stop a process on Windows.

Answer Description

Reliability Monitor is an application available in some Windows operating systems that will show a timeline of events recorded by Windows. This includes security warnings, application failures and other informational messages. Using Reliability Monitor you can view when the application crashed, error/crash details and try to identify a pattern or cause for the crashes.

Answer Description

The next logical step here is to restore the computer to a known-good backup. You can try to determine what backups are available compared to when the malware was first discovered. If no backups are available or no backups before the infection are available reformatting the PC is an acceptable last resort.

Answer Description

ipconfig is the Windows command tool to view network related configurations. Using ipconfig /all will display all network configuration information like a computer's IP addresses, DHCP servers, default gateways and known DNS servers.

Wikipedia

ipconfig (standing for "Internet Protocol configuration") is a console application program of some computer operating systems that displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings.

Answer Description

Task Manager (taskmgr.exe) is an application on Windows operating systems that can be used to quickly view resource utilization like Network, CPU, Memory and Disk utilization. It is a quick option to view what the cause of the slowness is, for example you may find that the NIC card has very little bandwidth available or that a certain application is taking up a high percentage of the CPU.

Wikipedia

In operating systems, a task manager is a system monitor program used to provide information about the processes and applications running on a computer, as well as the general status of the computer. Some implementations can also be used to terminate processes and applications, as well as change the processes' scheduling priority. In some environments, users can access a task manager with the Control-Alt-Delete keyboard shortcut. Task managers can display running services (processes) as well as those that were stopped. They can display information about the services, including their process identifier and group identifier.

Answer Description

Some malware, known as Rogue antivirus or Rogue security software, will pretend to be antivirus software in an attempt to trick users into paying a fee to remove malware. Most likely it will just install more malicious software or do nothing (after charging the user of course).

Wikipedia

Rogue security software is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and aims to convince them to pay for a fake malware removal tool that actually installs malware on their computer. It is a form of scareware that manipulates users through fear, and a form of ransomware. Rogue security software has been a serious security threat in desktop computing since 2008. An early example that gained infamy was SpySheriff and its clones, such as Nava Shield.