Friday night topic: trojans and rootkits

I just dropped off a package containing my dad's laptop at the FedEx depot this afternoon. I spent parts of several days this week recovering his data, wiping the drive, and reinstalling the OS and key apps. My dad's a tech-savvy guy, but in a moment of weakness, he opened one of those greeting card spam messages recently and his computer became infected with a trojan. The thing had installed a proxy for IE7 and rerouted all DNS queries to a compromised server, and then covered most if its tracks via a rootkit. I wiped the drive and started over because I didn't think I could be sure otherwise that the trojan was entirely removed from his system.


I went through the same thing with my wife's PC not long ago. She also knows better than to open attachments, but the greeting card thing caught her off guard somehow. Took her a while to admit that she'd gone through the steps of opening the email, clicking the link, downloading the payload, and running the executable. I lost a day's work, at least, to rebuilding that machine from the ground up.

Were it not for tools like Rootkit Revealer, I might not have even been able to detect the trojans. One of them seemed to be attacking our antivirus software and trying to stop the Revealer process, even.

I could get mad at my relatives for making a mistake, but it's hard to see the point. The really frustrating thing is that they both had reason to believe a greeting card might be coming their way at the time and reason to be a little frazzled: my dad had brain surgery recently. These email-based attacks prey on those who might not be operating at 100% for whatever reason. That makes me white-hot mad.

Which makes me wonder: if it can happen to some fairly tech-savvy folks like these, how widespread is this problem? And what happens when your computer gets infected and you don't have a close relative who's a PC expert? The trojan on my wife's PC wasn't detected by Windows Defender, Avast! antivirus, or the Windows Malicious Software Removal Tool. Have you dealt with any of these infections, and to what lengths did you have go in order to clean off the infected system? Can we form a posse and hunt down the people who do this? Discuss.

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.