As I spent my weekend trying to repair, then ultimately rebuilding my shared computer at home I had 3 realisations.
- Virus/Trojan programs these days are really nasty.
- It’s very easy for non-geeks to get into virus trouble.
- Thank goodness for backups.
I run two systems at home, my main system is used only by myself and has little active protection. I have a virus scanner that I run occasionally but is not permanently active, and I am behind a firewall. Besides this I rely on my experience to keep me safe; Memory resident protections slow down my system too much. This continues to work well for me (touch wood).
I also have a shared system that I use for some email, and if I want to look at an Internet site that may have useful information but I am not sure about the safety of. The main job of this system though is the main computer for the family to use. Needless to say this system usually runs every type of protection it can get as it is a more open system and while my kids might become geekier as they grow up, I am the only geek in the house.
On Friday I got a call at work from my wife saying that everytime she tried to go to a website she got a security warning instead and a request to install a repair program, and that even after having run that, the message kept coming up. Despite the cloud of doom forming over my head, all I could tell her was to shut down and leave it until I got home. As soon as I logged the system back on there was no question that there was a trojan on the system that kept opening up sessions with various systems. I ran the virus scan, which came up with 3 different infections and said it had dealt with it, but rebooting showed that it had obviously missed something.
I ran the signature update on the virus program and tried again but that did no good either. I won’t bore you with the details but I ended up with a reinstalled system and a new anti-virus and malware program. I had a recent backup of the system so the process was annoying rather than tragic. I retrospect I had become complacent with the protection I thought the software gave that system. While not a geek, my wife understands the basics of Internet safety, like not opening strange messages, but when the initial infection got through, the very official looking phishing worked on her and made the situation worse.
In re-installing the system I have made a few changes to limit the chance of this happening again. You can never be 100% certain but the system did have active-x enabled in IE, my wife now must learn how to use firefox and I have disabled the preview pane for her outlook profile. It did give me a chance to do a straw test on a couple of alternative virus programs as I was not happy with my previous Internet security suite even before this incident. Of the few I tried in my non-scientific study, NOD32 did the best detection and removal and is now what is installed on both my systems, although with all the monitoring turned on for the shared system. That and the system running much faster with a fresh install are the silver lining I guess.