Keith’s Nightmare

This copyrighted ComputerBob.com post cannot legally be posted anywhere else.

Earlier this year, when I was a technology clerk for the 2010 U.S. Census, working the midnight-to-8:30 AM shift, Keith was my supervisor.

Keith really knows about accounting, bookkeeping and personal finance. And he’s a stickler for detail.

Those were the perfect skills for supervising the Census night crew — the group that was responsible for flawlessly processing the hundreds of pages of daily payroll and HR data every night.

Those same skills allow Keith to also maintain the financial records for a local church and work part-time as a personal financial consultant to several clients.

He has two desktop computers at home. Both of them run Windows XP.

Keith knows a little about running a PC, like how to do his clients’ confidential financial recordkeeping tasks, in addition to a few basic things like email and simple Web page browsing to do online banking.

But he knows nothing at all about computer security.

So he has always believed the PC security advertisements that he read, and he has always bought and installed the third-party security applications and add-ons that they’ve told him to buy and install — all to try to patch enough of Windows’ inherent security vulnerabilities to protect his PCs and all of his clients’ and his confidential data from the millions of Windows malware threats that he knows are out there.

And then, whenever something invariably has gone wrong with one of his computers, he’s been forced to spend even more money to have someone like me try to fix the problems for him.

In short, Keith is a typical Windows user — trusting confidential and irreplaceable data to an unreliable and highly insecure operating system.

A few months ago, Keith asked me to take a look at his PC. He told me that it was exhibiting several problems, including running very slowly and refusing to allow him to install any new software.

After examining his PC extensively, I determined that the fastest, easiest and cheapest plan of attack would be to format its hard drive and reinstall Windows XP and all of his software from scratch. Unfortunately, that wasn’t an option because a lot of the proprietary, third-party software that he needed had already been installed on the PC back when he had bought it used, and he didn’t have the CDs to reinstall any of that software.

So instead, I made several day-long visits to his home, and spent several nights researching his problems online on my own computer at home. Finally, through prolonged efforts that included running two different bootable rescue CDs and manually, painstakingly editing the Windows Registry several different times, I completely disinfected his computer of all of the Windows viruses, trojans and other types of malware that had commandeered it. I also cleaned up its startup tasks and installed both a free antivirus application and a free software firewall to help protect it.

But, as every Windows user knows, even a completely disinfected Windows computer can be completely reinfected at any time if its user makes a critical mistake.

Like the one that Keith made a few days ago.

He was visiting a Web site, looking for information on how to find out what blood type he is. All of a sudden, a window popped onto the screen, warning him that Windows had determined that his computer was infected with 64 different viruses, trojans and pieces of malware. It told him that he needed to “Click Here” to download the software that would automatically disinfect his computer of all of that bad stuff.

Remember, Keith knows nothing at all about computer security.

So, instead of taking a second to consider the possibility that the message was a trick, he clicked on the “Click Here” button.

And that’s when his nightmare began.

Within a few seconds, his screen was filled with uncloseable browser windows containing advertisements, inappropriate videos and other unwanted intrusions.

Unable to get rid of any of those things, Keith pushed the power button to manually turn off his computer.

When he turned it back on, it took several minutes longer than normal to boot up.

And every time he opened his Web browser, he got more of those same unwanted pop-up windows that he had seen earlier.

So he tried to use Windows Restore to “turn back the clock” and restore his PC to an earlier, trouble-free condition.

Windows Restore told him it was unable to restore anything.

So he called me.

Yesterday, I went to his house and ran 3 different rescue CDs. The first one didn’t see anything wrong. The second one found 2 viruses and removed them. The third one found one virus and removed it.

Then I manually edited the Windows Registry, to remove all traces of the malware.

Then I shut down and powered on his PC several times. No trace of the malware.

Then I rebooted his PC several times. No trace of the malware.

Then I logged him off and back on several times. No trace of the malware.

An hour after I got home, Keith called me.

The malware was back.

But this time, his free antivirus software was warning him about it — and telling him its name.

On my computer at home, I did some research on it.

It turned out to be a trojan.

A very, very bad trojan.

One that takes over your entire computer.

It attacks your antivirus software and renders it powerless.

It commandeers your browser to display inappropriate materials, as well as to prevent you from researching how to get rid of it and prevent you from downloading any security applications that could attack it.

It installs one or more viruses for your antivirus software to find and destroy, to fool you into thinking that your antivirus software has successfully disinfected your computer.

It takes over the Windows Restore feature, to prevent you from “rolling your computer back” to an earlier, uninfected state — and to allow it to “restore” itself if you ever figure out how to successfully remove it.

But, worst of all, it steals your name, passwords, account numbers, credit card numbers, and any other confidential information that it can find on your hard drive — and then it uses your Internet connection to send all of that information to cybercriminals.

I spent an hour using my computer at home to research Keith’s problem, but I could only find one malware removal method that appeared to be even remotely successful in getting rid of that particular trojan. And that method is very complicated. It requires you to download 5 specific security packages from 4 different Web sites, and then install and run parts of each of them in a specific order. But the trojan is very intelligent, so it may recognize what you’re trying to do and not allow you to download, install, or run one or more of those packages. So, to in order try to “fool” the trojan into not recognizing them, you also have to rename several of the files that those security packages use before you run them.

And, even if you do manage to complete all of those tasks, there’s no guarantee that you’ll actually succeed in removing the trojan from your computer.

I immediately called Keith and gave him the bad news.

The last thing an accountant and financial advisor wants to hear is that his confidential data — and the confidential data of all of his clients — may have already been electronically transferred to cybercriminals somewhere out on the Internet.

I had him set down his phone and immediately disconnect the ethernet cable from the back of his PC, to disconnect it from the Internet.

And, on my advice, he spent the night last night doing the following things over the phone and on an hourly rental computer at a 24-hour Fed-Ex Office store:

  • Contacting all of his credit card companies, to ask them to cancel his existing accounts and open all new accounts for him.
  • Logging on to all of his online banking accounts and changing his passwords.
  • Contacting all of his clients, to tell them what happened, and tell them what to do about it.

Keith called me twice today.

We had a long talk about computer security and its long-term ramifications for his clients and for him.

I told him that I think he should buy a Mac.

I’m not a financial advisor, but I think that might be a very good investment for him.

© 2010, ComputerBob. All Rights Reserved.

It is against the law to publish this copyrighted ComputerBob.com anywhere else.

Tags: , , , , , , ,

2 Responses to Keith’s Nightmare

  1. I’ve lost count of how many times I’ve said this … same thing over and over again, just the date changes:

    It’s 2010 and we’re still playing these silly security games on Windows when much better solutions like Linux and Mac are available for similar costs. Amazing. And sad.

    Funny thing is that anti-windows evangelists are mostly ignored. Somedays I start to think there is a conspiracy between malware authors and the good folks in Redmond … but no, that could never happen. Could it?

  2. Jack says:

    Having always used Macs, I’ve never experienced the kind of nightmare herein described. Knock on wood. But, while Macs work almost too well, they are a bit pricey…even for the entry level ones. In light of what Keith went through, I’d say no price would be too high to avert a repeat of that.

Leave a Reply