Roaches of the virtual world

Got your own spyware horror story?

I'm one of the kings of paranoia. I've been on the Net since the early 1990s when mail groups were still the big thing. Even then I ran antivirus software. As viruses and spyware have proliferated, my protection scheme has improved.

Right now I'm running Webroot Spy Sweeper and ZoneAlarm Antivirus behind a NAT firewall. I run Spybot - Search & Destroy and Bazooka Adware and Spyware Scanner on a regular basis, and I read the latest security journals to stay on top of what's coming at me next (I knew about Windows rootkits before the Sony fiasco). I even use a password manager (Password Depot) so I can copy and paste passwords rather than type them; this helps defeat keyloggers but can't completely prevent them. On top of it all, I use an account that doesn't have administrator privileges.

So imagine my surprise and outrage when I booted up my laptop one day and it took about five times longer to boot up than normal! I started thinking, "What did I do? It can't be spyware or a virus, right?" Wrong. A mystery window popped up, stating my computer was infected with spyware. I started scanning with everything I had and found the nasties. Somehow a Trojan horse had jumped all my security, likely due to a user error (I must have hit the wrong button on one of the warning screens put up by ZoneAlarm or Spy Sweeper). Of course, I got the super-hard-to-remove Vundo variant. I also discovered the little piece of spyware that was popping up the window, and I discovered a rootkit tucked away, just for good measure.

Now, because I'm paranoid I have a system restore I could have returned to, but I chose to do battle with these beasties. Looking back I should have restored and just been done with it.

The spyware was the easiest to remove. I booted from a rescue CD-ROM and let Spy Sweeper do the rest. The Trojan horse required a bunch of work--a special removal tool plus a couple of boots in and out of safe mode before it finally fell. The rootkit was a killer. When I first read about these, I hoped and prayed I never got one, but I had no idea how bad it would be. I had to use special detection tools and a special removal tool, then boot to a clean disk and to safe mode, among other things. After a lot of work, it, too, finally fell.

The moral of this diatribe? You can never be too safe or too vigilant. I had Spy Sweeper, ZoneAlarm, CWShredder (just for nostalgia), and RootkitRevealer. I also was behind a NAT router and regularly scanned with Bazooka, and something still got in.

I couldn't help but think of roaches as an analogy. I thought I had all the holes plugged, but one still got in. When I saw that one, three more appeared. Now I guess we'll have to rethink the theory about roaches being the only thing to live through a nuclear explosion.

-William
Massachusetts, U.S.A.

Reply from the Download.com editors:

We definitely agree with the moral of your story, and your analogy is totally appropriate. Like we pointed out a couple weeks ago, even paranoid users can inexplicably find themselves victimized by Trojan horses, viruses, and malware. That said, many folks overlook the importance of a password manager in the fight against spyware. Also, though we think using a password manager to protect your secure data is indeed a smart call on your part, you are correct that using one won't make you completely immune to keyloggers.

We're sorry to hear about your encounter with a rootkit, which can be extremely difficult to detect and remove. Still, it sounds like you were able to banish it with some serious elbow grease. The one upside to Sony's recent rootkit blunder was that it increased public awareness of this very dangerous piece of technology.