I’ve long been proud of Mac OS X’s lack of viruses, trojans, worms, spyware, and adware. Compared to Mac OS X, Windows is like the bad part of town that is covered in graffiti and has lots of broken windows. My friends would regale me with tales of reinstalling the OS and buying all manner of programs in an ever-elusive chimera of security and stability. Luckily, I never have really had to deal with it since the only tech support I generally have to do is for my mother-in-law and she uses a Mac. (The tech support, by the way, consists of setting up her email and that sort of task.)
Today I had the pleasure of getting knee deep with a nasty Windows trojan. I normally would shrug off such requests because I know how quickly they can overtake your free time, but I had to help this time since it looked like I may have caused the problem in the first place.
My Dad’s computer with Windows XP Home Edition was acting up: he would get on and surf for a bit until the computer unceremoniously stopped taking any requests for web sites. Once he was at that point, he would have to restart or log off to be able to use the Web. Since these intervals were only two to five minutes long, this was an unendurable issue. The reason why I was involved is because I installed a firmware upgrade for his Linksys WRT54G so that the power levels could be boosted. The problem came up shortly after I did that and so he thought that I might know what had happened (and, more importantly, how to fix it). Say it with me, Dad, correlation is not causation.
In trying to track down the problem, I discovered that the computer’s anti-virus definition tables were outdated. So I rebooted and installed the latest version. It found the trojan (and several other viruses) quickly after that and so I deleted it. A quick reboot and the problem remained. I scanned again and found the same file again. I suspected that this little bugger had inserted itself deep into Windows’ bowels.
After a few hours of wrestling, installing new programs, and researching, I finally found a description of the trojan that fit perfectly. The trojan payload was using a rootkit to repeatedly re-establish itself and spread its grip widely. I deleted the files, deleted the numerous registry entries, and turned on all of the services that the trojan had disabled, which included Automatic Update, the Windows Firewall, and the Security Center. Another reboot and the system was finally whole again.
I now have a heightened appreciation for the anguish that Windows users experience. Several times I was prepared to tell my Dad that I had had enough and that he would need to re-install. In the end, it might have been a quicker proposition. I recommended several things before I left: keep the anti-virus files up-to-date, use Firefox if you can, and seriously consider switching to a Mac.