S: Is for spy ware

If you read my column yesterday you know I was having computer trouble. The trouble was I thought a friend had sent me an e-mail card and so I went to open it. When I did nothing happened, so I thought. My computer had been dormant for approximately 24 hours. When I did open it there was this blue screen stating spooldr.sys had infected my computer. Now you would think because I write a column I am computer literate. I am not! I know enough to get by, but that is it. I spent hours trying to understand it. Thank-God my landlord has a computer so I went to look up spooldr.sys. To my surprise I found over 400 articles on this. It turns out spooldr.sys is a trojan virus and a nasty one. A Trojan horse is a program that installs malicious software while under the guise of doing something else. They are notorious for installing backdoor programs which allow unauthorized remote access to the victim's machine by unwanted parties - normally with malicious intentions. Unlike a computer virus, a Trojan horse does not propagate by inserting its code into other computer files. The term is derived from the classical myth of the Trojan Horse. Like the mythical Trojan Horse, the malicious code is hidden in a computer program or other computer file which may appear to be useful, interesting, or at the very least harmless to an unsuspecting user. There are two common types of Trojan horses. One is ordinary software that has been corrupted by a hacker. A cracker inserts malicious code into the program that executes while the program is used. Examples include various implementations of weather alerting programs, computer clock setting software, and peer-to-peer file sharing utilities. The other type of Trojan is a standalone program that masquerades as something else, like a game or image file, in order to trick the user into executing the file. Trojan horse payloads are almost always designed to do various harmful things, but can also be harmless. They are broken down in classification based on how they breach and damage systems. The nine main types of Trojan horse payloads are:

Remote Access
Email Sending
Data Destruction
Downloader
Proxy Trojan (disguising others as the infected computer)
FTP Trojan (adding or copying data from the infected computer)
security software disabler
denial-of-service attack (DoS)
URL trojan (directing the infected computer to only connect to the internet via an expensive dial-up connection)
Some examples of damage are:

erasing or overwriting data on a computer
encrypting files in a cryptoviral extortion attack
corrupting files in a subtle way
upload and download files
allowing remote access to the victim's computer. This is called a RAT (remote administration tool)
spreading other malware, such as viruses: this type of Trojan horse is called a 'dropper' or 'vector'
setting up networks of zombie computers in order to launch DDoS attacks or send spam.
spying on the user of a computer and covertly reporting data like browsing habits to other people (see the article on spyware)
making screenshots
logging keystrokes to steal information such as passwords and credit card numbers
phishing for bank or other account details, which can be used for criminal activities
installing a backdoor on a computer system
opening and closing CD-ROM tray
harvesting e-mail addresses and using them for spam
restarting the computer whenever the infected program is started
deactivating or interfering with anti-virus and firewall programs
deactivating or interfering with other competing forms of malware

They also run on time bombs."Time bombs" activate on particular dates and/or times. "Logic bombs" activate on certain conditions met by the computer. They are sneeky too. Droppers perform two tasks at once. A dropper performs a legitimate task but also installs a computer virus or a computer worm on a system or disk at the same time.

Under the names spooldr.sys, spooldr.exe, spooldr.ini. It replaces your tcpip.sys with a trojaned one that will hide and load the others. You can't even see them, let alone remove them. It sends out such much spam that appeared to originate from our IP, that companies have gotten banned from communicating with msn.com and comcast.net. It's outbound connections on the firewall, connects to thousands of random IPs on random ports.

I write this column to inform you as well as myself. I have yet to have figured out why someone would do this to somebody. It truly ruins a portion of their life. We have turned into such a uncaring, manipulative race where only our own agenda's matter. If you need help recovering your work e-mail me and I will tell you what I did. Hopefully I will have my Internet back and will be able to tell you how I did that as well. Remember it is important to know the F.A.C.T.S.