Once a trojan is in place on your computer, they can remotely access it and program it to do whatever they want. Send spam, launch an attack against other computers, search for anything on your computer that looks like a credit card number or userids and passwords, or watch for you to open particular web sites, like online banking sites, and record the keystrokes you enter when you log in and send them the information.
Is it true that even the best anti-virus programs are only catching around 70% of the stuff out there?