Posted 20 July 2011 - 08:04 AM
I have Windows XP on a Dell Desktop computer. Avast is my primary and always active antivirus program and I have Scotty too. I occasionally also do manual scans with Malwayebytes, ESET, Iobit Malware Fighter and Advanced System Care. The browsers I use are Firefox, Opera and IE automatically kicks in only when I open up my AOL mail. They were all in use when this happened. I have a Wordpress website hosted by GoDaddy and the email incident described below was from that email address. And I have KeyScrambler that works when I use Firefox and the AOL account that uses IE, but it doesn't work when I use Opera.
So last night, while on a website I access with Opera that I visit frequently, a little window popped up saying something to the effect that someone was trying to download something and did I want it to do that? I immediately pressed NO (panicked), and don't know what it was. I have something, don't know which program it comes from, that always asks me if I'll accept cookies, which I always say NO to, but this little window wasn't that one.
At some point, and truthfully I can't recall if it was after this incident or not, I replied to an email connected to my GoDaddy Wordpress website I access from Firefox, that was part of a back and forth correspondence with a friend. I pressed Reply like I always do, and off it went. Went back to the website I was visiting on Opera and when I checked my email again, there were two MailerDaemon messages and two emails from people telling me they received this email by mistake. I went to my Sent box, opened up the email I'd sent, and found that it had also been sent to about 30 other people, most of whom I don't know. I immediately started an ESET scan.
Within, say, half an hour of this happening - I wasn't really paying attention - a window opens up from Scotty that asks if I approve of something like win32zugo being installed in IE, and I said no. Then I googled it and found out that the only thing that removes that is ESET, which I was already running, and it did find and supposedly got rid of it. How can you tell? And how did it get into my computer after I told Scotty not to accept it?
Tested sending emails from the same email address I had had that problem with, and it didn't happen again. Didn't happen this morning either.
This morning, booted up without incident and tried to log into my Amex account through Firefox, but it kept saying I wasn't using the correct password. Phoned Amex tech support and they said let's do it together. By this time, there was a form that looked like an Amex card with spaces to fill in the credit card number and password. I was shocked to see that the numbers I typed in and the numbers that showed up in the boxes were not the same!! Key Scrambler was definitely on and operating.
Amex tech support advised me not to go onto any credit card or financial sites like my bank, until this gets cleared up. And I need to do that, so any help you can give me as soon as possible would be gratefully appreciated.