I received a very authentic email purporting to come from DPD informing me of a missed delivery. There was no link to an attachment - instead the email linked to a website identical to that of DPD in every way, except (as I later discovered) the URL was inauthentic. My local DPD is DPD.co.uk not DPD.com
A box in the fake DPD website asked me to enter my postcode. It then gave me a very authentic map of my local DPD depots and opening times, telling me I had various options to receive the parcel - redelivery etc. One of the options was collection, which I decided to pursue. In order to do this the site asked me to download a collection form.
Too late I learned that this was one of the apparently infamous fake doc files. On opening, it iformied me it was a protected file and asked me to open it in MS Office and to enable macros/editing and click on specific buttons etc. However as I only have OpenOffice I couldn't do any of this as the indicated buttons etc did not seem to be available it that application..
In order to try and open it I set macro security in OpenOffice options to the lowest level. It still wouldn't show me the supposedly hidden content (in other words there was no change in the appearance of the .doc file) so I updated both OpenOffice and Java and attempted to open it, but I still couldn't see any content.
Despite stumbling around various menus trying to load macros from various libraries and so on I never managed to see whatever protected content may or may not have been in the .doc file. (I can't remember exactly what I did as I don't understand the process and was getting frustrated at my inability to read the file as I actually am expecting a number of deliveries).
Zemana antilogger showed no infection. On opening Malwarebytes anti-rootkit a message said "appinit.dll" had been detected "which may indicate the presence of rootkits". I don't recall seeing this before. However the subsequent scan showed no problems. I will run an Avast boot-time scan when I restart my computer.
Did the fact that the document didn't seem to display protected content in OpenOffice protect me from infection, even though I set macro security to low and so on? How would I know if any of the bad macros actually ran?
Am I likely to have been infected and if so what should I do? Change all stored passwords? All passwords even if not stored? Change bank details I may have used before I downloaded this .doc file? I haven't logged into anything apart from email and this site since I tried to open the bad file.
If I performed a clean reinstall, would non-executable files (music, video, images, text etc) already on my hard disk or on a connected external drive be safe to copy to an external drive before reinstallation, or could they have been contaminated? Most such files stored on the computer itself are on a separate partition to the OS.
Apologies if I've posted in the wrong forum or broken any other protocol. I read through the posting guidelines, but didn't see any that indicated I shouldn't have made this post here.
Thanks for any advice.