I’ll start from the beginning:
At the end of September I got money from a trusted friend, from out of the country, through paypal. I transferred that money into the bank and everything seemed to be fine. A couple of days later I went to the the bank drive-thru to deposit my work check when the woman stopped me and said she couldn’t give me any money back because I had a negative balance of over 1000. Originally, before anything had happened I only had about 60 total in the bank…I’m a poor student working fastfood, I have no savings… Naturally I was shocked and devastated and went into the bank and met with a gentlemen to get this figured out. He checked over my account and we discussed that the money that was meant to be transferred to my account had been transferred from it instead. He said it was paypal’s fault and he couldn’t do anything about it. He cashed my check and said to call him in a couple of days after talking to paypal.
So we got home, immediately called paypal. Talked to a lady from a foreign call center that really didn’t understand my situation, blamed me for the mistake, and simply instructed me to take the 1000+ that was taken (literally from no where since that money never existed in my bank acct) and transfer it back to my bank. It would take 4-5 days. In that time I got another 35 overdraft fee from my gym bill which decided to pay itself a couple of days before it was due on the first.
5 days later, around the 1st of October, the money was back in my account, the original 60 plus the 1000+ I had been sent by my friend. Except for the two overdraft bills, everything was straight. I had been working long shifts and procrastinated till I was off to go to the bank to get the overdrafts paid. The bank said they would not fix it because it was paypals responsibility. I HAD to pay my rent so I only had about 690 left in the bank at this point.
About a week later I got an email from paypal informing me that they had completed transferring the exact sum as earlier AGAIN from my bank to my paypal. There was no way to cancel it. By the time I was aware of this, it was the 14th and I had three 35$ overdraft fees, 105$ fees in total, caused by paypal. Calling them immediately, we were on hold for an hour. The woman did not understand the problem. Eventually we were transferred to an account specialist. After going over with the problems from the beginning she pretty much walked us through the exact same procedure as before, withdrawing the money from paypal and sending it back to the bank. She had me change the password. While we were waiting for confirmation, suddenly the money tried to pull it self from the bank AGAIN, while I was still on the phone. She said that it was not paypal’s fault and that it was likely a keylogger virus.
I checked my gmail and had a notification in red at the top of the page telling me that recently my account had been accessed by an IP address in South Korea. I was terrified.
As far as paypal goes, I will immediately close my account after the money is done transferring into my account but she can’t freeze my account until the money has been sent. She said yesterday she would watch it to reverse any other transactions started and told me not to log on and try to make any changes until it was done. She said she’d call me if she was alerted. I don’t know if she meant she’d just watch it yesterday or if she’d keep me protected if it finished but I’m watching my email religiously for alerts. I changed all my passwords with an on-screen keyboard on all my email addresses, facebook, etc
I talked with my bank just now because I was unable to log onto my online account. He had trouble helping me because the passwords he sent would not show up in my email. I have to assume my account has been compromised so I created new email addresses on hotmail and I am completely leaving gmail alone. I will deactivate or delete the gmail accts I have as soon as the money transfer is complete.
Now for the keylogger:
Normally I use three programs: Avast, Malware Bytes, and Glary Utilities. Avast picked up nothing. Glary detected two problems in my registry: both of them having to do with something called the Startnowtoolbar that I never downloaded. Malwarebytes detected two infected files with the same name.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar (PUP.Zugo) -> No action taken.****
I googled StartNow Toolbar and Zugo and several people have the same problem but none of their solutions worked for me. I have no idea if this is the keylogger I have but it’s the only problem I’ve yet to find. I removed it from all my browsers, uninstalled the program from the control panel. I let Glary fix it. I let malware bytes fix it. But it keeps returning. Everytime I restart my computer it comes back.
I tried using ComboFix, instructed by the tech guy at my old work but it was a nightmare. Once I used it, I was unable to click on literally anything without “An illegal operation on registry key marked for deletion” popped up. I tried to run System File Checker but it would not run. I just kept getting that notification. I could only use my computer in safemode.
I tried restoring my computer back to Oct 2nd because it was the earliest quick restore point it offered. My computer was back to normal again, except for the fact that the invincible Startnow Toolbar was still there. I’m back at square one. I’ve used malware bytes, and glary over and over again to remove it and I’ll finally get a clean scan but a couple of hours later it comes back. I’m so exhausted and frustrated with this and I am avoiding a full factory restore at all costs.
At the moment I have nearly -$700 in the bank and I am collecting overdrafts left and right from this problem and the paypal transfer will not likely be complete till the 20th. I’m so terrified that it will try to take my money a third time…
Can anyone help me? Thank you so much for reading this long question in advance.