Security Problem

omeone had tried to log onto my Google account using m y password. They said they blocked it but I should che ck out the problem. I'm using a dial-up connection and recently the modem has been downloading about 2 gigab ytes of data and runs all the time. I tried to shut th e machine off and I got a message that the AVG virus p rogram was being updated and I should not shut off the machine. Earlier, I got a few pop-up messages that sa id that some program was slowing down the machine and I had an option to click on stop or continue. I think I may have made a mistake on clicking the option to st op the program that was slowing everything down. That may have granted permission to do bad things. I had a text file on the machine with various notes about emai l addresses, birthdays, and passwords. I deleted all t he password data which included my PayPal account and password. This was on December 18th and today I checke d the PayPal balance and it was OK. But I can't figure out where someone obtained my Google password. As of now, the 2 gigabytes of data has been deleted and the the disk looks normal. I looked up the size of the cur rent AVG update and it said about 149 megabytes.

Change passwords, run malw are and antivirus for a start.

How would they know that it wasn't you?

Sylvia.

That doesn't sound quite right. Google "fingerprints" each computer that you use to login to your account. Whenever I login with a new computer, it sends me an email message ask "Is this you?". If I click "yes, it's me", it thanks me and exits. If I say no, it will block that computer from further logins. I did that once by accident and it took a while for that computer to reliably login.

Is this what you received from Google?

If so, change your password and consider setting up 2FA (two factor authentication):

I don't know who or how someone obtained your password. My guess(tm) is that you are using the same password on a different account and that account was compromised. Someone then went through all your other accounts trying the common password. Re-using a password is a really bad idea.

By clicking on a link in that email? It sounds to me like a phishing attack to try and get you to give them your login details.

If someone signs in as you using your password you would get an email message telling you what new kit they were using (approximately).

Google fingerprint your machine(s) so that you do get a notification if you connect with a new piece of hardware like a new tablet Xmas present. Something along the lines of "Your Google Account was just signed in to from a new Samsung Galaxy Tab S2 device. You're getting this email to make sure that it was you.". That is routine and to be expected.

My advice would be download Malwarebytes from the authors home page (not from any dodgy advertisements that appear higher up the Google search) and allow it to run a deep scan. It has a chameleon mode that means it will usually work even on a malware infected machine. It is my scanner of choice for people who have clicked on something nasty. Run it twice with a reboot inbetween. Then reinstall your AV.

There is a good chance your AVG is toast after visiting some dodgy site or other. Any of the reputable AV products should have a CD image you can download and boot from to delouse a computer that has been compromised. You need to download it onto a machine that is clean.

Incidentally I have noticed that on machines running IE11 that are left with the default MS homepage displayed it is only a matter of time before a rogue advert pretends there is a virus and a very persistent click to update window appears (ie download some hostile binary or other). Easy enough to kill from task manager but very confusing for an ordinary user. It is disgraceful that they seem unable to defend against it and act as a vector for such malware.

^^^ Ditto, I get those on a regular basis. Recently I got one for my Amazon account that didn't have any link to follow. That seemed odd! So, I phoned Amazon, they put a hold on my account, then confirmed me through a text and had me change my password. It took over 3 days to get it corrected. Someone fell short at Amazon and only took notes no action, I had to call again. I didn't have any extra Amazon purchases. My account had a Russian email address attached to it.

Yes, I thought it might be a phishing attack so I didn't click on the link to "Check Activity". The exact wording of the message was:

"Someone just used your password to try to sign in to your account. Google blocked them, but you should check what happened." And then there is a link to "Check Activity" which I didn't click. I was concerned about the wording of "in to" verses into.

Pure phishing attack. If someone tried to login to your account using your password they would get in and it would send you an email telling you approximately what hardware it thought they were using and asking if it was indeed you. Did you get a new tablet for Xmas?

Some web clients do lie about who they are. The clickbait scammers fake being run on iPhones because they get more advertising revenue that way. Advertisers pay more for clicks from iPhones!