A multi-bank viral raid

This blog is set up to relate what felt like a serious malware experience, and I spent funds to assure the fix. Now it is done I may use for more home adventures in the cyberworld as they occur.

On attempting to visit my friendly bank I was disconcerted on login to receive a demand for supply of mobile phone number and phone banking password. Being suspicious I rang the bank and the help desk assured me it was a  dangerous scam. They immediately locked my account and required a change in all my security items. They told me to remove all bank bookmarks in my browsers. They referred me to a special scanning program (Malwarebytes) that identified a nasty green bug that my antivirus program (Kaspersky) had missed.
But after I removed the bug the bank website intervention was still there and applied to all browsers (Firefox,IE ,Safari, and Google) and applied no matter which way I tried to navigate to logon screens. Much worse, the same nasty intervention showed up on visiting my second bank site and applied to all bank accounts in our household. Alarm bells!

Then I tried logging in by wifi on each of my iPad, laptop, and netbook. All my computers had the same virus, even the one I hadn't used for 6 months!

Another call to the bank elicited an inquiry about who my ISP was. Idea! Could it be connected to the modem rather than any particular computer, or even the ISP?
A web connection using my mobile phone as a wifi hotspot confirmed the residence of this gangster as being one of those two places, since access to the bank websites were untroubled using a different web connection modus.

A long session with the ISP help desk ultimately resulted in a factory reset of the modem and more changed passwords. The intervention disappeared and all machines were clear. The issue had been something to do with the modem, (not the ISP) and did not depend on a particular computer.

Still nervous, I called in my home visit professional who diagnosed the source as probably a hack of my modem's personal static IP address. The hack had seemingly identified specified bank requests associated with the IP address going through the modem, whether by ethernet or wifi, and directing them to phony websites . So even after the bug - if that was the one- had been removed, the redirection instruction persisted. Only a modem factory reset resulting in a new IP address could effect a cure. Whew! The fee for the home visit was $160, but the hour's consultation including further cleanups on our two most used computers was worthwhile assurance. The mystery is, where did I pickup the disease?