My pc had a nasty invader on Monday morning, an infection which I'm told is called "man in the browser".
I've used the search function, and it hasn't been mentionned before. Googling it suggests that it has been around for about a year in increasingly sophisticated forms. Various web-discussions suggest that it can evade many security programmes. It beat my MS firewall with AVG free.

It is a very clever little invader. It does virtually nothing to your experience of your pc. BUT, when you go to some sites that it is pre-programmed to look for, it makes some very subtle changes to what you see on the screen. The version on my pc modified Banking websites when using IE 8 and IE 7. It didn't work on my Firefox, but Googling reveals that it often hits FF before IE.
The url of the banking web-sites remains exactly the same as the real web-sites.
Thus, unless you know what the web-site should look like, it is difficult to detect. I asked (electronically) both natwest and abbey on Monday, if they had recently changed the look of their web-site, and neither have replied yet. I rang them both, and natwest knew what I was talking about, but abbey - renamed saltimbocca, I was told, didn't know what I was talking about

Since then, (OK, very late) Upnp unticked, and multiple uses of avg, malwarebytes, superanti-spyware, spybot and ccleaner seem to have stopped the invader having an impact. However, I guess it is still there, somewhere, so the pc will probably go off to the man who set it up for a good disc-scrubbing.