Virus?

Stormwatcher

So this morning I see that several spam emails were sent supposedly from on of my email addresses, the Yahoo one. Well, I know that they frequently do that silly trick in which the spam you get looks like it was sent from your address but wasn't.

Thing is, it was sent TO several people in my address book.

So I'm running all malware detectors I can (spybot, Malware Bytes, MS Sec Essentials) and I'm gonna buy a real AV app.

Passwords seem to be safe, and nothing else really weird happened so far.

Should I be worried? Should I do any other steps?

thanks

TL DR

No need to pay for an AV. Change your password from a known secure PC if possible.

Download Windows Cleanup, it will clear out old temp files and make those malware scans go a lot faster.

TetraNitroCubane

Were the messages you found in your outbox all sent at once? In a block, say, between when you might've logged in yourself, and the next time you logged in? Do you have the option enabled to stay logged in always, and do you ever log out manually? The reason I ask is because there's a chance that someone stole your authentication cookie via an XSS attack, which doesn't require infection of your local machine, but allows someone to hijack your current session.

Aside from an XSS attack, the other possibilities include keylogger on your local machine, password compromise via phishing, and sever-side compromise. It's baffling how many people report exactly what you have without knowing the reason, particularly for GMail. In any case, you can approach the issue the same way:

So far I'd say you're taking the right steps with the scan. TLCCOTT is right when he says that you don't need to pay for an AV if you don't want to - MSE is comparable to most paid options these days. If you're really paranoid, after all the scans are done, run another scan with Hitman Pro, which will use several different AV engines and also check for some rootkits (don't pay for it, though, just use the free scanner).

Once you're confident that your machine is secure, or can access a machine that's secure, change your passwords. You say "Passwords seem to be safe", but I'm not sure how you can be certain of that. Best to change them now, and give yourself peace of mind. After scanning and changing your passwords, you'll be in good shape.

Stormwatcher

TetraNitroCubane wrote: »

Were the messages you found in your outbox all sent at once? In a block, say, between when you might've logged in yourself, and the next time you logged in? Do you have the option enabled to stay logged in always, and do you ever log out manually? The reason I ask is because there's a chance that someone stole your authentication cookie via an XSS attack, which doesn't require infection of your local machine, but allows someone to hijack your current session.

Aside from an XSS attack, the other possibilities include keylogger on your local machine, password compromise via phishing, and sever-side compromise. It's baffling how many people report exactly what you have without knowing the reason, particularly for GMail. In any case, you can approach the issue the same way:

So far I'd say you're taking the right steps with the scan. TLCCOTT is right when he says that you don't need to pay for an AV if you don't want to - MSE is comparable to most paid options these days. If you're really paranoid, after all the scans are done, run another scan with Hitman Pro, which will use several different AV engines and also check for some rootkits (don't pay for it, though, just use the free scanner).

Once you're confident that your machine is secure, or can access a machine that's secure, change your passwords. You say "Passwords seem to be safe", but I'm not sure how you can be certain of that. Best to change them now, and give yourself peace of mind. After scanning and changing your passwords, you'll be in good shape.

I checked the email addresses the message was sent to, and all of them were in the webmail address book, so I'm less worried about malware in my main pc. Therefore, I do think it was an XSS Attack thing.

The scans ended up clean, aside from a couple of false positives. I'm gonna run Hitman just to be sure.

I'm gonna change the passwords, sure, but I was waiting to confirm that my machine is clean, as it's the machine I trust the most (I can't access https sites from the work machine). I meant that no one logged on any of the sites and services I've used and done shit to them. I'll also use the ipod authenticator thing for WoW. I already changed the Yahoo PW.

Thanks for all the info!