On April 14 2011 , at 4:57 am an email was sent from a gmail account of mine to my contacts, this email was spam. Luckily that account is only used to sync my android contacts so i only had 15 emails in it. But the problem is that i last logged into gmail on April first and prior to that in February. I logged in using my laptop. Google gave me the ip from where the account was accessed and sent the spam (
Mobile United States (220.127.116.11) Apr 14 (1 day ago)
Browser United States (18.104.22.168) Apr 14 (1 day ago)
). But i dont understand how this could have happened, i do not go on un-trusted sites, i dont do anything that would give me a virus, and i scan regularly. Ive never had a virus in 3 years.
Ive scanned my laptop with over 5 anti-virus and spyware etc software and the only thing that was found was a java security threat (http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Exploit%3aJava%2fCVE-2010-0094.AF&threatid=2147640413) that Microsoft essentials found and removed..
since yesterday morning, ive changed all my passwords using my mobile phone and have not logged in on anything on this laptop other than cnet.
What do i do now to make sure nothing is left and is there a way to find out if it was my laptop that was the security risk..
Also to note, the spam was only sent to 10 out of 15 people..Why? And if this person did get a hold of my gmail password from that one login, why did he not send spam using my facebook or hotmail account seeing as ive logged in multiple times with them...
studio xps 1645
windows 7 ult 64bit
internet explorer 8
8gigs DDr3 ram
4/15/11 8:10 AM
malwarebytes found something and removed it.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> No action taken.
4/15/11 10:45 PM
I thought everything was okay, but my friend texted me a few minutes ago and told me i sent her a spam message on twitter... i went and checked and yes it is true. but it wasnt me and the things is I HAVNT LOGGED INTO TWITTER SINCE DECEMBER 2010... also gmail told me the ip and server that logged into my gmail from the us optonline.net:22.214.171.124
4/16/11 12:32 PM
I ran the requested programs and attached their logs. except for gmer , all the squares are greyed out and i am unable to check them.. the only checked ones are services,registry, files(c:\) and ads.