I believe I have been infected with a Keylogger of sorts as a few of my online accounts have been compromised. Following is a timeline of events:
Sunday at 05:00 I received an email from Paypal saying that a couple of paid services on my World of Warcraft account had been initiated. (My Paypal account is 'attached' to my wow account, but the passwords differ and each would've had to have been typed in).
I changed the passwords to each of the above accounts on Sunday. Then at a similar time on Monday a similar thing happened (this time the transactions were blocked by World of Warcraft). So this implies that there was some kind of Keylogger? I've since put an authenticator app on my WoW account.
On Monday I backed up my documents, music etc (this includes some executables such as installers for apps, but I've had these for at least a year now and they should be safe (I also haven't run any of these executables)) onto an external hard drive. Then I ran a clean install of windows, repartitioning and reformatting my SSD I use for the OS and apps and HDD I use for data.
Last night at about 1 am I received an email from Microsoft Outlook to my main email address saying that a password reset request had been initiated for my secondary email address. This would require logging into the secondary email using the address and password, then entering my primary email when prompted by the change password process. The primary email was not logged into however and the change password process was not completed.
I did do a lot of password resetting during the day, so I wonder whether maybe this was a rogue email that just took some time to come through. I can see no other evidence of either of these emails being used (no sent mails, no deleted mails, and all my emails still there).
I'm obviously a little concerned that I could still be infected after reformatting etc. Concerned it could possibly be in my data on a USB drive - I did use it to download the drivers for installing when I reformatted (and I used the infected PC to do the downloading)? I hope not as backing up 100gb of music onto DVD's won't be fun.
Other than that, I only use my Macbook that I'm on now, and my iPhone. Didn't use my iPhone to log into anything yesterday, and (maybe naively) I assume my Macbook is clean...
I ran a scan with Malwarebytes yesterday, and have run a full scan and Root scan (the Norton Power Eraser tool) with Norton Internet Security today. The Norton stuff has come up clean.
So yeah, that's that - what do I need to do to diagnose the problem?
Oh yeah, I'm running Windows7 Professional SP1 - if that makes a difference.
Edited by Holmes321, 16 September 2014 - 05:46 AM.