Since sometime last night I have been receiving emails from people in my address book asking if I sent them this email (and of course I didn't):
Aleksey, I just wanted to share this opportunity with you, I've been
making 200-300 dollars a day and I started only a week ago. Check out
this news article and it will show you how to get started, it's
definitely easy enough for you ! http://7cnbcnews.com/money
I can provide full headers on a couple of these emails if that would be helpful. In fact, I'll just put them at the bottom of this post.
What I am trying to ascertain is where I have been compromised and whether there is any malware at work. I have changed all hosted mail account passwords, so at this point I need to rule out malware so I can sleep at night. All my mail is hosted (I don't POP any mail down to my machine). But I supposed someone could have a keylogger going on my machine and have acquired my password for either my Gmail or Earthlink accounts. (I use 6-8 digit passwords with letters and numbers mixed--sometimes symbols--not the strongest but definitely not the weakest. No easy to guess family names or anything like that).
Is there a way to rule out a keylogger or something similar?
I have changed the passwords with the hosted email accounts that would have been at risk.
Unless I have read the headers (below) incorrectly, it appears as if gmail was used and/or earthlink to route the mail, which means they had to have my passwords to send that mail, right? (Again, I have changed these since this problem came up, but if there's a keylogger on my machine, I could still be compromised.)
Maybe that is a question for another forum. My primary purpose for posting here is to ask if there could be some malware at work here.
Also, there have been some oddities with the performance of my PC. Sometimes it runs hot. I.e. the fan is racing and the RAM and CPU are definitely showing some peak use, but no Pocesses seem to be higher than 2-3% CPU usage. And the mouse will slow down too, when this happens some times. The whole machine seems to come to a crawl.
This PC is only a year old so it's not particularly old tech.
WHAT I HAVE TRIED
Ran OTL Scanner - no fixes
I think that's about it. Thanks in advance for any help.
Hanseric
EXPANDED EMAIL HEADERS FROM TWO EMAILS
---FIRST ONE----
Delivered-To: aleksey.[VETTED BY HANSERIC]@gmail.com
Received: by 10.236.106.100 with SMTP id l64cs124488yhg;
Sat, 4 Jun 2011 01:22:25 -0700 (PDT)
Received: by 10.52.75.136 with SMTP id c8mr63080vdw.165.1307175745576;
Sat, 04 Jun 2011 01:22:25 -0700 (PDT)
Return-Path: <[email protected]>
Received: from elasmtp-curtail.atl.sa.earthlink.net
(elasmtp-curtail.atl.sa.earthlink.net [209.86.89.64])
by mx.google.com with ESMTP id fs41si1406473vcb.69.2011.06.04.01.22.24;
Sat, 04 Jun 2011 01:22:24 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
[email protected] designates 209.86.89.64 as permitted sender)
client-ip=209.86.89.64;
DomainKey-Status: good (test mode)
Authentication-Results: mx.google.com; spf=pass (google.com: best
guess record for domain of [email protected] designates
209.86.89.64 as permitted sender) [email protected];
domainkeys=pass (test mode) [email protected]
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=dk20050327; d=earthlink.net;
b=XZ7TdeD3LAf0yUbZ8GGFula68YECKlJK9FZACSV/oC0Z2WDMjCJpWxzpPjGJi5MY;
h=Received:Date:From:To:Subject:Message-ID:X-ELNK-Trace:X-Originating-IP;
Received: from [72.242.128.2] (helo=localhost)
by elasmtp-curtail.atl.sa.earthlink.net with esmtpa (Exim 4.67)
(envelope-from <[email protected]>)
id 1QSkMK-0003eQ-5f
for aleksey.[VETTED BY HANSERIC]@gmail.com; Sat, 04 Jun 2011 02:29:21 -0400
Date: Sat, 04 Jun 2011 06:29:47 +0300
From: [email protected]
To: Aleksey <aleksey.[VETTED BY HANSERIC]@gmail.com>
Subject: Aleksey how are you?
Message-ID: <[email protected]>
X-ELNK-Trace: bb1e7b8b60e69fc81aa676d7e74259b7b3291a7d08dfec798528fa2847835810e5e92afbd22ae654350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 72.242.128.2
---SECOND EMAIL HEADER------
Received: from elasmtp-junco.atl.sa.earthlink.net (elasmtp-junco.atl.sa.earthlink.net [209.86.89.63]) by maila7.webcontrolcenter.com with SMTP;
Sat, 4 Jun 2011 03:00:12 -0700
Received: from [72.242.128.2] (helo=localhost)
by elasmtp-junco.atl.sa.earthlink.net with esmtpa (Exim 4.67)
(envelope-from <[email protected]>)
id 1QSl5Q-0002hU-SM
for [VETTED]@[VETTED].com; Sat, 04 Jun 2011 03:15:58 -0400
Return-Path: <[email protected]>
From: <[email protected]>
To: "Laura" <[VETTED BY HANSERIC]@[VETTED BY HANS].com>
Subject: Laura hi
Date: Fri, 3 Jun 2011 21:16:24 -0700
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
X-SmarterMail-Spam: Commtouch 0 [value: Unknown], SPF_None, DK_Pass, DKIM_None
X-Originating-IP: 72.242.128.2
Thread-Index: AcwinjGlYuiCyTCMTk64777taJPpyg==