Spam sent from my account to my contacts

[jmt356]

Does this mean someone got a hold of my email account password?

[HansV]

Is the spam in your Sent Items? If so, your computer has been infected.
Otherwise, it's possible that your account has been hacked, but not necessarily so. Spammers are able to send e-mails from an e-mail address without actually having access to that e-mail address. But it's worth trying to change the password.

[jmt356]

It is in the Sent Items folder of both my email provider's online web site and Outlook. Am I correct in understanding that this means that this is not just a case of someone finding my password and sending emails from my account, since if that were the case, I would only find the emails in my emial provider's online web site? Does the presence of the message in Outlook's sent items mean I have a virus, worm or some other malware?

[HansV]

Yes, if the spam messages are in your Outlook's Sent Items, it means that they have really been sent from your computer, not from another computer in your name. And that implies that your computer has been infected by some kind of malware.
I'd run a full scan with your anti-virus program, and perhaps also a full scan with a program such as the free version of MalwareBytes Anti-Malware.

[jmt356]

I received an email stating that "Delivery to the following recipients was aborted after 1 second(s): * samura66@rambler.ru." However, I never sent an email to samura66@rambler.ru and no email from me to Delivery to samura66@rambler.ru appears in either my Outlook Sent Items folder or in my gmail Sent Mail. So how did this message get sent? Do I need to take security measures?

[StuartR]

It is possible for software to send an email without using Outlook.
Your PC is almost certainly infected. You should remove it from the network and run a selection of virus scanners.

[jmt356]

Is this a correct assessment:
If the spam is in my Sent Items, then my computer has definitely been infected (per Hans’ post 71377 above).
If the spam is not in my Sent Items, then my computer is almost certainly, but not definitely, infected (according to Stuart’s post 106962 above) .

Either way, I should run virus scanners?
Is it necessary to disconnect my computer from the internet while the virus scanners run?

[HansV]

Yes, if there are spam messages in Sent Items, they have been sent from your computer so you have been infected.

If there are no spam messages in your Sent Items, your computer may have been infected but it's also quite possible that the computer of someone else who has your email address in their Contacts has been infected. The spam software on their computer can send out email with your address as sender and as return address. If that has happened, there is little or nothing you can do about it.

Anyway, it is wise to run a full scan of your computer. First, update your anti-malware/anti-virus programs, then disconnect your computer from the internet and run the scans. IF your computer has malware running, it won't be able to "phone home".

[jmt356]

Malwarebytes has identified 42 files "malicious software." The vendor of each of these programs is called PUP.Optional.Babylon.A.

However, I question whether these files are actually malware. Some of them are:
- text files (e.g., Roaming\Babylon\log_file.txt);
- pdfs (e.g., Roaming\Babylon\Content\manuals\3ZCCGQGCV2_glossary_manual.pdf); or
- .ico files (e.g., Roaming\Babylon\Content\icons\23PZDHQYT2_glossary_icon.ico).

Shouldn't malware be an application (i.e., a .exe file)?

I don't understand why I should disconnect my computer from the internet when running scans. By not being able to "phone home," do you mean it will not be able to communicate with the computer that sent the malware? If so, what is the nature of such communication?

[HansV]

My guess is that Malwarebytes Anti-Malware sees Babylon as malware and hence flags every file associated with it as malware.

Malware is rather clever these days. If it detects that it's being removed, it might signal a server, and this in turn might schedule an attempt to reinstall the malware when it gets an opportunity.