Helping people with computers... one answer at a time.

When a Hotmail account shows a virus, it's a good sign that your account has been hacked. You'll need to change all of your security information to regain control.

A friend of mine, who has a Macbook Pro, has informed that in my emails which I've sent him is hidden a virus. I scanned my computer with Norton. I found nothing.

In this excerpt from Answercast #7, I look at the difference between accessing Hotmail online or through a computer-based program and outline the steps needed to clean up that account.

Viruses in Hotmail

I see from your question submission that you're sending from a Hotmail account. My guess is that you are accessing Hotmail through the Hotmail website and not a program running on your PC.

If you do a scan with your anti-virus program, you are scanning your computer: not your Hotmail; not the website. You're not scanning the way that you access your email. If you were running an email program like Thunderbird or Outlook, then an anti-virus or anti-spyware scan would make sense.

Hotmail is online

When you access email primarily through a web interface (like you do with Hotmail), what happens in a case like this is that your email account has most likely been compromised; it's been hacked into.

Somebody else knows your password and is logging into your email account from some other computer; quite possibly from some other country, some other random place out on the internet elsewhere on the planet.

As a result, your machine may not have any viruses at all because that just doesn't apply here. The hacker isn't using your computer to access your account; they're accessing it directly.

Secure your account

The thing to do is to immediately change your password and then also change all of the other information in your account that could be used for a password recovery. While the hacker has access to your account, they can look at many of the settings that might be used to do a password recovery.

The scenario that you need to avoid is this:

  • You change your password.
  • The hacker notices.
  • The hacker asks for password recovery because he has set all of the recovery information to information that he knows or email addresses that he controls.
  • He can then get a new password issued for your account.
  • And, essentially, he can hack it again.

What you need to do is regain access to your account (or have access to your account) and change your password. Change all of the information that could be used for a password recovery to further secure your account.

Next - How do I get a Hotmail or MSN email for another country?

Article C5175 - April 7, 2012 « »

Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

Bob Stromberg
April 10, 2012 9:11 AM

Thank you, Leo, for suggesting that if this happens, the account owner needs to change the password recovery information as well as the password.

I believe this advice applies to any web-based email account, such as Gmail and Yahoo. In fact, it could also apply to an ISP-provided email account if it has a web interface.

April 10, 2012 12:03 PM

It does not make sense with this statement:"•The hacker asks for password recovery because he has set all of the recovery information to information that he knows or email addresses that he controls." because if he/she sets that kind of recovery on my hotmail/yahoo account then I would be able to see it, am I ?

Not all recovery information can be seen. Most services won't show you the answers to your secret questions, for example. That means he can set it to something he knows.

April 10, 2012 8:25 PM

The rub is that if you don't go looking for it you won't see it. You have to actually click into the recovery information section of your email page, and look to see if it has been changed. Otherwise the hacker will be very happy when they find that they can go ahead and get in by answering the secret questions. So basically, changing your password is not enough.

April 11, 2012 2:15 PM

Thanks Leo and Connie, so, if I remove password
recovery and change current log in password...then I can
somewhat stop the hacker?

Bob Stromberg
April 11, 2012 6:45 PM

I think this kind of hacking can be tested by anyone. Set up an alternative web-based email account. Call it "test." Give the password to a friend. Using two computers (or two browsers on the same computer), have the friend change the password... then change the password AND the recovery information. You'll see what happens.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.