Rogue login to Google account after Windows clean install
Yesterday I downloaded a sketchy .exe on my Windows desktop and executed it. A command prompt window appeared then nothing abnormal happened. I tried running MalwareBytes but it didn't display any threats.
Today at 4 am someone tried to log in to my secondary google account, then google detected and disconnected the account. When I woke up 4 hours later I changed the password of my secondary and primary account on my notebook (other device) and wiped the desktop SSD and HD clean with a boot usb and installed Windows once again. Then I downloaded apps such as Firefox, Steam and logged in to my primary and secondary accounts on Firefox.
At 8:30 pm Google once again stopped someone trying to log in my account, this time in the primary. The email I received from google (translated):
Suspicious activity on your account
Someone could have accessed your Google Account using rogue malware on one of your devices. The account has been logged out on the device in question for security reasons.
I already changed my primary google account password once again.
Is it possible the malware is still alive on my desktop despite deleting and creating again the SSD and HD partitions?
Can someone access my google account ignoring the MFA authentication?
Could it be they still had a session of my primary google account "alive"?
Here is the original message (in portuguese)
Atividade suspeita na sua conta
Alguém pode ter acessado sua Conta do Google usando um malware nocivo em um dos seus dispositivos. A conta foi desconectada no dispositivo em questão por motivos de segurança.
