A virus on your computer can record your password (or high jack your email client software) and send email on your behalf.
First thing to do is get a computer you can trust. Installing a good anti-virus/anti-spyware might work although i'm usually very paranoid about getting infected and i save my personal files, wipe out the computer and get a clean install of a legit version of windows. Cracked windows version usually already contain some kind of virus that can't get removed by anti-virus. There is some kind of virus (and rootkit) that can't get removed from your computer even if you install a anti-virus, it's all about what get installed first : if a virus is on your computer before a anti-virus it can trick the whole computer into believing that isn't here but it is.
- If you are using wireless, shut it down and plug your computer with a wire, if you can't turn it off (some weird router have no options for this) remove the antenna. Not as practical as wireless but they are secure. Wireless isn't.
- Save your picture and personal files on a CD/DVD or USB Key.
- Wipe the computer with Darik's Boot and Nuke
http://www.dban.org/- Install a clean copy of Windows and all of it's update
- Install a anti-virus before anything else
When you get a computer you can trust to be clean and safe, change your password. And never use your email again on a unsafe computer or over a wireless network. Never share your email with others website like facebook. Your password may have been recorded and send god know where and email are sent from there, you have to change it.
For the password i like to choose small sentence that has meaning to me. Something like 'iwalkonthe12streetwhenitsrainning'. These kind of password are very long and impossible to crack with brute force method. Even if you have my whole biography you can't guess them as you will never know what small event has a personal impact on me and the choice is huge unlike my dog or children name. They are very easy to remember since they have personal meaning to me and i don't have to write it down anywhere, you just have to repeat them a few times and it's like a song you can't forget them. The downside is they are long and take time to type, but that a small price to pay to never get high jacked.
I encounter once a hotmail that i never could recover with these step. Still don't know how it's possible, on that case i had to create a new hotmail for the poor fellow.
I know it's look a bit paranoid but when you have your bank account (or paypal) linked to your email (or some crazy ex-boyfriend/girlfriend that don't care about money but just want to piss you off) you may want to do that.
An individual has rights only as long as he can defend them.