First off, let me say that I do not believe in any way that the game is a virus. I know that it's a legit game.
So here's the story;
I just purchased a used, refurbished laptop from eBay. The seller said that they were a certified Microsoft refurbisher, and they had over 900 positive reviews. There were only about 10 negative reviews (none of which mentioned hacking).
After receiving it with a fresh install of Windows 7, I proceeded to install my free upgrade to Windows 10. I then installed Avast antivirus and Chrome, and then started installing the stuff that I'd need for GoldenEye. I installed Steam, and then Source SDK Base 2007 from steamdb(dot)info (an official arm of Steam). The next day I downloaded GoldenEye from Mod DB. While trying to download it I switched mirrors from the default, which was in Europe, to one here in California. It wasn't any faster, so I switched back to the default. My antivirus never through up any alarms during or afterward when scanning.
Later that same day I checked my Microsoft Outlook email (which I have had for years and had linked to the Windows 10 account on the computer a day or two before), and I checked my recent activity as I always do, because I'm very security conscious. It showed multiple successive attempts to access my account (called a "security challenge"), all coming from the same IP address that wasn't mine. All these attempts, thank God, had failed. I'm glad I use very complex passwords. More failed attempts followed the next day, after changing my password. I then set to trying to determine the source of the breach.
As I stated earlier, I've had that email account for years prior and have never had this happen before. I've never even gotten so much as one spam email because I've very careful about giving out my email addresses. I mainly use that account for friends and family. This leaves only three possible leaks; the computer (pre-loaded with malware), the download of SDK, or GoldenEye. To narrow down the possibilities, I conducted an experiment. I deleted any traces of Steam, SDK, and GoldenEye, and then removed my account from the laptop and replaced it with a new admin account with a new dummy Outlook email attached. If the computer contained any pre-loaded malware, it should begin attempting to hack that account as well. I also installed a much better antivirus; Bitdefender Total Security. Bitdefender (rated number 1 antivirus for Windows 10) detected nothing wrong with the computer, and the dummy account only shows my log-ins. Not a single hacking attempt. As expected, there's nothing wrong with the computer itself. This leads me to believe that while downloading either SDK or Goldeneye, I was hacked.
I don't believe that either of these files contained viruses in them, since Avast scanned them and found no threats. Instead, I think that while I was connected to whatever server was giving me the download, it hacked in, got my email address, and got out without a trace. My question is, has anyone else ever had this experience while downloading GoldenEye or SDK? Perhaps I got a bad mirror while downloading GoldenEye? Was it a bad download of SDK? Any suggestions on how to get GoldenEye and the necessary software without getting hacked?