<snip>
Soon after my In box started filling up I got a call from my brother saying he had received a dodgy email message from me with the same subject as the dodgy email I had received from him some months earlier. (Does that make sense?)
So, can I assume that:
a) the source of the virus was the original dodgy message from him and
b) that the dodgy message has been sent to everyone in my contacts.
If assumption b is correct do I need to warn all my contacts?
<snip>
Again this is a common tactic as the from email address is so easy to fake and most people open emails from people they know, wrong, you never know who sent it without a lot of investigation, unavailable to most.
Someone who has your email address in their address book is infected and that uses the email addresses in the address book to send out spam (or malware) to all in the address book. They also use email addresses in the address book for the from address, so it isn't uncommon to receive emails supposedly coming from yourself (I get lots, but a simple filter catches them).
So by now you should have the idea, make no assumptions.
You most certainly shouldn't send out warning emails to all your contacts, causes more harm than good (panic, adds to masses of emails flying round).
The XP firewall is no use whatsoever in this case as it has zero outbound protection. I suggest that you set the avast Internet Mail provider to High sensitivity as that would detect if your system was sending out multiple identical emails in a period of time (spam), so at least you would know it isn't you sending it.
As for changing your passwords, not required if they haven't hacked your email account. If they had your email would be sending out masses of spam and your ISP would be likely to alert you in the form of stop it or be banned email or words to that effect.