As far as I'm concerned, you took the correct steps. Changing your password being the most important.
In the future, I would be extra cautious about clicking on links in emails. You don't need a XSS attack to find yourself in trouble. My intent is not to add insult to injury ... just stressing the point.
'Am I done? Am I safe?' As long as you realize, you are your computers first line of defense. More so than the security software you have installed.
I received an email tonite from an old friend. It had a link in it. I clicked it. Mistake. WIthin a minute my Yahoo account was spamming my address book with the same link. It was not spoofing. The emails are in my sent folder. Once I saw what happened I changed my password and logged off of Yahoo. The issue seems very related to this CNET article ...
This article details a "cross-site scripting (XSS) vulnerability in Yahoo.com". Afterwards I ran scans using AVG and Malewarebytes. No issues found by either.
So it seems I have no Maleware ? It was all browser based ? I changed the password and scanned. Am I done ? Am I safe ?