I’ve been a longtime user of Norton Identity Safe with Vista SP2, but not any more.

I’ve uninstalled Norton Identity Safe after noticing – on two separate occasions when my Vault was open – a flurry of TCP/IP connections to my Vault accounts that were logged by System Explorer as being made by NST.exe with no corresponding input from myself or any request from an open Web browser.

The first episode lasted 16 minutes until I noticed high CPU usage and popup alerts that connections to proxy servers were being blocked by Emsisoft AntiMalware. During that time, NST.exe opened and closed connections to over 100 of my Vault accounts with the connections lasting from 30 seconds to just over 1 minute. I pulled my Ethernet cable out when I saw the number of connections being logged by System Explorer.

The next day, after closing Firefox with the Identity Safe Vault open, I recognized NST.exe was once again beginning to independently establish connections to my Vault accounts once again. I pulled my Ethernet cable out again and closed the Vault.

Virus & malware scans using Norton Power Eraser, Emsisoft Anti-Malware, Malwarebytes Anti-Malware, Hitman Pro, Sophos Virus Removal Tool, Zemana Anti-Malware and Kaspersky Virus Removal Tool all came up clean.

I’m unsure what caused this dangerous behavior, but Norton Identity Safe is no longer on my laptop to be a party to it.

I run Emsisoft using a 1.8 million URL connection block list and also PeerBlock blocking over 1.5 billion IPs.

I am extremely careful, so it’s difficult to imagine how I’ve been hacked, especially after all the AV/AM scans came up clean.

Be watchful and be aware of what NST.exe is doing in the background when your Vault is open.

I’m now going through my more-than 450 Vault accounts and am changing all my passwords.

Good luck!