After reading some threads on the Norton Community forums, I have concluded that my laptop has been compromised and infected with an email spambot. I have come straight to this forum for assistance as Norton users experiencing these symptoms were being directed here.
I first started noticing symptoms on Monday 5th. I happened to be installing a new program called KMPlayer, a popular audio/video player. I was going through the setup when I got a taskbar notification from Norton that said a suspicious program was removed (see notif_01.txt attached). 9 minutes later, I got another similar notification (see notif_02.txt attached).
The following night, Norton removed another two suspicious programs (see notif_03.txt and notif_04.txt attached). I was away from my laptop before the last notification, and when I came back, I found a Norton pop-up window saying Email Error (see email_error_01.txt attached). After reading it, I clicked OK to close it, but another pop-up followed it immediately. This happened several times; there seemed to be no end to these error messages.
Some errors said my IP was not authorised to send emails (see email_error_03.txt attached). I was confused; I didnt even have my email client open, let alone did I try to send any of these emails. I didnt recognise any of the recipient addresses, nor did any of the sender addresses belong to me, and they were all different every time. I also noticed that all the recipient addresses appeared to be personal Gmail addresses and the emails were all about meds. I could tell it was all spam. So, I started to research my problem.
Yesterday, I installed Malwarebytes and ran a full scan on all drives (1 internal, 1 external, and 1 USB). Directly after the scan started, Norton removed one more suspicious program (see notif_05.txt attached). Upon completion, the scan had detected 13 items in total, and I removed all of them and rebooted as required (see mbam_log.txt attached).
Tonight, I turned on my laptop and connected to the internet to log on here (I registered on my Android phone earlier). So far, I havent received any more email errors from Norton, so it seems like Malwarebytes has helped a great deal.
I also ran DDS and added the dds.txt log at the bottom of this post as required (also see attach.txt log attached).
Id now like to know what to do next to ensure that my computer is clean, safe, and secure.
This is the first time Ive experienced something like this, so Id also like to know more about the risks. Will any of the other devices on my home network be affected? Could the malware have taken any personal information from my computer or browser, or is it unlikely because its a spambot? Is there anything else I should know or do?
Also, how on Earth did all this happen? Where did the malware come from? I havent visited any suspicious websites lately. Is it at all possible that KMPlayer has anything to do with this? I havent downloaded or installed anything else this fortnight. Or is it at all possible that my port forwarding has anything to do with this? I've heard that it's a risk in itself.
Thank you in advance to anyone who can help!
Logs deleted per poster request. Queen-Evie
Edited by Queen-Evie, 19 August 2013 - 09:50 AM.