Alright fine, how do i contact a forum moderator? And considering that i have the premium version of malwarebytes, is there another alternative? Im still receiving those svchosts attacks every hour from the same ip which i determined it to be from Russia. The IP is 46.161.27.30. I want to upload logs but id rather it be private. The logs I think might reveal personal information files as well as my families, so i'd really want to know how to continue with this. Other than the constant daily blocked IP address from malwarebytes, the computer seems to be running normal. Meaning, no slowdowns, odd cpu usages, or denial of access of programs. But the disturbing thing i found in one of the scans from adwcleaner a few days ago was "trojan.stolendata".
I've uninstalled all software that has been installed when the blocked IP addresses started to happen. It used to happen very sporadically, once a week, a month. But now its happening daily and hourly and i'd like to see this issue resolved, and i have not seen a response from anyone. Ive scanned with several software in safe mode, disconnected from the internet, reset my DNS using DNSJumper. Although, when I turned on my computer this afternoon, it was fine for 3 hours, and then it started coming back up again. The only program i havent used "only for scanning but not fixing" was FarBar recovery scanner. Since i'm not an expert i'd figure its best if I have someone from here that privately examines my logs and prepares a fixlist for me to use. It spotted a few attention with arrows pointed like so,
"GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-2947177259-2993387893-2168207468-1011\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-2947177259-2993387893-2168207468-1007\User: Restriction <==== ATTENTION"
==================== Restore Points =========================
"ATTENTION: System Restore is disabled" (that was done by me).
P.S.
A couple days ago, malwarebytes mysteriously had disabled website protection and was no longer in the taskbar. Although it was still able to run, but it would close completely off instead of closing to the background" That issue has been resolved so far, though im not sure if it has to do with the potential malware or if it was simply a bug with the updates since i noticed others had the same experience around the same time it happened to me. Nonetheless, as soon as the Protection was reported disabled, i instantly resetted the computer and immediately disconnected the internet and booted into safe mode. Thats when I had uninstalled all the programs dating back almost a month ago when the attacks started to occur and rescanned, deep scanned and tried to reset some settings including firewall and modem.
After doing all that, when I had nervously started the computer back in default normal mode, everything seemed fine. I was almost about to break out the champagne until 3 hours in the attacks from the same ip happened again. This is seriously pissing me off and worrying me.
I also heard a couple days ago that an FBI reported attacks from Russia that are infecting malware in routers/modems via a malicious malware known as "VPN Filter" and advised people to reset their modems, and i've done that 3 times already.
Despite all this, im willing to restart from scratch and do the process all over again with a fresh start, but this time from an expert, but I dont want my files to be accessed publicly. Maybe i'm being too overly paranoid but in this dark digital information age, you can never be too careful anymore, especially with cybercriminals running amok.