After inadvertently downloading malicious software from an unreliable source, my computer became heavily infected with a wide array of malware, including PUPs, PUMs, rootkits, and viruses. In response, I utilized Malwarebytes to eliminate 322 malicious entities and subsequently had to manually adjust certain registry keys to reactivate my security center. To further mitigate the damage, I reinstalled my Windows operating system, opting for the version that preserves personal data and files. This action enabled Windows Security to identify and remove several significant threats, such as Nemesis and Stealer, among others. Despite these efforts, the attackers attempted to compromise my various online accounts, including Instagram, Bybit, Phemex, banking, Google, and Microsoft, though these attempts were thwarted.
Currently, my computer's performance has improved significantly, yet suspicious activities persist. Comprehensive scans using Malwarebytes, Windows Defender, AdwCleaner, and Farbar Recovery Scan Tool have yielded no further detections. However, I've observed questionable behavior from certain processes, including svcHost, regasm, a Java node, and wscript.exe, which persistently run in the background and automatically restart upon termination. Despite these processes being located in their legitimate directories and bearing valid signatures, Malwarebytes continues to block svcHost from making outbound connections to the IP address 51.15.116.168. Even after establishing a custom rule to block this connection, the attempts persist.
Given these circumstances, I am seeking guidance on how to address the ongoing suspicious activity and ensure the complete eradication of any remaining malware threats from my system.