Fairly certain there's an active cracker in my system, with either a backdoor slipped somewhere inside or mirroring my machine. Which, of course, is an uncomfortable situation.
Why do I think this?
(1) My hosts file changes every few days, adding addresses for security software updates. I keep a clean backup on a thumbdrive, manually replacing it in what is probably a futile manner every once in a while to update from safemode w/ networking.
(2) A folder, composed of about 40 chinese Kanji characters, sometimes appears in my Recent Folders list. I'm not chinese, I've never installed anything in any of the Chinese languages, and 3 different Mandarin-speaking friends say that the writing makes no sense to them. Also, given the list that it's on, this folder is clearly being used.
(3) On Mar 11, a shadow of a dialogue box got stuck on my taskbar, where one of the context options was "Download as hidden file". I cannot think of a clearer indication of [covert] infiltration. The box, stuck as it was, disappeared in segments upon mouse-over after reactivating the objects that are normally on the layer atop of the box. Screenshot of the half-present box inserted into message
(4) I am the only person who uses this computer, and no chinese-speaking friends have ever used it, much less created folder-producing programs on it. I speak only English and Italian.
Currently using ESET suite, Spybot S&D, Ad-Aware, CCleaner for registry and filewipes, Security TaskManager, and perhaps some others I am forgetting. Those are the most relevant. I attempted to install ZoneAlarm after AVG and MS Security Essentials both failed to detect a bitcoin mining attempt (3-ish months ago), but it had several errors which the ZA forum never responded to (2 months ago). I lacked any kind of real firewall other than Win7's built-in garbage one for a while. Silly of me, but got caught up in work and school. Am studying and working abroad, living in a hostel, and need to check my email & social networks, can't go dark while fixing the problem. :\
I have run:
-- Spybot S&D
-- AVG Free Anti-Vir (prior to removal and change to ESET)
-- ESET Anti-Vir
Any thoughts / suggestions? Note that some of my assumptions (method of attack, type of attack, source of files & folders) could be, of course, wrong.
Below are the paths of some more folders that appeared in my Recent Folders list just today. There has never been more than 1 strange folder in that list at a time. I assume that the person has noticed my attempts, and has increased activity. Why they've not fixed the Recent Items thing, I am not sure.