Leading up to this event I noticed strange activity on my laptop. This was confirmed when the hacker edited one of messages as I was typing out an email.
Some very downright unsavoury and nasty threats have been made against me and I will be bringing this to the attention of local authorities and it has already been reported to my ISP who have issued a new IP and they are currently investigating. The more proof I have the better.
Windows 7 Home Premium OEM 64bit.
Comodo Firewall and AV
The machine is connected via LAN, though the router does have wirless enabled which I suspect is the point they are gaining access. Only one user on the network is reliant on it and I'll soon be swtiching them over to LAN to disable it entirely. I suspect the culprits are local to me.
After seeing a message edited in front my own eyes my first instinct was to nuke the installation by restoring a clean system image, I did not reformat which was probably a mistake and the irregual activity has persisted after restoring a clean system image. I have seen further edits of search queries when browswing online.
I generally go through my system upon each fresh install and disable most options such as remote desktop services upnp services etc but this did not deter them.
I have run a few rootkit detection tools such as TDSS killer and Malware bytes but they've all turned up nothing, I just ran rogue killer which turned up two PUM.Startmenu registry potential threats.
I suspect a number of machines on the network have been targeted if I can fix one I can address the other machines and shut them out. I would greatly appreciate some assistance removing this intruder from this machine and i'll follow up on the others myself.
Other strange behaviour that I have noticed is ARP traffic in my firewall logs being blocked originating from and going to the same IP address on my network?
As i'm new I can't add a screen shot.
Edited by SambaDelDublinho, 10 April 2018 - 07:00 AM.