Hi there,
Just finished up re-setting my laptop after a complete wipe from a suspected hack / malicious activity and already I'm seeing unexplained network connectivity and transfers.
Details: Lenovo X1 Carbon - Gen 8 - Windows 10 Pro 19045. All Windows and Lenovo updates and firmware. Running ESET Smart Security Premium.
Whether I'm at home or at the office, I'm noticing unwanted connections coming from 20+ IP addresses.
From my office, I've had over 3000x attempt and attacks by 7 workstations, 2 phones, and 1 printer, through ports: 137, 138, 7680, 1900, and 5355. I noticed over 1GB of data transfer so far.
From Home, I'm getting similar attacks as well from the above mentioned ports.
Everything is going through masks uses of svchost.exe, spoolsv.exe, jhi_service.exe, msedge.exe. I believe they've manipulated ESET as well, because when I see the IP addresses and I try to right click it, I can't Deny the connection, it won't allow me too. I can't Deny the service of the file as well as it's greyed out.
My browser also had the Green Border missing earlier this afternoon.
I don't believe there's any Malware on the system itself as I didn't click on anything or install anything unwanted or questionable as it's a brand new setup.
I have also been going through this for the last 2 months. This is some sort of script or a really bored indivdual(s) using Windows exploits to get in.
How do I stop this? What can I do?
Thank you,