ericpc
asked on
Junk files dupilicate it self after been deleted
Hi all,
I've got a wired problem with my windows xp laptop. I found a lot of junk files in the c:\windows\download installation\ directory, stuff like birtney.exe or porn.exe. After I searched the file name I found 7 other directory contain the same content. So I delete all of them from each directory, but just this one directory c:\windows\pchealth\, the file will come back again immediately after I delete them which drive me crazy, any idea?
Thanks heaps
Yours Eric
I've got a wired problem with my windows xp laptop. I found a lot of junk files in the c:\windows\download installation\ directory, stuff like birtney.exe or porn.exe. After I searched the file name I found 7 other directory contain the same content. So I delete all of them from each directory, but just this one directory c:\windows\pchealth\, the file will come back again immediately after I delete them which drive me crazy, any idea?
Thanks heaps
Yours Eric
Hi ericpc,
Could also be very likely a virus that spreads through a file sharing network or tries to spread through shared folders.
Do an online virusscan like http://housecall.antivirus.com
Greetings,
LucF
Could also be very likely a virus that spreads through a file sharing network or tries to spread through shared folders.
Do an online virusscan like http://housecall.antivirus.com
Greetings,
LucF
Sounds like the system restore may be restoring these files after you delete them. Try turning off System Restore and then finding and deleting all those files again. Then you can turn System Restore back on again. Turning System Restore off will remove the old restore points that will have included these files.
"...the file will come back again immediately after I delete them..." -- I didn't catch the immediately in there. Sounds more like a Windows File Protection deal or, as parkerig and LucF said a hijacker or virus. By all means do the scanning and cleaning of anything that's found -- but turn off System Restore first to be sure.
It looks like an addware... Just remove those clients using addaware software...
Download it and run it...
http://www.addaware.com
Cyber
Download it and run it...
http://www.addaware.com
Cyber
Wait... there is even a better software:
http://www.webattack.com/get/adaware.html
Get this one...
Cyber
http://www.webattack.com/get/adaware.html
Get this one...
Cyber
ASKER
I tried adware and spybot, no luck.
When I say ""...the file will come back again immediately after I delete them..." it means when I deleting them in one folder you can actually see them create themself again in the same folder.
When I say ""...the file will come back again immediately after I delete them..." it means when I deleting them in one folder you can actually see them create themself again in the same folder.
Hi,
I have had a similiar problem and the EE replies I got are on the following URL
https://www.experts-exchange.com/questions/21067201/Disable-File-Restore-Files-Keep-Restoring-Auto-Restore-Windows-2000.html
Cheers
Ian
I have had a similiar problem and the EE replies I got are on the following URL
https://www.experts-exchange.com/questions/21067201/Disable-File-Restore-Files-Keep-Restoring-Auto-Restore-Windows-2000.html
Cheers
Ian
ASKER
Thing's are getting worse guys.
All the junk files are coming back again, too the eight of the different directories.
Most of the file are stuff like "britney spears blow job.jpg.exe", "harry_potter.exe".
There is one directory looks pretty wired, "windows\PCHEALTH\Upload\" ,
it has all the junk files and also contain two folders, "Binaries" and " "Config". Inside "Binaries" it has all the junk files again, the interesting thing is, after I delete all the files in "Binaries", it create a file called "uploadm.exe".
I disabled the system restore, and I ran Norton Antivirus 2004 full system scan doesn't find anything.
Help please
EC
All the junk files are coming back again, too the eight of the different directories.
Most of the file are stuff like "britney spears blow job.jpg.exe", "harry_potter.exe".
There is one directory looks pretty wired, "windows\PCHEALTH\Upload\"
it has all the junk files and also contain two folders, "Binaries" and " "Config". Inside "Binaries" it has all the junk files again, the interesting thing is, after I delete all the files in "Binaries", it create a file called "uploadm.exe".
I disabled the system restore, and I ran Norton Antivirus 2004 full system scan doesn't find anything.
Help please
EC
I see a lot of virusses etc using those kind of names, it looks like your computer has been compromized by a trojan not yet detected by the antivirus programs.
So what I suggest you to do, get yourself Hijackthis:
http://aumha.org/downloads/hijackthis.exe
Put it in it's own folder, not on the desktop or any temporary folder, something like "c:\hjt\hijackthis.exe" will do fine.
Run it, accept the first warning message (read it though so you know what hijackthis does)
Click "Scan" and then "Save log"
Post all the contents of the logfile here, including the headers etc. (if you're on a domain please edit out the domainname)
LucF
So what I suggest you to do, get yourself Hijackthis:
http://aumha.org/downloads/hijackthis.exe
Put it in it's own folder, not on the desktop or any temporary folder, something like "c:\hjt\hijackthis.exe" will do fine.
Run it, accept the first warning message (read it though so you know what hijackthis does)
Click "Scan" and then "Save log"
Post all the contents of the logfile here, including the headers etc. (if you're on a domain please edit out the domainname)
LucF
If possible boot from an antivirus CD or floppy and do a virus check from there.
Then boot into safemode
( run msconfig and choose boot tab and safemode ) or F8 on startup
Let us know how that goes
Ian
Then boot into safemode
( run msconfig and choose boot tab and safemode ) or F8 on startup
Let us know how that goes
Ian
Oops forgot to say do another virus check and spyware check - in safe mode
Ian
Ian
Another post on various options
https://www.experts-exchange.com/questions/20995679/Recurring-virus-XP-pro.html?
MAKE SURE IF YOU ARE ON A NETWORK YOU DISCONNECT.
You maybe being "infected" by another machine ( internet or LAN or WAN etc )
Ian
https://www.experts-exchange.com/questions/20995679/Recurring-virus-XP-pro.html?
MAKE SURE IF YOU ARE ON A NETWORK YOU DISCONNECT.
You maybe being "infected" by another machine ( internet or LAN or WAN etc )
Ian
ASKER
Here is the logfile guys
Logfile of HijackThis v1.98.2
Scan saved at 4:55:35 PM, on 17/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCE S.EXE
C:\WINDOWS\system32\LEXPPS .EXE
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\System32\Ati2ev xx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\cisvc. exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~1\SPEED D~1\nopdb. exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex e
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atipta xx.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\yacpow er.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHn d.exe
C:\program files\Telstra\Signup\tbpt. exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\System32\wuaucl t.exe
C:\Program Files\Common Files\Real\Update_OB\reals ched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon .exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Nikon\NkView4\NkVwMo n.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
C:\hjt\hijackthis.exe
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://ninemsn.com.au/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH elper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-2 98DDF1699E 1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt .dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - c:\program files\google\googletoolbar 2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\System32\msdxm. ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A 37C9A5676A 7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt .dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\program files\google\googletoolbar 2.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [YAMAHA AC-XG Power Utility] yacpower.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHn d.exe
O4 - HKLM\..\Run: [{F7D90BD2-14A9-11d3-AD9E- 00AA0064EC 94}] C:\program files\Telstra\Signup\tbpt. exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINDOWS\FVProtect.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals ched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe " /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???????\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon .exe
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Norton Disk Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMo n.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar 2.dll/cmse arch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar 2.dll/cmba cklinks.ht ml
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar 2.dll/cmca che.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar 2.dll/cmsi milar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar 2.dll/cmtr ans.html
O9 - Extra button: Telstra Usage Meter - {D4D7BC9D-5707-4494-B2F6-B 362DB15866 4} - C:\Program Files\Telstra Usage Meter\UsgeMetr.htm
O9 - Extra 'Tools' menuitem: Telstra Usage Meter - {D4D7BC9D-5707-4494-B2F6-B 362DB15866 4} - C:\Program Files\Telstra Usage Meter\UsgeMetr.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.d ll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox. dll
O16 - DPF: {41F17733-B041-4099-A042-B 518BB6A408 C} - http://a1540.g.akamai.net/7/1540/52/20020124/qtinstall.info.apple.com/qt505/uk/win/QuickTimeInstaller.exe
O17 - HKLM\System\CS1\Services\T cpip\Param eters: SearchList = mbau.mercedes-benz.com,vic .bigpond.n et.au
O17 - HKLM\System\CS1\Services\V xD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\T cpip\Param eters: SearchList = mbau.mercedes-benz.com,vic .bigpond.n et.au
O17 - HKLM\System\CS2\Services\V xD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\V xD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\T cpip\Param eters: SearchList = mbau.mercedes-benz.com,vic .bigpond.n et.au
Logfile of HijackThis v1.98.2
Scan saved at 4:55:35 PM, on 17/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCE
C:\WINDOWS\system32\LEXPPS
C:\WINDOWS\system32\spools
C:\WINDOWS\System32\Ati2ev
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\cisvc.
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~1\SPEED
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atipta
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\yacpow
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHn
C:\program files\Telstra\Signup\tbpt.
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\System32\wuaucl
C:\Program Files\Common Files\Real\Update_OB\reals
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Nikon\NkView4\NkVwMo
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
C:\hjt\hijackthis.exe
R0 - HKCU\Software\Microsoft\In
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-2
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [YAMAHA AC-XG Power Utility] yacpower.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHn
O4 - HKLM\..\Run: [{F7D90BD2-14A9-11d3-AD9E-
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINDOWS\FVProtect.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???????\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Norton Disk Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMo
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar
O9 - Extra button: Telstra Usage Meter - {D4D7BC9D-5707-4494-B2F6-B
O9 - Extra 'Tools' menuitem: Telstra Usage Meter - {D4D7BC9D-5707-4494-B2F6-B
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-0
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.d
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O16 - DPF: {41F17733-B041-4099-A042-B
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CS1\Services\V
O17 - HKLM\System\CS2\Services\T
O17 - HKLM\System\CS2\Services\V
O17 - HKLM\System\CCS\Services\V
O17 - HKLM\System\CCS\Services\T
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Removal tool from Symantec:
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky@mm.removal.tool.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky@mm.removal.tool.html
ASKER
Hi Lucf,
Problem fixed, you are the real champion, thanks heaps.
I just don't understand why those sick people develope this kind of trouble.
Yours EC
Problem fixed, you are the real champion, thanks heaps.
I just don't understand why those sick people develope this kind of trouble.
Yours EC
Glad to help :)
>>I just don't understand why those sick people develope this kind of trouble.<<
Neither do I, but this one was made by someone that hates the creator of the bagle worm. You can't find a better removal tool for the bagle worm than the Netsky worm :o)
Take care,
LucF
>>I just don't understand why those sick people develope this kind of trouble.<<
Neither do I, but this one was made by someone that hates the creator of the bagle worm. You can't find a better removal tool for the bagle worm than the Netsky worm :o)
Take care,
LucF
Best guess is youy have a virus or some malware.
There are many posts on this.
Here is just one of them.
https://www.experts-exchange.com/questions/20901427/strun-exe-spyware-virus-trojan.html?query=virus+spyware&topics=174
Cheers
Ian