sysnetsecurity should be added to windows Defender's ignature list - should also be able to clean it out