Windows 10: Bitsadmin pops up randomly and immediately disappears. Solved

Page 3 of 11 FirstFirst 12345 ... LastLast
  1.    02 Jun 2016 #21

    OK, that gives you a clean queue - if it returns there may be an app. that's putting those in there and that app needs to be removed.

    Good luck.
      My ComputerSystem Spec

  2.    02 Jun 2016 #22

    Superfly said: View Post
    Hmmm .. looks like cloudfront.net is the issue... I'm not familiar with that but see if this helps.
    http://answers.microsoft.com/en-us/p...3b6b4e2?auth=1

    Note: you can get rid of the (non-Windows update downloads) by using :
    Get-BitsTransfer -AllUsers | Remove-BitsTransfer

    or this in command prompt:

    Code:
    @echo off
    net stop BITS
    ipconfig /flushdns
    del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr0.dat" 
    del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr1.dat" 
    net start BITS
    
    net stop wuauserv
    net start wuauserv
    Superfly said: View Post
    OK, that gives you a clean queue - if it returns there may be an app. that's putting those in there and that app needs to be removed.

    Good luck.
    Thanks @Superfly.
    @tkrisz0403 Cloudfront.net is part of AWS (Amazon Web Services), but has been used by the bad guys in the past. If the problem reappears, we'll need to perform some malware removal steps. Please leave the thread open for a few days to see if all is well. If not, post back and we will begin trouble-shooting. If all is good, you can mark the thread as solved.

    Cheers!
      My ComputerSystem Spec

  3.    02 Jun 2016 #23

    simrick said: View Post
    Thanks @Superfly.
    @tkrisz0403 Cloudfront.net is part of AWS (Amazon Web Services), but has been used by the bad guys in the past. If the problem reappears, we'll need to perform some malware removal steps. Please leave the thread open for a few days to see if all is well. If not, post back and we will begin trouble-shooting. If all is good, you can mark the thread as solved.

    Cheers!
    You're welcome budette, as you say, we won't know if that is in fact the cause until @tkrisz0403 reports back how things go - hopefully it's not malware and merely a once-off glitch with AWS.
      My ComputerSystem Spec

  4.    02 Jun 2016 #24

    Thanks guys, I'll let you know the result but have not popped up, yet.
      My ComputerSystem Spec

  5.    02 Jun 2016 #25

    tkrisz0403 said: View Post
    Thanks guys, I'll let you know the result but have not popped up, yet.
    You're welcome... glad we have made some progress - Holding thumbs, buddy!

    After a couple of days run the powershell command again, even if just to check what's happening in the background.

    @Hydranix - nice idea - but I think BitsAdmin will always have cmd.exe as parent - maybe the bits service itself may have a calling property... something we could look into.
      My ComputerSystem Spec

  6.    04 Jun 2016 #26

    Superfly said: View Post
    You're welcome... glad we have made some progress - Holding thumbs, buddy!

    After a couple of days run the powershell command again, even if just to check what's happening in the background.

    @Hydranix - nice idea - but I think BitsAdmin will always have cmd.exe as parent - maybe the bits service itself may have a calling property... something we could look into.
    No, not always. Good call on that powershell command by the way.

    Run bitsadmin.exe from the start menu and you'll see the parent is explorer.exe. Same goes for CreateProcess(), the parent being the process which called the function (which is what I was hoping for). The fact that a shell was invoked, then bitsadmin.exe was executed in the context of that shell makes me think that maybe the function system() (or similar) was used to execute bitsadmin. It would make sense as you cannot hide the command prompt when using system(), and the only software bad enough to use it would be malware. It could also be a script or something similar.

    I do know that nothing in Windows 10 or even from Microsoft would be calling bitsadmin.exe for any reason, especially since it's deprecation. Those links that the powershell command returned look dubious as well.


    tkrisz0403, I'd recommend that you don't put any personal/financial information through this computer until you're certain it's safe to do so.
      My ComputerSystem Spec

  7.    04 Jun 2016 #27

    tkrisz0403 said: View Post
    Thanks guys, I'll let you know the result but have not popped up, yet.
    If you want to check for malware, let's do this:

    Download and run ADWCleaner. Do the scan, save the log and post it here. Do not "clean" until we have evaluated the log. The log can be found at C:\Adwcleaner.
    Once we've reviewed the log, we will determine if everything it flagged should be cleaned, or if some are FPs (false positives).

    If we find problems, we may then want to run an ESET Online Scan.
    Detailed instructions on how to run and manipulate the ESET scan can be found in this thread:
    BSOD after boot up, during login or right after, (bad spool header?) Solved - Page 3 - Windows 7 Help Forums

    .
      My ComputerSystem Spec

  8.    05 Jun 2016 #28

    Hi guys,


    Bitsadmin did not pop up since I used @Superfly code. I just run a PowerShell command again, and I also attached the ADWCleaner log screenshot.


    Let me know your thoughts Thanks
    Attached Thumbnails Attached Thumbnails log.jpg   powershell.jpg  
      My ComputerSystem Spec

  9.    05 Jun 2016 #29

    Hi.
    Read about Hola.org here:
    Adios, Hola! - Why you should immediately uninstall Hola

    And here:
    Hola Review

    What is very interesting about the service is that it works like a P2P mesh network, meaning that one user can tunnel his browsing traffic through other user’s network. The advantage of this feature is that users can benefit from many country locations, including small countries where data centers aren’t common. The problem is that if you are a peer, you may get into trouble if other users tunneling the connection through your PC are into illegal activities like hacking or accessing illegal web content.....We discovered that a proxy connection was established mostly on port 22222 and all traffic was in clear-text.
    Read about Pokki here:
    C’mon Lenovo. Superfish hooked, but Pokki Start Menu still roaming free • The Register

    Reimage is another problem:
    http://answers.microsoft.com/en-us/p...9-c5075a454441

    Conduit is considered a browser hijacker.

    I think everything ADWCleaner found is good to get rid of. You could create a restore point before "cleaning", but I'm pretty sure you need to get rid of everything it found.

    Might want to go ahead and run the ESET Online Scan. It will take quite a while. Be sure to post that log as well. Thanks.
    Last edited by simrick; 2 Weeks Ago at 20:35.
      My ComputerSystem Spec

  10.    05 Jun 2016 #30

    ADWCleaner deleted all unwanted files, and it didn't find any other file second time. I run full Kaspersky Total Security and it didn't find any infected data. I also ran ESET Online Scan as you mentioned and it found four infected files after one and a half hours. Unfortunately, then it stopped at 99 percent as the attached image shows then Windows asked me to close the program as did not respond. I run the scan again but the same result at the end, however, I saw that ESET marked CCleaner installation file as an infected file. What can I do now?
    Click image for larger version. 

Name:	eset.png 
Views:	194 
Size:	90.4 KB 
ID:	83557Click image for larger version. 

Name:	eseterror.png 
Views:	193 
Size:	92.1 KB 
ID:	83558
      My ComputerSystem Spec


 
Page 3 of 11 FirstFirst 12345 ... LastLast

Related Threads
Bitsadmin pops up randomly and immediately disappears. in AntiVirus, Firewalls and System Security
During the day a cmd window will pop up and immediately disappear without warning, kicking me out of fullscreen applications and being a general annoyance. I suspect something more sinister but Windows Defender, Malwarebytes and SuperAntiSpyware...
Edge appears when I click on it--or something does--then immediately disappears. Is there a way to reinstall it? or correct this behavior? I recently had huge problems with setting permissions and to solve them I restored to an earlier restore...
Hi there connecting a bog standard laptop (display res 768 X 1366) to a second monitor and setting that as the primary display (HD 1920 X 1080) the bottom taskbar randomly disappears or becomes non functional. The strange thing is that if I...
Calculator pops up every second in Software and Apps
Calculator pops up every second. Can not stop it only by shutting down my pc. How can I resolve this or how do I delete calculator? Thnx! Ron
Solved Pops and clicks when using MPC-HC in Software and Apps
Please delete
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 10:14.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums