Daily BITS popup window after restoring WMI won't go away

Sarah91

Honorable
Dec 22, 2013
4
0
10,510
After System Mechanic decided to corrupt my WMI, I had to rebuild it with some online program. Ever since, however, I get a daily, usually right after booting up, Command Prompt-window, that downloads some mysterious numbers.exe files - a new one each time. None of them can be googled. Sometimes my Avast! Antivirus informs me it has quarantined an at least similar .exe file afterwards.

Screendump: https://imgur.com/a/T5NI4

I can't find the cause for this! I've scanned with Avast, Malwarebyte's and adwcleaner, where the former comes up short while the other two usually picks up PUP and FileTour files but nothing seems to remedy the issue.

Has anyone ever experienced something similar?

Edit - Updated the title in light of recent events

Thanks in advance.
 

Avast-Team

Estimable
Mar 3, 2017
225
1
5,165
It sounds like whatever this malware is, it's re-populating itself. I'd recommend setting up a USB/boot disk with an Avast boot-time scan, pull the computer from the Internet, and scan on boot (at least once) https://support.avast.com/en-us/article/132

Hopefully, this will quarantine the threat once and for all -- it sounds like these are being detected, but that there may be another process happening somewhere that is re-populating it. Do you have Avast running actively (e.g. with real-time behavioral detection, Behavior Shield) or are you just doing on-demand scans?
 

Sarah91

Honorable
Dec 22, 2013
4
0
10,510
Thank you for contributing.

All my Avast shields are on, thankfully.

I did try boot time scans, though not, being too lazy, from a usb, two times - one without net access and one without. It didn't work and once I reconnected to the network, the window appeared. I promise I'll try the usb version now though.


 

Sarah91

Honorable
Dec 22, 2013
4
0
10,510
Update: Something failed today and thus I believe I located the culprit. I can't find other cases of this liflingren on my computer though - making manual removal somewhat uphill. Perhaps Avast has some ideas? :)

gotcha
OygXBOc.png
 

Sarah91

Honorable
Dec 22, 2013
4
0
10,510
Update 2: Just before the download window appears, there's a lightning fast first one. Today I managed to catch it!

iep0jXP.png


Sooo... how can I make this one go away. Is there a better BITS-service out there?