Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Possible malicious program? BITS service using max bandwidth often

  • This topic is locked This topic is locked
1 reply to this topic

#1 mlp00


  • Members
  • 2 posts
  • Local time:03:36 PM

Posted 24 March 2014 - 05:23 PM



I'm running Windows 8.1 x64 so couldn't get a DDS log for this topic.


After receiving a large overage charge from my ISP I began closely monitoring my bandwidth usage.  After much diagnosing, it's been concluded that the Background Intelligent Transfer Service (BITS) is often times throughout the day connecting to various IP addresses within my ISP's subnet, i.e.,, and maxing out the WAN connection to my LAN IP address and downloading approx. 1 GB of data before disconnecting.  It would do this several times a day but I cannot determine what it could possibly be downloading so much data for.  I originally placed a rule on the firewall to block this traffic before determining the cause to be the BITS service and have since stopped this service.  I don't feel this should be necesssary.


Is it possible something malicious is utilizing this service to download large amounts of useless data?  I did run MBAM and it found:


C:\$Recycle.Bin\S-1-5-21-4181669693-3579785937-3997762063-1626\$R3PVWCT.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-4181669693-3579785937-3997762063-1626\$RA047A6.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\mlp\AppData\Local\Temp\bitool.dll (PUP.Optional.Somoto) -> No action taken.
C:\Users\mlp\AppData\Local\Temp\nse773E.tmp (PUP.Optional.Somoto) -> No action taken.
C:\Users\mlp\Local Settings\Temporary Internet Files\IE\54J3TUEN\BiTool[1].dll (PUP.Optional.Somoto) -> No action taken.
C:\Users\mlp\Local Settings\Temporary Internet Files\IE\54J3TUEN\setup[1].exe (PUP.Optional.Somoto) -> No action taken.


All of which I removed and future scans have resulted in nothing.


I scanned with TDSSKiller, RogueKiller, and AVG Free -- each of which had no results.


I tried quick scanning with aswMBR but it consistently crashes when it reaches service c2wts.



Thanks in advance

BC AdBot (Login to Remove)


#2 mlp00

  • Topic Starter

  • Members
  • 2 posts
  • Local time:03:36 PM

Posted 27 March 2014 - 04:11 PM

Please delete.  Case solved

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users