Bitdefender blocking wscript.exe potentially malicious actions every 5 minutes on Windows 10

I'm getting these critical notifications every 5 minutes non-stop on Windows 10.

Application wscript.exe has been detected as potentially malicious and was blocked. Application path: C:\Windows\System32\wscript.exe Command line parameters: wscript.exe C:\Users\nicom\AppData\Roaming\h.vbs C:\Users\nicom\AppData\Roaming\2.bat //B Detection ID: ML:SuspiciousBehavior.E0BEB843199F21

Does anybody know if it could be harmful and what to do about it?

Thanks in advance!


Best Answer

  • Nicolas96
    Answer ✓

    I've apparently found a solution!

    I went to the path where I previously tried to find the "h.vbs" file that was causing the issue (C:\Users\myuser\AppData\Roaming) and managed to display it by checking the following option in the view settings:


    I've deleted it and the Bitdefender notifications have since stopped.

    Just to be sure it wasn't a false positive from an important Windows file, I checked my other PC, with the same Windows version and Bitdefender version installed, and didn't find the file there.


    Here's a document that defines the file as malicious, although it's in a different (but similar) location:


    Content of h.vbs, in case I ever need to restore it:

    If WScript.Arguments.Count >= 1 Then

      ReDim arr(WScript.Arguments.Count-1)

      For i = 0 To WScript.Arguments.Count-1

        Arg = WScript.Arguments(i)

        If InStr(Arg, " ") > 0 Then Arg = """" & Arg & """"

       arr(i) = Arg

      Next


      RunCmd = Join(arr)

      CreateObject("Wscript.Shell").Run RunCmd, 0, True

    End If


    Good luck and thanks for all of your insights!

    Nicolas

Answers

  • Hello @Nicolas96

    Based on your description of the situation encountered, I would recommend contacting the Technical Support Teams, as more information might be required to troubleshoot this. The engineers may request some logs from you.

    You can get in touch with our engineers by choosing one of the contact methods available here:

    https://www.bitdefender.com/consumer/support/

    Stay safe.

    Premium Security & Bitdefender Endpoint Security Tools user

  • Thank you very much for the response!

  • Hello there Nicolas 96 I think you should take this bit of advice into consideration If this is popping up I suggest running Bitdefender rescue environment Please use these following steps Go into Bitdefender then Antivirus Tab Then you should see Antivirus , Advanced threat protection , Online threat prevention , And Venerability's etc. Click the button under antivirus saying open you should see Rescue environment . This is a very advanced scanner that removes threats that couldn't be removed from your current environment and will eliminate any malware threats

    I hope you take my Advice into consideration

    Thanks NoriiSun1 :smile:
  • The detection is basically a behaviour based/ machine learning and not signature based (that is created by malware researchers)

    You can send the file to malware researchers for analyzing by visiting https://www.bitdefender.com/consumer/support/answer/29358/

    Regards

    Flex

    (Bitdefender beta tester 2019/ 2020)

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • I have the same problem too.

    Every 5 minutes bitdefender detects this suspicious activity. However, I cannot find any of the indicated files (h.vbs and 2.bat)

  • Show hidden files

    Windows 7 Windows 10 Windows 8.1

    Here's how to display hidden files and folders.

    Windows 10 

    1. In the search box on the taskbar, type folder, and then select Show hidden files and folders from the search results.
    2. Under Advanced settings, select Show hidden files, folders, and drives, and then select OK.

    Windows 8.1 

    1. Swipe in from the right edge of the screen, then select Search (or if you're using a mouse, point to the upper-right corner of the screen, move the mouse pointer down, and then select Search).
    2. Type folder in the search box, then select Folder Options from the search results.
    3. Select the View tab.
    4. Under Advanced settings, select Show hidden files, folders, and drives, and then select OK.

    Windows 7 

    1. Select the Start button, then select Control Panel > Appearance and Personalization.
    2. Select Folder Options, then select the View tab.
    3. Under Advanced settings, select Show hidden files, folders, and drives, and then select OK.


  • Thanks for the insight NoriiSun1! I hadn't tried it before but sadly it wasn't able to find any issues.

    Thanks again and I'll keep you posted,

    Nicolas

  • You're the first person I come across with the same issue as me.

    Any progress in solving yours?

    Thanks for the response and I'll keep you posted!

    Nicolas

  • remember_username
    edited November 2023

    So this has been an old problem with BD's antivirus blocking VBS files and never gets addressed until now.

    If WScript.Arguments.Count >= 1 Then
      ReDim arr(WScript.Arguments.Count-1)
      For i = 0 To WScript.Arguments.Count-1
        Arg = WScript.Arguments(i)
        If InStr(Arg, " ") > 0 Then Arg = """" & Arg & """"
       arr(i) = Arg
      Next
    
      RunCmd = Join(arr)
      CreateObject("Wscript.Shell").Run RunCmd, 0, True
    End If
    

    This is obviously not malicious. 🤦‍♀️

  • Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)