Bitdefender blocking wscript.exe potentially malicious actions every 5 minutes on Windows 10
I'm getting these critical notifications every 5 minutes non-stop on Windows 10.
Application wscript.exe has been detected as potentially malicious and was blocked. Application path: C:\Windows\System32\wscript.exe Command line parameters: wscript.exe C:\Users\nicom\AppData\Roaming\h.vbs C:\Users\nicom\AppData\Roaming\2.bat //B Detection ID: ML:SuspiciousBehavior.E0BEB843199F21
Does anybody know if it could be harmful and what to do about it?
Thanks in advance!
Best Answer
-
I've apparently found a solution!
I went to the path where I previously tried to find the "h.vbs" file that was causing the issue (C:\Users\myuser\AppData\Roaming) and managed to display it by checking the following option in the view settings:
I've deleted it and the Bitdefender notifications have since stopped.
Just to be sure it wasn't a false positive from an important Windows file, I checked my other PC, with the same Windows version and Bitdefender version installed, and didn't find the file there.
Here's a document that defines the file as malicious, although it's in a different (but similar) location:
Content of h.vbs, in case I ever need to restore it:
If WScript.Arguments.Count >= 1 Then
ReDim arr(WScript.Arguments.Count-1)
For i = 0 To WScript.Arguments.Count-1
Arg = WScript.Arguments(i)
If InStr(Arg, " ") > 0 Then Arg = """" & Arg & """"
arr(i) = Arg
Next
RunCmd = Join(arr)
CreateObject("Wscript.Shell").Run RunCmd, 0, True
End If
Good luck and thanks for all of your insights!
Nicolas
1
Answers
-
Hello @Nicolas96
Based on your description of the situation encountered, I would recommend contacting the Technical Support Teams, as more information might be required to troubleshoot this. The engineers may request some logs from you.
You can get in touch with our engineers by choosing one of the contact methods available here:
https://www.bitdefender.com/consumer/support/
Stay safe.
Premium Security & Bitdefender Endpoint Security Tools user
0 -
Thank you very much for the response!
0 -
Hello there Nicolas 96 I think you should take this bit of advice into consideration If this is popping up I suggest running Bitdefender rescue environment Please use these following steps Go into Bitdefender then Antivirus Tab Then you should see Antivirus , Advanced threat protection , Online threat prevention , And Venerability's etc. Click the button under antivirus saying open you should see Rescue environment . This is a very advanced scanner that removes threats that couldn't be removed from your current environment and will eliminate any malware threats
I hope you take my Advice into consideration
Thanks NoriiSun1 :smile:2 -
The detection is basically a behaviour based/ machine learning and not signature based (that is created by malware researchers)
You can send the file to malware researchers for analyzing by visiting https://www.bitdefender.com/consumer/support/answer/29358/
Regards
Flex
(Bitdefender beta tester 2019/ 2020)
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1 -
I have the same problem too.
Every 5 minutes bitdefender detects this suspicious activity. However, I cannot find any of the indicated files (h.vbs and 2.bat)
0 -
Show hidden files
Windows 7 Windows 10 Windows 8.1
Here's how to display hidden files and folders.
Windows 10
- In the search box on the taskbar, type folder, and then select Show hidden files and folders from the search results.
- Under Advanced settings, select Show hidden files, folders, and drives, and then select OK.
Windows 8.1
- Swipe in from the right edge of the screen, then select Search (or if you're using a mouse, point to the upper-right corner of the screen, move the mouse pointer down, and then select Search).
- Type folder in the search box, then select Folder Options from the search results.
- Select the View tab.
- Under Advanced settings, select Show hidden files, folders, and drives, and then select OK.
Windows 7
- Select the Start button, then select Control Panel > Appearance and Personalization.
- Select Folder Options, then select the View tab.
- Under Advanced settings, select Show hidden files, folders, and drives, and then select OK.
1 -
Thanks for the insight NoriiSun1! I hadn't tried it before but sadly it wasn't able to find any issues.
Thanks again and I'll keep you posted,
Nicolas
0 -
You're the first person I come across with the same issue as me.
Any progress in solving yours?
Thanks for the response and I'll keep you posted!
Nicolas
0 -
So this has been an old problem with BD's antivirus blocking VBS files and never gets addressed until now.
If WScript.Arguments.Count >= 1 Then ReDim arr(WScript.Arguments.Count-1) For i = 0 To WScript.Arguments.Count-1 Arg = WScript.Arguments(i) If InStr(Arg, " ") > 0 Then Arg = """" & Arg & """" arr(i) = Arg Next RunCmd = Join(arr) CreateObject("Wscript.Shell").Run RunCmd, 0, True End If
This is obviously not malicious. 🤦♀️
0 -
@Alexandru_BD, @Mike_BD kindly check on this
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1