Start-bitstransfer The Handle Is Invalid

[Laurene Arrison]

Theerror pops up when I trying to download any MSDN files in Microsoft Helper Viewer 2.3, please refer to the screen shot attached.Error: An error occurred while updating content: The handle is invalid.(Exception from HRESULT: 0X80070006(E_HANDLE))

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Like the title says, I have a malicious Hidden Network setup on my Windows. I have been trying everything I could think of, including a fresh windows install, which the malicious network survived. There were also mystery partitions on my drives that were not from me. Does anyone out there know how to defeat these hidden networks? I have been attempting to reset permissions with programs like Windows Repair All-in-One, from tweaking.com. I receive errors like -

"ERROR: Writing SD to failed with: The handle is invalid.

ERROR: Writing SD to failed with: The handle is invalid.

ERROR: Writing SD to failed with: The handle is invalid.

ERROR: Writing SD to failed with: The handle is invalid."

I am hoping someone on here has had direct experience with defeating these sort of malicious hidden networks, and how to prevent them from happening again. I have tried to get help on other 'malware removal' type forums, but the people I happened to be in touch with there didn't know how to defeat these sort of things either. I thank you all for reading this, and hope someone out there knows how to fix this.

How do you see the hidden network? A hidden network is not always malicious, it may very well be inert. When I single left click on my Wifi icon I can see several networks that are broadcasting within access of my Network adaptor (Wireless Card). As WiFi networks broadcast their Service Set Identifier (SSID) every 100 milliseconds or so to let other devices know of their presence, to connect you have to know the password, simple as that..

I`ve attached an image of networks broadcasting within reach of my wifi card, you will note one named as "hidden network" That is identified because the hidden attribute has not been turned on by the owner, that network has been given the name "Hidden network" by the owner, it could have been given any name, eg "come fin me" or "try to find me" or like mine "VM809959"

Regarding your partitions, i`ve attached a zip file "Preformat.zip" unzip that to your Desktop so you have a folder named "preformat" inside that folder is a file named "Preformat.vbs" Double click on that file, it will run and create a file named "Preformat.txt" within the folder, attach that to your reply...

Hello. I have attached the requested logs. I see it in my wifi list yes the same as you linked. However where I live, I can tell it is from my system because the hidden network, and my network are the only ones with full bars. I will try to explain further as to why I think this. In doing some resets I see things like this log below, where it shows my normal network, then below it nameless resets and a denied reset. I suspect that could be evidence of the hidden network. Also in my logs you will see a second administrator account, and multiple guest ones. This led me to suspect malicious actors could have possibly accessed my system remotely though a 'log in as' type thing. Another thing I am not sure is a problem is that under my Windows Exploit Protection, there is multiple entires in the 'allow' category. I have not made those entires so I am not sure if they are just default windows entires. I suspected, if this is malicious, it came from a pirate software some 6 months ago. This was before doing a fresh windows install, and I have not used any questionable software at all since that time. Or potentially from clicking bad phishing links on a chat program called Discord. My google password was phished from Discord, but I believe to have changed all passwords and there does not seem to be a problem with that anymore. But there was a period of time where malicious actors DID have my passwords, and had access to my microsoft account that is tied to this system.

The partitions listed on your system are all legitimate. There is no Hidden network on your system, what you see listed is a network that your system identifies, full bars only mean the signal is strong, nothing sinister... My own system picks up 15 networks, these are from neighbours routers broadcasting their SSID`s signal strength or number of bars is down to proximity, the closer the broadcast the stronger the signal..

I have performed the the tasks, and included the logs. There were several detections on that Microsoft scan. Another thing I feel I should mention is, you said it was going to clear my edge cache and such. I ran the fix then notice all of accounts are still logged in on the browser, the log says nothing edge was cleared for some reason, and there is still massive edge cache visible through ccleaner. I have included a screenshot of the cache. Thank you!

Your other query can be confusing when different applications contradict each other. When a file is removed from your hard drive it is not really removed, all that happens is the space where the file shows is opened so that space can be reused... Consider your hard drive to be a massive filing cabinet with thousands of very small boxes. When a file is created it is placed in a box and the lid is closed, that keeps the file safe. Each box has an address, sometimes called a pointer, windows uses those to access the files.

When any of those files are removed the box is opened and the pointer removed, that means that box can be reused when a new file is written. In this case FRST has made all identified spaces available to be reused. However, as we now know the space still contains the original file but it can now be overwritten. A different application (CCleaner) just shows the file as present, it does not let you know the space can be overwritten. Does that help..?

When I originally ran the MSERT, it showed that it had found 4 infections, not just the 1 for windows defenderthat was in the log. I decided to rerun the program, and sure enough it detected 4 infected files, yet they are somehow hidden when the scan finishes saying it found nothing. These 2 screenshots were taken 1 minute apart, during the scan, then after the scan. I would think this should not happen, and that if windows own scanner you provided is showing that there are still 4 infected files, then there has to still be an infection. How can this be, and how can we make it so there are zero infected files in my Windows? The scanner contradicts its own log, which also says it found nothing. Have you ever seen this exact thing happen before, where the log will show nothing, yet the scanner has detected 4 infected files?

During the scan files or general data are found showing possible malicious signatures, that gives cause for panic during the scan. Near the end of the scan Microsoft scanners all perform what is known as a MAPS (Microsoft Active Protection Service) request. Samples are uploaded to the the Microsoft cloud servers in order to have their initial findings checked out, confirmation on these findings will confirm either malware, false positives or inactive fragments. If malware is not confirmed then the scan returns a clean bill of health, and rightly so...

My latest update is that I did a reinstall repair for windows. Now I am running a rootkitscan and it is detecting MANY viruses in my old Windows installation. What do we do now, and how do we know those same files were not installed onto my new installation as well?

Those files are not malicious per se, they are genuine files related to Microsoft.Net framwork. However, as they are listed in the Windows.old folder and not the normal C:\Windows folder Malwarebytes has flagged them as malicious...

Well every time I reboot and run sfcscan, it finds corrupted files. Every time it repairs them, until my next reboot. Even after the repair reinstall this is still happening so I dont know what to think now.

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

That worked good with no problems. Its hard to explain, but the pc does seem to be behaving correctly now, other than that first sfc scan i did after the repair which did a repair, this time it did not. my edge cache clears properly now through the browser. whether i was really infected or not, i think i have accepted now that things are most likely better. people on that other forum said those detections were false positives. i still feel like perhaps those files were doing something to my browser, which is not working better too.

I reran that last fix just to make sure there was nothing on sfcscan again, and it was fine. i am thinking the problems are fixed for the most part for now. thanks for being patient dealing with me. i do feel safer about my pc now.

hey real quick, sorry for keeping this one going now. are these errors i get when trying to reset permissions malicious, and do you have any idea how to fix them? I just tried to reset again and get same errors. Figured I may as well check on last time here before going away.

The handle is invalid. (Exception from HRESULT: 0x80070006 (E_HANDLE))

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

3a8082e126