threatpost[.]com/windows-bits-notification-feature-used-to-deliver-malware/118555/
secureworks[.]com/blog/malware-lingers-with-bits
The issue concerns the Widows Background Intelligent Transfer Service (BITS), which can have recurring jobs or tasks, which run at a high level of privilege without safeguards because BITS is part of Windows, & used for stuff like Windows Update. The way it works, is that when malware infects a copy of Windows, it can set up BITS jobs to download malware & re-infect that same copy of Windows.
So your security software does it's job, you remove the threat, but undetected behind the scenes activity continues.
To see what BITS jobs are set up, start with a Command Prompt running as admin -- in 10 [& I *think* 8] right click the Start Button -- in 7 type CMD in the Start Menu Search Box, right clicking cmd.exe in the results, then Run as Admin. Copy/paste
bitsadmin /list /allusers /verbose at the prompt, & press Enter. The 2nd link above gives examples, but at the beginning of each job you should be able to see something about what web site that job contacts.