Jump to content

Seda145

Members
  • Content Count

    22
  • Joined

  • Last visited

Everything posted by Seda145

  1. I have a procmon log file, on which I'm browsing the internet using firefox. Firefox creates a mozilla-temp-files folder in the TEMP, then Explorer.exe reads C:\Windows\System32\TaskFlowDataEngine.dll for some reason, then avgsvc (avg antivirus) creates the BCLTMP folder in TEMP. operations used on the BCLTMP folder include QueryNetworkOpenInformationFile , QueryRemoteProtocolInformation and many others. the .txt file included should be renamed to .PML Avast also creates the BCLTMP. I noticed a firewall rule in my custom software firewall about the BCLTMP folder months ago that I did not create. Looks like my data is send over the internet. Any attempts to look for it with Wireshark failed. Logfile - Copy.txt
  2. Alright, will try the articles and the software. I've used procmon in the past, which showed BCLTMP is made by explorer.exe, couldn't find another process creating it.
  3. deleted the previous BCLTMP folder, another one appeared again in TEMP, this time including a subfolder named Edge. It's empty. No idea where it could be coming from
  4. The folders that keep returning like BCLTMP are always in %TEMP%
  5. I have used the fix and rebooted. The BCLTMP folder has returned within hours. no tempaddons in the TEMP. *Edit* I noticed the folder returned each time after we did something to the browser. Normally it might have taken a day or a week before the folder would return.
  6. I removed Firefox and rebooted. There are still many traces of the firefox and (very old) chrome installation in the FRST files. I included the files of FRST. I took my laptop with me to the office today, which also created the BCLTMP and mentioned folders after connecting to their network . It might be a lot easier to make a FRST log on the laptop as it doesn't have much software installed on it and the device is new. Roguekiller found browser(malware) results on the laptop which doesn't show up(anymore) on the desktop. Addition.txt FRST.txt
  7. Everything is back, StructuredQuery.log, the tmpaddon files, empty mozilla-temp-files folder and BCLTMP. All in TEMP folder. BCLTMP contains a subfolder edge and firefox, with files places.sqlite and search.json.mozlz4 . They contain searches, visited urls and bookmarks in some kind of table format. I haven't installed any software since I reset my browsers (also no addons), and did not change any browser settings. I am certain this data could be used by malware to steal my identity, passwords or other data. I tried to log which process made the BCLTMP folder, it just shows explorer.exe , and I can't find out if it's being sent over the network at all. What can I do? My laptop got it by just connecting to the home network..
  8. tmpaddon-*.* files just appeared in TEMP on which "Date modified" shows 10 minutes ago, when they weren't there. included them in the message.. It has some readable data. I had to set the extension to .txt as it didn't have one. Files are the same size. *Edit* found out they are just data containers, without the .txt extension I could open them in 7Zip which shows multiple dll files (and more) like gmpopenh264.dll and widevinecdm.dll . these tmp files deleted themselves after 10 minutes, opposite to the usual tmp addon files that fill my TEMP folder. tmpaddon.txt tmpaddon-3d75b0.txt
  9. I remember I used Google Chrome for a while and didn't have Firefox installed, BCLTMP would still show up but had a Chrome subfolder. Sometimes it has a Edge subfolder too but I don't even use Edge. Then I uninstalled Chrome and started using Firefox but the problems remained. It feels like a Trojan that for some reason puts my readable browsers data in the TEMP
  10. when I reset internet explorer, I got a second StructuredQuery.log in TEMP. Then I reset Edge and Firefox, nothing new in the TEMP, only an empty folder called something like "mozilla-temp-files". BCLTMP hasn't returned yet, that one is created at random times it seems.
  11. The other file that keeps returning was created a day after the last BCLTMP creation around the same time. I added it to the message. StructuredQuery.log
  12. the search for BCLTMP returned the following files, added the log to this message. I can easily read the contents of them. Some of the files describe browser settings and temporary addons, which can often be found in TEMP with extension .xpi Search for StructuredQuery returned way too many files, not useful. Note, my laptop which creates the same strange files and folders didn't have any software installed and had no connection to my pc , only to my home network. Other laptops connected to my network show the same behaviour afterwards, which makes this a really strange case. Report BCLTMP search.txt
  13. I'm running a search inside of all files on the hard disk on words "BCLTMP" and "structuredQuery" with the tool AgentRansack (it searches inside of almost all file extensions with high speed and returns results without changing anything). Just to gather more info
  14. Interesting, the BCLTMP folder has already returned to TEMP including browser files (places.sqlite, search.json.mozlz4)
  15. Acronis VSS Doctor can't find it but does show errors in the log. AcronisVSSDoctorReport_2018-06-01-11-48-46.txt
  16. Hi Ron, Thanks for helping me. I used the FIX function and included a fixlog with the message. Some fixes have failed. Diskcheck has completed. I remember one other folder/file(StructuredQuery.log) that returns every time in the TEMP folder, just like BCLTMP. Should I add them to my reply when they do? When I get home I will run the Acronis VSS Doctor. Fixlog.txt
  17. Hello @AdvancedSetup I do need assistance with the problem. I haven't been able to find the cause of my devices creating this folder.
  18. Hey guys, I noticed a strange folder in my temp folder called BCLTMP containing subfolders with the names of my browsers. Inside of these folders are files that contain my saved favourites, visited urls and searches. After deletion of the BCLTMP folder it appears again after a while, sometimes after a day, a week or a month. After scanning my PC with all the tools I have (which didn't find much and didn't stop the folder appearing) I decided it might be normal.. Then I bought a new laptop which showed the same behavior within the same week I bought it. Nothing was installed on the laptop, no usb used, it had only been connected to my router. I have connected other laptops to my network in the past which showed the same behavior. Could this BCLTMP folder which seems to track my browser history be spyware/malware? No one else seems to have the folder. I am using Windows 10 pro on both devices. I tried scanning with malwarebytes, roguekiller, adwcleaner, eset sysrescue, exterminate it, spydllremover (which reports hidden rootkit, with processID, hidden), superantispyware. tdsskiller won't boot (redownloaded, same result) and comodo CCE crashes the computer and then refuses to boot. Note that the laptop with the BCLTMP folder is a clean windows 10 install with no installed software. My router reports synflood attacks from within and outside of my network, and it's firmware has been reinstalled by the isp just to be sure. Not much else to see there. How can I figure out what is happening to my devices, and what this folder is for?
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.