Search the Community
Showing results for tags 'temp'.
Found 4 results
Hey guys, I noticed a strange folder in my temp folder called BCLTMP containing subfolders with the names of my browsers. Inside of these folders are files that contain my saved favourites, visited urls and searches. After deletion of the BCLTMP folder it appears again after a while, sometimes after a day, a week or a month. After scanning my PC with all the tools I have (which didn't find much and didn't stop the folder appearing) I decided it might be normal.. Then I bought a new laptop which showed the same behavior within the same week I bought it. Nothing was installed on the laptop, no usb used, it had only been connected to my router. I have connected other laptops to my network in the past which showed the same behavior. Could this BCLTMP folder which seems to track my browser history be spyware/malware? No one else seems to have the folder. I am using Windows 10 pro on both devices. I tried scanning with malwarebytes, roguekiller, adwcleaner, eset sysrescue, exterminate it, spydllremover (which reports hidden rootkit, with processID, hidden), superantispyware. tdsskiller won't boot (redownloaded, same result) and comodo CCE crashes the computer and then refuses to boot. Note that the laptop with the BCLTMP folder is a clean windows 10 install with no installed software. My router reports synflood attacks from within and outside of my network, and it's firmware has been reinstalled by the isp just to be sure. Not much else to see there. How can I figure out what is happening to my devices, and what this folder is for?
I can confirm that the 3.4 beta fixes the update failure which was occurring when Windows TEMP/TMP is on a RAM Drive. (As previously reported in the topic "Update Failure IS because of TEMP on RAM Drive" in Malwarebytes 3, Malwarebytes Forums at https://forums.malwarebytes.com/topic/206678-update-failure-is-because-of-temp-on-ram-drive/) During installation, the initial "Runtime Error (at ...): Could not call proc" error message still appears but, after that is acknowledged, installation continues with a request for a Windows re-start so that installation can be completed. After restarting, a prompt is issued asking if the user wishes to run a file from an address in the TEMP directory (on RAM drive). When this is agreed to, installation proper begins and proceeds as would have been expected. For me, the process appears to have completed successfully and resulted in an on-top update from MBAM 126.96.36.1993 to MBAM 188.8.131.520 Beta. The process was straightforward and I did not need to tamper with any environment variables at all. My previous settings were all preserved apart from the currently usual need to restore the 'Display Language' to my required value. Thank you for the fix.
Runtime Error (at 47:120): Could not call proc =================================== Microsoft Windows 10 Pro x64 Version 1607 (OS Build 14393.1480) My %Temp% and %Tmp% are normally set to a RAM drive, in format 'Z:' (no quotes). Attempting to update, offline, from MBAM 184.108.40.2063 free to MBAM 220.127.116.113 free using mb3-setup-consumer-18.104.22.1683.exe I repeatedly found that immediately after selecting the language, installation failed with the message: "Runtime Error (at 47:120): Could not call proc" I saw the same behaviour when I tried the mb3-setup-consumer-22.214.171.1249.exe beta installer. Today (Thu 03 Aug 2017) I tried the 3.1 update again but first changed both %Temp% and %Tmp% back to: '%USERPROFILE%\AppData\Local\Temp' (No quotes). I then immediately, without reloading Windows, ran the MBAM 3.1 installer/updater again. It ran right through and appears to have sucessfully updated to MBAM 3.1. I inspected the settings, which appear to be, as far as is applicable, migrated. During the update, MBAM appears to have been completely removed from 'Program Files (x86)' and MBAM 126.96.36.1993 has been installed in 'Program Files' That seemed excellent until I noticed that 'Task Manager' > 'Processes' showed Malwarebytes is running as a 32 bit application, so shouldn't it be in 'Program Files (x86)'? I set my %Temp% and %Tmp% both back to my normal values, directing them to the RAM drive. I then went on line and requested whatever updates were available. (nb Controls for that are not well presented and neither could I clearly see what updates were actually done at that stage) I now see: " Version Information Malwarebytes version: 188.8.131.523 Component package version: 1.0.160 Update package version: 1.0.2503 " So I am able to report that temporarily switching to the default Temp and Tmp directories fixed the update failure ===================================================================================== and it is proven that otherwise the install/update failed because it couldn't cope with those directories being on the RAM drive. =============================================================================================== I cannot commit to any further testing or diagnostics on this but hope that my information helps. Now I need to actually try running MBAM 3.1 and hope it will behave tolerably well.
Hi, I used hitman pro and several malware files were detected in the Appdata\Local\Temp\ folder. I deleted them only to reboot and it picked up more of the same only different names example: "1234.tmp.exe" after deleting and reboot, 5678.tmp.exe would be found. I don't know where this came from or how to get rid of it. Malwarebytes does not pick it up at all so far. Is this something I should worry about. The info on HitmanPro says it is from Nircmd and NirSoft which I have no idea how it got on my pc unless installing a security feature on an external drive causes a false positive. I would appreciate any help.