Jump to content

BCLTMP in temp folder, possible spyware.


Recommended Posts

I have used the fix and rebooted. The BCLTMP folder has returned within hours. no tempaddons in the TEMP. *Edit* I noticed the folder returned each time after we did something to the browser. Normally it might have taken a day or a week before the folder would return.

Edited by Seda145
Link to post
Share on other sites

  • Root Admin
  • Root Admin

Yes, software that "spawns" a process is difficult to track down in a case like this as it's a valid, legal program. There are debugging tools to find that but way beyond the scope of help provided here. From the research shown on the web I was not able to find any evidence that it's a malicious process. It looks to be caused by a few different ways and normally involving a browser.

Using the Auditing though may potentially help track it down

 

Link to post
Share on other sites

I have a procmon log file, on which I'm browsing the internet using firefox.

Firefox creates a mozilla-temp-files folder in the TEMP,  then

Explorer.exe reads C:\Windows\System32\TaskFlowDataEngine.dll for some reason, then

avgsvc (avg antivirus) creates the BCLTMP folder in TEMP.

operations used on the BCLTMP folder include QueryNetworkOpenInformationFile , QueryRemoteProtocolInformation and many others.

 

the .txt file included should be renamed to .PML

Avast also creates the BCLTMP.

I noticed a firewall rule in my custom software firewall about the BCLTMP folder months ago that I did not create.

Looks like my data is send over the internet. Any attempts to look for it with Wireshark failed.

 

Logfile - Copy.txt

Link to post
Share on other sites

  • Root Admin

For now, temporarily uninstall Avast from Control Panel, Programs, Add/Remove and reboot the computer.
Then download and run the Avast removal tool and reboot again.
http://files.avast.com/files/eng/aswclear.exe

Next, uninstall AVG antivirus from Control Panel, Programs, Add/Remove and reboot.
Then download and runt the AVG removal tool and reboot again.
https://files-download.avg.com/util/tools/AVG_Remover.exe

Reset Firefox back to factory defaults

Then monitor again and see if this folder is still being created or not.

 

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.