Jump to content

Recommended Posts

I have used the fix and rebooted. The BCLTMP folder has returned within hours. no tempaddons in the TEMP. *Edit* I noticed the folder returned each time after we did something to the browser. Normally it might have taken a day or a week before the folder would return.

Edited by Seda145

Share this post


Link to post
Share on other sites

deleted the previous BCLTMP folder, another one appeared again in TEMP, this time including a subfolder named Edge. It's empty. No idea where it could be coming from

Share this post


Link to post
Share on other sites

Alright, will try the articles and the software. I've used procmon in the past, which showed BCLTMP is made by explorer.exe, couldn't find another process creating it.

Share this post


Link to post
Share on other sites

Yes, software that "spawns" a process is difficult to track down in a case like this as it's a valid, legal program. There are debugging tools to find that but way beyond the scope of help provided here. From the research shown on the web I was not able to find any evidence that it's a malicious process. It looks to be caused by a few different ways and normally involving a browser.

Using the Auditing though may potentially help track it down

 

Share this post


Link to post
Share on other sites

I have a procmon log file, on which I'm browsing the internet using firefox.

Firefox creates a mozilla-temp-files folder in the TEMP,  then

Explorer.exe reads C:\Windows\System32\TaskFlowDataEngine.dll for some reason, then

avgsvc (avg antivirus) creates the BCLTMP folder in TEMP.

operations used on the BCLTMP folder include QueryNetworkOpenInformationFile , QueryRemoteProtocolInformation and many others.

 

the .txt file included should be renamed to .PML

Avast also creates the BCLTMP.

I noticed a firewall rule in my custom software firewall about the BCLTMP folder months ago that I did not create.

Looks like my data is send over the internet. Any attempts to look for it with Wireshark failed.

 

Logfile - Copy.txt

Share this post


Link to post
Share on other sites

For now, temporarily uninstall Avast from Control Panel, Programs, Add/Remove and reboot the computer.
Then download and run the Avast removal tool and reboot again.
http://files.avast.com/files/eng/aswclear.exe

Next, uninstall AVG antivirus from Control Panel, Programs, Add/Remove and reboot.
Then download and runt the AVG removal tool and reboot again.
https://files-download.avg.com/util/tools/AVG_Remover.exe

Reset Firefox back to factory defaults

Then monitor again and see if this folder is still being created or not.

 

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.