Go Back   Tech Support Forum > Security Center > General Computer Security

TempEI4

This is a discussion on TempEI4 within the General Computer Security forums, part of the Tech Support Forum category. Hi everyone I'd like to seek advice about a folder that appears in my C:,called TempEI4. Inside the folder there


Reply
 
Thread Tools Search this Thread
Old 06-25-2009, 08:25 AM   #1
TSF Enthusiast
 
buccaneer's Avatar
 
Join Date: Mar 2005
Posts: 674
OS: Windows 7



Hi everyone
I'd like to seek advice about a folder that appears in my C:,called TempEI4. Inside the folder there is a 2.temp file along with three txt files -EI41,EI43 and EI461
EI41 has the following entries:
[5:19:46 AM] Action is Cleanup.
[5:19:46 AM] Removing copy directory entry from registry.
[5:19:46 AM] Removing SetupDone directory entry from registry.
[5:19:46 AM] Removing main setup registry key.
[5:19:46 AM] Attempting unregistration for "RegSvr32 /u /s C:\TempEI4\EI40_\EIServer.DLL".
[5:19:46 AM] Temp directory is "C:\TempEI4".
[5:19:46 AM] Temp file path is "C:\TempEI4\2.tmp".
[5:19:46 AM] Current file path is "C:\TempEI4\EI40_\EICleanup.exe".
[5:19:46 AM] Copied "C:\TempEI4\EI40_\EICleanup.exe" to "C:\TempEI4\2.tmp".
[5:19:46 AM] Creating tmp Process "C:\TempEI4\2.tmp -sd: 1104 "C:\TempEI4\EI40_"" in "C:\TempEI4".
[5:19:47 AM]
Closing Log File.
EI43 has :
[5:19:46 AM] Action is SELFDELETE.
[5:19:47 AM] Finish job of cleanup.
[5:19:47 AM] Deleting file "CLEANUP.INI"
[5:19:47 AM] Deleting file "EICleanup.EXE"
[5:19:47 AM] Deleting file "EIConfig.INI"
[5:19:47 AM] Deleting file "EIhlp0409.CHM"
[5:19:47 AM] Deleting file "EIProcessCaller.exe"
[5:19:47 AM] Deleting file "EIRES0409.DLL"
[5:19:47 AM] Deleting file "EIServer.DLL"
[5:19:47 AM] Deleting file "EISTPersist.dat"
[5:19:47 AM] Deleting file "Express.exe"
[5:19:47 AM] Deleting file "LICENSE0409.RTF"
[5:19:47 AM] Deleting file "msxml.msi"
[5:19:47 AM] Deleting file "MSXML4.CAB"
[5:19:47 AM] Deleting file "Readme.txt"
[5:19:47 AM] Deleting file "rebootOS.exe"
[5:19:47 AM] Deleting file "unicows.dll"
[5:19:47 AM] Deleting file "XML4REG.EXE"
[5:19:47 AM] Deleting file "XML4REG.HTML"
[5:19:47 AM] Deleting directory "C:\TempEI4\EI40_"
[5:19:47 AM]
Closing Log File.
and lastly, EI461 has:
[4:58:39 AM] Copied file G:\Drivers\unicows.dll to C:\TempEI4\EI40_\unicows.dll.
[4:58:40 AM] Copied file G:\Drivers\Express.ex_ to C:\TempEI4\EI40_\Express.exe.
[4:58:40 AM] Copied file G:\Drivers\EIhlp0409.CHM to C:\TempEI4\EI40_\EIhlp0409.CHM.
[4:58:41 AM] Copied file G:\Drivers\EIRES0409.DLL to C:\TempEI4\EI40_\EIRES0409.DLL.
[4:58:41 AM] Copied file G:\Drivers\LICENSE0409.RTF to C:\TempEI4\EI40_\LICENSE0409.RTF.
[4:58:41 AM] *** File G:\Drivers\EMULATE.INI optional; not found
[4:58:41 AM] Copied file G:\Drivers\LICENSE0409.RTF to C:\TempEI4\EI40_\LICENSE0409.RTF.
[4:58:41 AM] Copied file G:\Drivers\EIServer.DLL to C:\TempEI4\EI40_\EIServer.DLL.
[4:58:41 AM] Copied file G:\Drivers\Readme.txt to C:\TempEI4\EI40_\Readme.txt.
[4:58:42 AM] Copied file G:\Drivers\rebootOS.ex_ to C:\TempEI4\EI40_\rebootOS.exe.
[4:58:42 AM] Copied file G:\Drivers\EIhlp0409.CHM to C:\TempEI4\EI40_\EIhlp0409.CHM.
[4:58:42 AM] Copied file G:\Drivers\EIRES0409.DLL to C:\TempEI4\EI40_\EIRES0409.DLL.
[4:58:42 AM] Copied file G:\Drivers\MSXML4.CAB to C:\TempEI4\EI40_\MSXML4.CAB.
[4:58:42 AM] Copied file G:\Drivers\XML4REG.HTML to C:\TempEI4\EI40_\XML4REG.HTML.
[4:58:45 AM] Copied file G:\Drivers\msxml.msi to C:\TempEI4\EI40_\msxml.msi.
[4:58:45 AM] Copied file G:\Drivers\XML4REG.EX_ to C:\TempEI4\EI40_\XML4REG.EXE.
[4:58:46 AM] Copied file G:\Drivers\EIProcessCaller.ex_ to C:\TempEI4\EI40_\EIProcessCaller.exe.
[4:58:46 AM] Registering file "C:\WINDOWS\system32\RegSvr32 /s C:\TempEI4\EI40_\EIServer.DLL" in dir "C:\TempEI4\EI40_\".
[4:58:52 AM] Setup complete; put SetupDone entry in registry.
[4:58:52 AM] About to CreateProcess "C:\TempEI4\EI40_\Express.exe".
[4:58:55 AM]
Closing Log File.
=====================================================
My question is, am I infected with some kind of malware? Should I delete the folder TempEI4? Or should I move on to the malware deletion section of the forum? I apologize if I have put this in the wrong forum.

__________________
buccaneer is offline   Reply With Quote
Old 06-25-2009, 09:13 AM   #2
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 50,008
OS: XP Pro; XP Home; Win7 x86 & x64



Hello -

Seems like an install log, perhaps for motherboard/chipset drivers? Have you recently performed any updates? Is G drive your DVD/CD drive?

It's not likely doing any harm. You may want to move it off machine, save it for a couple weeks. If nothing complains about it missing, you could then most likely delete it.

This might shed some light on it

http://downloadmirror.intel.com/12499/ENG/RELNOTES.txt

__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline   Reply With Quote
Old 06-25-2009, 09:45 AM   #3
Registered Member
 
Join Date: Jun 2009
Posts: 3
OS: Windows XP SP#, Vista Business SP1



Hi corsair

There's nothing to worry about here. TempEI4 is a folder for the Express Installer Server by Intel; it is definitely not malware and should not be deleted.

Best Regards :D
__________________
d4rkn1ght is offline   Reply With Quote
Old 06-25-2009, 09:50 AM   #4
TSF Enthusiast
 
buccaneer's Avatar
 
Join Date: Mar 2005
Posts: 674
OS: Windows 7



Ty for the quick reply,sir. Although I am not good enough to make out anything from the link you provided *sheepish look*. I haven't made any updates on my system recently though. And no sir, G: drive is not my dvd drive, it is the last partition on my hdd. I have 5 hdd partitions.(Unless the G: mentioned in the log files is from the time when I only had 4 drives in Windows XP while I was using the remaining space to run Ubuntu-and back then I believe my dvd drive was G:-that would mean the TempEI4 folder was in existence for a long time now) I only noticed the TempEI4 folder today. I was a bit worried about trojans as today one of my friends had brought over his thumb-drive to copy some stuff from my puter and it was infected by a couple of trojans. But I put the thumb drive in at a later time than what the log files show. (I had run my antivirus to scan the thumb drive and it did detect some trojans but the remaining visible files only took up something like 340 KB but right clicking and looking at the properties of the thumb drive showed about 38 MB of space being used- I dunno why). I will take your advice and send the folder to my recycle bin and see if I get any errors. Again, tyvm for the reply sir.
Oops d4rkn1ght , I almost missed out on your reply sir, you must have been typing it in while I myself was typing. Sorry ! Thank you for the input sir, its a relief knowing it is not a malware.
__________________
buccaneer is offline   Reply With Quote
Old 06-25-2009, 10:31 AM   #5
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 50,008
OS: XP Pro; XP Home; Win7 x86 & x64



corsair -

If for any reason you think the machine is infected....

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, please post the requested logs in the Virus/Trojan/Spyware Help forum, not here.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline   Reply With Quote
Old 06-26-2009, 02:47 AM   #6
TSF Enthusiast
 
buccaneer's Avatar
 
Join Date: Mar 2005
Posts: 674
OS: Windows 7



Ty for the reply sir. I really dont know whether I am infected or not but seeing as both you and d4rkn1ght think that TempEI4 is not malware,I will leave it at that I think. Thank you for the links sir.
__________________
buccaneer is offline   Reply With Quote
Old 06-26-2009, 03:26 AM   #7
TSF Enthusiast
 
buccaneer's Avatar
 
Join Date: Mar 2005
Posts: 674
OS: Windows 7



I have posted at the virus/trojan removal forum about this TempEI4 thingy. Also have posted the required logs in there. Hope that I am clean from viruses or trojans hehe

__________________
buccaneer is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 01:06 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts