TempEI4

corsair · 06-25-2009, 09:25 AM

Hi everyone
I'd like to seek advice about a folder that appears in my C:,called TempEI4. Inside the folder there is a 2.temp file along with three txt files -EI41,EI43 and EI461
EI41 has the following entries:
[5:19:46 AM] Action is Cleanup.
[5:19:46 AM] Removing copy directory entry from registry.
[5:19:46 AM] Removing SetupDone directory entry from registry.
[5:19:46 AM] Removing main setup registry key.
[5:19:46 AM] Attempting unregistration for "RegSvr32 /u /s C:\TempEI4\EI40_\EIServer.DLL".
[5:19:46 AM] Temp directory is "C:\TempEI4".
[5:19:46 AM] Temp file path is "C:\TempEI4\2.tmp".
[5:19:46 AM] Current file path is "C:\TempEI4\EI40_\EICleanup.exe".
[5:19:46 AM] Copied "C:\TempEI4\EI40_\EICleanup.exe" to "C:\TempEI4\2.tmp".
[5:19:46 AM] Creating tmp Process "C:\TempEI4\2.tmp -sd: 1104 "C:\TempEI4\EI40_"" in "C:\TempEI4".
[5:19:47 AM]
Closing Log File.
EI43 has :
[5:19:46 AM] Action is SELFDELETE.
[5:19:47 AM] Finish job of cleanup.
[5:19:47 AM] Deleting file "CLEANUP.INI"
[5:19:47 AM] Deleting file "EICleanup.EXE"
[5:19:47 AM] Deleting file "EIConfig.INI"
[5:19:47 AM] Deleting file "EIhlp0409.CHM"
[5:19:47 AM] Deleting file "EIProcessCaller.exe"
[5:19:47 AM] Deleting file "EIRES0409.DLL"
[5:19:47 AM] Deleting file "EIServer.DLL"
[5:19:47 AM] Deleting file "EISTPersist.dat"
[5:19:47 AM] Deleting file "Express.exe"
[5:19:47 AM] Deleting file "LICENSE0409.RTF"
[5:19:47 AM] Deleting file "msxml.msi"
[5:19:47 AM] Deleting file "MSXML4.CAB"
[5:19:47 AM] Deleting file "Readme.txt"
[5:19:47 AM] Deleting file "rebootOS.exe"
[5:19:47 AM] Deleting file "unicows.dll"
[5:19:47 AM] Deleting file "XML4REG.EXE"
[5:19:47 AM] Deleting file "XML4REG.HTML"
[5:19:47 AM] Deleting directory "C:\TempEI4\EI40_"
[5:19:47 AM]
Closing Log File.
and lastly, EI461 has:
[4:58:39 AM] Copied file G:\Drivers\unicows.dll to C:\TempEI4\EI40_\unicows.dll.
[4:58:40 AM] Copied file G:\Drivers\Express.ex_ to C:\TempEI4\EI40_\Express.exe.
[4:58:40 AM] Copied file G:\Drivers\EIhlp0409.CHM to C:\TempEI4\EI40_\EIhlp0409.CHM.
[4:58:41 AM] Copied file G:\Drivers\EIRES0409.DLL to C:\TempEI4\EI40_\EIRES0409.DLL.
[4:58:41 AM] Copied file G:\Drivers\LICENSE0409.RTF to C:\TempEI4\EI40_\LICENSE0409.RTF.
[4:58:41 AM] *** File G:\Drivers\EMULATE.INI optional; not found
[4:58:41 AM] Copied file G:\Drivers\LICENSE0409.RTF to C:\TempEI4\EI40_\LICENSE0409.RTF.
[4:58:41 AM] Copied file G:\Drivers\EIServer.DLL to C:\TempEI4\EI40_\EIServer.DLL.
[4:58:41 AM] Copied file G:\Drivers\Readme.txt to C:\TempEI4\EI40_\Readme.txt.
[4:58:42 AM] Copied file G:\Drivers\rebootOS.ex_ to C:\TempEI4\EI40_\rebootOS.exe.
[4:58:42 AM] Copied file G:\Drivers\EIhlp0409.CHM to C:\TempEI4\EI40_\EIhlp0409.CHM.
[4:58:42 AM] Copied file G:\Drivers\EIRES0409.DLL to C:\TempEI4\EI40_\EIRES0409.DLL.
[4:58:42 AM] Copied file G:\Drivers\MSXML4.CAB to C:\TempEI4\EI40_\MSXML4.CAB.
[4:58:42 AM] Copied file G:\Drivers\XML4REG.HTML to C:\TempEI4\EI40_\XML4REG.HTML.
[4:58:45 AM] Copied file G:\Drivers\msxml.msi to C:\TempEI4\EI40_\msxml.msi.
[4:58:45 AM] Copied file G:\Drivers\XML4REG.EX_ to C:\TempEI4\EI40_\XML4REG.EXE.
[4:58:46 AM] Copied file G:\Drivers\EIProcessCaller.ex_ to C:\TempEI4\EI40_\EIProcessCaller.exe.
[4:58:46 AM] Registering file "C:\WINDOWS\system32\RegSvr32 /s C:\TempEI4\EI40_\EIServer.DLL" in dir "C:\TempEI4\EI40_\".
[4:58:52 AM] Setup complete; put SetupDone entry in registry.
[4:58:52 AM] About to CreateProcess "C:\TempEI4\EI40_\Express.exe".
[4:58:55 AM]
Closing Log File.
=====================================================
My question is, am I infected with some kind of malware? Should I delete the folder TempEI4? Or should I move on to the malware deletion section of the forum? I apologize if I have put this in the wrong forum.

tetonbob · 06-25-2009, 10:13 AM

Hello -

Seems like an install log, perhaps for motherboard/chipset drivers? Have you recently performed any updates? Is G drive your DVD/CD drive?

It's not likely doing any harm. You may want to move it off machine, save it for a couple weeks. If nothing complains about it missing, you could then most likely delete it.

This might shed some light on it

http://downloadmirror.intel.com/12499/ENG/RELNOTES.txt

d4rkn1ght · 06-25-2009, 10:45 AM

Hi corsair

There's nothing to worry about here. TempEI4 is a folder for the Express Installer Server by Intel; it is definitely not malware and should not be deleted.

Best Regards :D

corsair · 06-25-2009, 10:50 AM

Ty for the quick reply,sir. Although I am not good enough to make out anything from the link you provided *sheepish look*. I haven't made any updates on my system recently though. And no sir, G: drive is not my dvd drive, it is the last partition on my hdd. I have 5 hdd partitions.(Unless the G: mentioned in the log files is from the time when I only had 4 drives in Windows XP while I was using the remaining space to run Ubuntu-and back then I believe my dvd drive was G:-that would mean the TempEI4 folder was in existence for a long time now) I only noticed the TempEI4 folder today. I was a bit worried about trojans as today one of my friends had brought over his thumb-drive to copy some stuff from my puter and it was infected by a couple of trojans. But I put the thumb drive in at a later time than what the log files show. (I had run my antivirus to scan the thumb drive and it did detect some trojans but the remaining visible files only took up something like 340 KB but right clicking and looking at the properties of the thumb drive showed about 38 MB of space being used- I dunno why). I will take your advice and send the folder to my recycle bin and see if I get any errors. Again, tyvm for the reply sir.
Oops d4rkn1ght , I almost missed out on your reply sir, you must have been typing it in while I myself was typing. Sorry ! Thank you for the input sir, its a relief knowing it is not a malware.

tetonbob · 06-25-2009, 11:31 AM

corsair -

If for any reason you think the machine is infected....

Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After running through all the steps, please post the requested logs in the Virus/Trojan/Spyware Help forum, not here.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

corsair · 06-26-2009, 03:47 AM

Ty for the reply sir. I really dont know whether I am infected or not but seeing as both you and d4rkn1ght think that TempEI4 is not malware,I will leave it at that I think. Thank you for the links sir.

corsair · 06-26-2009, 04:26 AM

I have posted at the virus/trojan removal forum about this TempEI4 thingy. Also have posted the required logs in there. Hope that I am clean from viruses or trojans hehe

06-25-2009, 10:13 AM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,237 OS: 2000 Pro; XP Pro; XP Home	Re: TempEI4 Hello - Seems like an install log, perhaps for motherboard/chipset drivers? Have you recently performed any updates? Is G drive your DVD/CD drive? It's not likely doing any harm. You may want to move it off machine, save it for a couple weeks. If nothing complains about it missing, you could then most likely delete it. This might shed some light on it http://downloadmirror.intel.com/12499/ENG/RELNOTES.txt __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

06-25-2009, 10:45 AM	#3 (permalink)
d4rkn1ght Registered User Join Date: Jun 2009 Posts: 3 OS: Windows XP SP#, Vista Business SP1	Re: TempEI4 Hi corsair There's nothing to worry about here. TempEI4 is a folder for the Express Installer Server by Intel; it is definitely not malware and should not be deleted. Best Regards :D

06-25-2009, 10:50 AM	#4 (permalink)
corsair Registered User Join Date: Mar 2005 Posts: 458 OS: windows XP home edition	Re: TempEI4 Ty for the quick reply,sir. Although I am not good enough to make out anything from the link you provided sheepish look. I haven't made any updates on my system recently though. And no sir, G: drive is not my dvd drive, it is the last partition on my hdd. I have 5 hdd partitions.(Unless the G: mentioned in the log files is from the time when I only had 4 drives in Windows XP while I was using the remaining space to run Ubuntu-and back then I believe my dvd drive was G:-that would mean the TempEI4 folder was in existence for a long time now) I only noticed the TempEI4 folder today. I was a bit worried about trojans as today one of my friends had brought over his thumb-drive to copy some stuff from my puter and it was infected by a couple of trojans. But I put the thumb drive in at a later time than what the log files show. (I had run my antivirus to scan the thumb drive and it did detect some trojans but the remaining visible files only took up something like 340 KB but right clicking and looking at the properties of the thumb drive showed about 38 MB of space being used- I dunno why). I will take your advice and send the folder to my recycle bin and see if I get any errors. Again, tyvm for the reply sir. Oops d4rkn1ght , I almost missed out on your reply sir, you must have been typing it in while I myself was typing. Sorry ! Thank you for the input sir, its a relief knowing it is not a malware. Last edited by corsair; 06-25-2009 at 11:01 AM.

06-25-2009, 11:31 AM	#5 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,237 OS: 2000 Pro; XP Pro; XP Home	Re: TempEI4 corsair - If for any reason you think the machine is infected.... Please follow our pre-posting process outlined here: NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help After running through *all* the steps, please post the requested logs in the Virus/Trojan/Spyware Help forum, not here. If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply. Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

06-26-2009, 03:47 AM	#6 (permalink)
corsair Registered User Join Date: Mar 2005 Posts: 458 OS: windows XP home edition	Re: TempEI4 Ty for the reply sir. I really dont know whether I am infected or not but seeing as both you and d4rkn1ght think that TempEI4 is not malware,I will leave it at that I think. Thank you for the links sir.

06-26-2009, 04:26 AM	#7 (permalink)
corsair Registered User Join Date: Mar 2005 Posts: 458 OS: windows XP home edition	Re: TempEI4 I have posted at the virus/trojan removal forum about this TempEI4 thingy. Also have posted the required logs in there. Hope that I am clean from viruses or trojans hehe