While cleaning out my AppData\Local\Temp folder I found a folder named BCLTMP (C:\Users[NAME]\AppData\Local\Temp\BCLTMP). Inside it was three folders chrome edge & firefox. Other than the edge folder, a browser I don’t use, they contained Chrome’s History & Web Data files and Firefox’s places.sqlite & search.json.mozlz4!

I did full scans of my computer with Avast, Malwarebytes, TrendMicro HouseCall & TDSSKiller. Nothing found. I then ran Process Monitor, set a filter for path contains BCLTMP and waited.

avastsvc.exe (SHA256: 27559e51b9c887d8ec72ac9eb239fed9766083ff9dd3e57c24d286a086075cf4) was caught creating these files! No other service or exe was caught creating or accessing them.

It also created copies of Firefox extensions, like uBlock0@raymondhill.net.xpi, but renamed or re-zipped to uBlock0@raymondhill.net.zip.

I want to know what Avast is doing with my private browser data, and how to stop it. I have disabled Avast entirely until this is resolved.

Reported to Avast. This is the weekend so you may need to wait a while.

Thanks

Hi. it’s temp folder of Browser Cleanup feature. We use it for example to extract the icons of installed extensions.

Then the problem is that the Browser Cleanup feature is NOT installed and therefore should NOT be touching my browsers files!

It is extremely concerning that Avast continues to copy my browser’s data without this component installed!

We work on a fix, the problem is that part of the component is included in the remote VPS part