Copy link to clipboard
Copied
Our organization recently contracted a company that provides cybersecurity services. Several days ago I got a notcie from this service stating that they deemed Cryptodome potentially malicious and that the service proceeded to remove the folder "C:\Users\myUserName\AppData\Local\Temp\_MEI9049282\Cryptodome" from my workstation.
It's really puzzling since I do not do any python programming nor use any python-based application (that I am aware of). I did a bit of googling and came across a recent reddit post (Reddit post link) claiming that the temp folder was installed by Adobe Creative Cloud. As it happened I DID run a repair on Creative Cloud on the day the security alarm was raised.
Can anyone confirm whether Creative Cloud really creates the Cryptodome folder? And if it did will it remove past temporary folders and files upon the next repair or update? Thanks.
Hi there,
Thanks for reaching out. I would like to inform you that the Temp folder is a directory on the Windows PC used to store temporary files. Clearing the Temp folder is a standard procedure for system administration to reduce the amount of storage space used.
Also, I have checked at my end and there is no folder having a Crypotdome folder in the temp folder.
Regards,
Tarun
Copy link to clipboard
Copied
Hi there,
Thanks for reaching out. I would like to inform you that the Temp folder is a directory on the Windows PC used to store temporary files. Clearing the Temp folder is a standard procedure for system administration to reduce the amount of storage space used.
Also, I have checked at my end and there is no folder having a Crypotdome folder in the temp folder.
Regards,
Tarun
Copy link to clipboard
Copied
Hi all,
i can only confirm that these folders and files exist and that my Antivirus scannner has some issues with it!
\AppData\Local\Temp\_MEI333522\Cryptodome
Regards,
Heimo
Copy link to clipboard
Copied
this is an old thread . you should provide more information including subscription type.
Copy link to clipboard
Copied
Hi @musicmen155,
Thanks for reaching out. Please let us know if you have seen this under any of the Adobe Creative Cloud app folders.
Regards,
Tarun
Copy link to clipboard
Copied
Hi Tarun,
thanks for the quick reply!
Good news first, I can definitely give the all-clear. As far as I can tell, this directory does not come from Adobe. I was able to verify this using PocMon.
Regards,
Heimo
Copy link to clipboard
Copied
thanks for the update @musicmen155
Copy link to clipboard
Copied
Good day,
Did you ever find a resolution for the _MEI folders? I've had these on my machine for over 5 years now and I still can't figure out where theyr'e coming from. I checked today and they have even more new files in them that seem to be generated on the fly. Very suspicious that my computers cpu is being used to mine crypto.
Signed
Still Searching...