Please advise me the purpose and effects of an unexpected intruder
Both Metascan Online | Free online file scanning with multiple antivirus engines
say it is clean.
I first saw this as a 410,624 bytes file at root of C:\ in my real single boot x64 Windows 7 Desktop.
Is it safe to remove or might I regret it ?
I can restore my system from an image backup made before this arrived.
I believe it came as a result of using either a Macrium or a Easeus P.E. Boot CD,
or alternatively there was a leak out of the VMPlayer in which I installed x32 and x64 Windows 7 Virtual Machines and both Macrium and Easeus applications and created the P.E. Boot CD's.
I created the ISO's and burnt the CD's and then used the CD's in each Virtual machine to both create image backups and restore them to virtual "unallocated space".
I drag-dropped image backup files from the virtual machines to partition E:\ on the real desktop machine,
and panicked when I saw my real system was a red bar unbootable with less than 200 Megabytes of Free Space.
I found that the drag-drop from virtual to real E:\ had soaked up all space in one of my %TEMP% folders in real C:\.
Quick delete of %TEMP% and then I booted.
Unexpected leak from virtual to real - Lesson learnt.
Virtual x32 holds Macrium in Program files, and no evidence of EUMONBMP.SYS.
Virtual x64 holds EasUS in what it calls C:\Program Files (x86)
and this x64 has at root of what it calls "Local Disc" C:\EUMONBMP.SYS 268,288 bytes.
This version in this location has a time stamp that is (to a resolution of 1 minute) exactly 1 minute before the start of a *.PMD image backup file of its "Local Disc" C:\.
I suspect that EUMONBMP.SYS is part of the W.A.I.K. download that got incorporated into WinPE,
and the size may be related to either the x32 or x64 environment in which the Boot CD was created.
Please note that :-
The above all happened before I came across this topic ;
Your tool is in no way implicated,
but I assume EUMONBMP.SYS is a likely result of WinPE using W.A.I.K.
and am hoping that your tool will avoid this.
I would like to know in advance what to expect.