Annoying temp file - pic

Something is constantly creating temp files with exactly similar names.
IS IT UTORRENT?
THANKS GUYS

Virus or unwanted program ‘TR/2ndThought.AA.2 [trojan]’
detected in file 'C:\Windows\Temp\CBD5F7.tmp.
Action performed: Allow access

Edit by EricJH: reverted the all caps title to normal case

[attachment deleted by admin]

Could you please upload the file to virustotal and post the results.

Could you please upload the file to virustotal and post the results.
What's the point, it's a false positive (Avira is flagging comodo's anti-virus database when comodo updates

You can e-mail avira the false postives FILES to avira
Avira AntiVir

http://analysis.avira.com/samples/index.php

IS IT UTORRENT?
No, Sometimes when comodo updates their anti-virus, Avira flagges the temporary files

How can you tell this from the picture? The virustotal results look malicious.

I know when I’m wrong :cry: Sorry

The avira files that MY computer flages are Virus or unwanted program ‘TR/2ndThought.AA.2 [trojan]’
detected in file 'C:\WINDOWS\Temp\CB25.tmp.
It only happens when comodo updates, It always CB(and a random number)

The person posted “CBD5F7.tmp”. TR/2ndThought.AA.2 <—I didn’t pay enough attention to it. It has extra random numbers and letters
The ones I GET “CB25.tmp”

How can you tell this from the picture? The virustotal results look malicious.
I must agree with you. Can't agrue with the virustotal result of the file uploaded

If the person would have posted File T-5868257-shamboozie_bob_james_ho in the post I wouldn’t wrote my post.

Just curious,

Why does the post say Avira flagged “CBD5F7.tmp”. TR/2ndThought.AA.2

But virustotal shows, AntiVir 8.2.1.220 2010.04.22 EXP/ASF.GetCodec.Gen
But the File name is T-5868257-shamboozie_bob_james_ho

Either way, I will pay much more attention now :slight_smile:

This seems like it could be malicious activity. You can scan your computer with some of the programs from What You Need To Know About Removing Infections and Securing Your Computer and see if they pick anything up.

  1. So the “CBD5F7.tmp” isnt Comodos database update file?..i checked the folder when you guys said that i should send the file to Avira as false positive and there was like 10 more files named similar and had lock icon on them(protected problably) ranging from 24KB to 58 MB. When i scanned them with Spybot or Comodo Avira went crazy and start playing the sound when it detects something. Spybot and Comodo didnt found anything.

Heres the virustotal result for the temp file. So what is it, how to figure out which program is creating this?

File CB9A0B.tmp received on 2010.04.23 09:04:05 (UTC)
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.23 Trojan.Win32.FakeAV!IK
AhnLab-V3 5.0.0.2 2010.04.23 -
AntiVir 8.2.1.220 2010.04.23 TR/2ndThought.AA.2
Antiy-AVL 2.0.3.7 2010.04.21 -
Authentium 5.2.0.5 2010.04.23 -
Avast 4.8.1351.0 2010.04.22 Win32:Agent-KXV
Avast5 5.0.332.0 2010.04.22 Win32:Agent-KXV
AVG 9.0.0.787 2010.04.22 -
BitDefender 7.2 2010.04.23 -
CAT-QuickHeal 10.00 2010.04.23 -
ClamAV 0.96.0.3-git 2010.04.23 -
Comodo 4669 2010.04.23 -
DrWeb 5.0.2.03300 2010.04.23 -
eSafe 7.0.17.0 2010.04.22 -
eTrust-Vet 35.2.7445 2010.04.23 -
F-Prot 4.5.1.85 2010.04.23 -
F-Secure 9.0.15370.0 2010.04.23 -
Fortinet 4.0.14.0 2010.04.21 -
GData 21 2010.04.23 Win32:Agent-KXV
Ikarus T3.1.1.80.0 2010.04.23 Trojan.Win32.FakeAV
Jiangmin 13.0.900 2010.04.23 -
Kaspersky 7.0.0.125 2010.04.23 -
McAfee 5.400.0.1158 2010.04.23 -
McAfee-GW-Edition 6.8.5 2010.04.22 Heuristic.BehavesLike.Exploit.CodeExec.NLOG
Microsoft 1.5703 2010.04.23 -
NOD32 5052 2010.04.23 -
Norman 6.04.11 2010.04.23 -
nProtect 2010-04-23.01 2010.04.23 -
Panda 10.0.2.7 2010.04.22 -
PCTools 7.0.3.5 2010.04.23 -
Prevx 3.0 2010.04.23 -
Rising 22.44.04.03 2010.04.23 -
Sophos 4.53.0 2010.04.23 -
Sunbelt 6211 2010.04.23 -
Symantec 20091.2.0.41 2010.04.23 -
TheHacker 6.5.2.0.267 2010.04.22 -
TrendMicro 9.120.0.1004 2010.04.23 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.23 -
VBA32 3.12.12.4 2010.04.22 -
ViRobot 2010.4.23.2291 2010.04.23 -
VirusBuster 5.0.27.0 2010.04.22 -
Additional information
File size: 23749 bytes
MD5…: f96aef8f7609e003f9e56063fe7e15dc
SHA1…: cb08f0ccfe39f8d63884fa126ad488fcede51f42
SHA256: 9a2cafb9b499444876d49022d243c0eb2f904367a3f0e56f262ee4e9452242b6
ssdeep: 384:Wn4CqcVuSsoVGgRoO2S9yKaDg5BmEbF7woCNU5qRqv1Q:Wn8gWOdaDgjhCK5
qRq9Q

PEiD…: -
PEInfo: -
RDS…: NSRL Reference Data Set

pdfid.: -
trid…: MS Flight Simulator Aircraft Performance Info (100.0%)
sigcheck:
publisher…: n/a
copyright…: n/a
product…: n/a
description…: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments…: n/a
signers…: -
signing date.: -
verified…: Unsigned

[size=10pt]HERES THE VIRUSTOTAL RESULTs FOR THE MP3 FILE[/size]

File T-5868257-shamboozie_bob_james_ho received on 2010.04.22 16:56:22 (UTC)
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.22 Trojan-Downloader.WMA.GetCodec!IK
AhnLab-V3 5.0.0.2 2010.04.22 -
AntiVir 8.2.1.220 2010.04.22 EXP/ASF.GetCodec.Gen
Antiy-AVL 2.0.3.7 2010.04.21 Trojan/WMA.GetCodec
Authentium 5.2.0.5 2010.04.22 -
Avast 4.8.1351.0 2010.04.22 WMA:Wimad
Avast5 5.0.332.0 2010.04.22 WMA:Wimad
AVG 9.0.0.787 2010.04.22 -
BitDefender 7.2 2010.04.22 Trojan.Wimad.Gen.1
CAT-QuickHeal 10.00 2010.04.22 -
ClamAV 0.96.0.3-git 2010.04.22 -
Comodo 4666 2010.04.22 TrojWare.WMA.TrojanDownloader.GetCodec.u
DrWeb 5.0.2.03300 2010.04.22 Trojan.WMALoader
eSafe 7.0.17.0 2010.04.22 Win32.Brisv.A
eTrust-Vet 35.2.7443 2010.04.22 ASF/Wimad!generic
F-Prot 4.5.1.85 2010.04.22 -
F-Secure 9.0.15370.0 2010.04.22 Trojan-Downloader:W32/Wimad.gen!A
Fortinet 4.0.14.0 2010.04.21 -
GData 21 2010.04.22 Trojan.Wimad.Gen.1
Ikarus T3.1.1.80.0 2010.04.22 Trojan-Downloader.WMA.GetCodec
Jiangmin 13.0.900 2010.04.22 TrojanDownloader.ASF.UrlExit
Kaspersky 7.0.0.125 2010.04.22 Trojan-Downloader.WMA.GetCodec.u
McAfee 5.400.0.1158 2010.04.22 -
McAfee-GW-Edition 6.8.5 2010.04.22 Exploit.ASF.GetCodec.Gen
Microsoft 1.5703 2010.04.22 TrojanDownloader:ASX/Wimad.AT
NOD32 5051 2010.04.22 a variant of WMA/TrojanDownloader.GetCodec.gen
Norman 6.04.11 2010.04.22 WMA/GetCodec.B
nProtect 2010-04-22.01 2010.04.22 Trojan.Wimad.Gen.1
Panda 10.0.2.7 2010.04.21 -
PCTools 7.0.3.5 2010.04.22 Trojan.Brisv
Prevx 3.0 2010.04.22 -
Rising 22.44.03.04 2010.04.22 Trojan.DL.Win32.GetCodec.b
Sophos 4.53.0 2010.04.22 Mal/ASFDldr-A
Sunbelt 6208 2010.04.22 Trojan.ASF.Wimad (v)
Symantec 20091.2.0.41 2010.04.22 Trojan.Brisv.A
TheHacker 6.5.2.0.267 2010.04.22 -
TrendMicro 9.120.0.1004 2010.04.22 TROJ_CODEC.XXX
TrendMicro-HouseCall 9.120.0.1004 2010.04.22 TROJ_CODEC.XXX
VBA32 3.12.12.4 2010.04.22 Trojan-Downloader.WMA.GetCodec.u
ViRobot 2010.4.21.2288 2010.04.22 -
VirusBuster 5.0.27.0 2010.04.22 -
Additional information
File size: 5868257 bytes
MD5…: d275f6888bcf1a84d6dd8be853590b8f
SHA1…: cb69a94264986031f7ea8625d22a679884f1cab6
SHA256: 44ff82a5c43753e2009d17790e0715dc423e6082d35d82dacfcdcca7b8ced2e7
ssdeep: 768:ZFa3z86N4c8fUEoI9kSIUCwH0Cn9ucdRcV5fNNNwNow3zh7YUHlIh:iD9N4c
rIkSINwH0A9zdkB7aCw3zh10

PEiD…: -
PEInfo: -
RDS…: NSRL Reference Data Set

pdfid.: -
trid…: Windows Media Video (100.0%)
sigcheck:
publisher…: n/a
copyright…: n/a
product…: n/a
description…: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments…: n/a
signers…: -
signing date.: -
verified…: Unsigned

In conclusion:

  1. I still dont know what program is creating the CB9A0B.tmp files and why is Avira detecting them as viruses if they are Comodos database files.
  2. The mp3. file was what i think the cause of Comodos alert box not appearing, but i cant be sure. Still, Comodo should’nt crash like that :S

For the other virustotal results

So what is it, how to figure out which program is creating this?
The bottom half of the virustotal results,
trid..: MS Flight Simulator Aircraft Performance Info (100.0%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned

I know with with comodo 4 the .tmp file will be cb and 2 numbers
some examples:
cb11.tmp
cb74.tmp

but yours are CB9A0B.tmp
CB9A0B.tmp
I don’t know if it’s because it is comodo v3.14 or not, because I’m using comodo v4

Why don’t you run hijack this and post the results and the hosts files too, that may help clear some things up :slight_smile:
You can download hijack this here (below) <------ it’s up to you,

DON’T REMOVE ANYTHING FROM HIJACK THIS, WE TELL YOU WHAT TO DO IF NEEDED :-TU

Well, at the moment i managed to clear the temp folder out of all those files, now im waiting for an update by comodo or else sign, and ill try to figure out what is creating them, if they appear ill download hijack and send the results here :smiley:

now im waiting for an update by comodo or else sign
You can post and upload the .tmp files in question If you do post there, use "Additional Options..." (in red letters and it's located to the left of the "post button
  • Welcome to the Comodo Forum
    |-+ Desktop Security Products & Services
    | |-+ Comodo Internet Security - CIS
    | | |-+ AV False Positive/Negative Detection Reporting

also

now im waiting for an update by comodo or else sign
Avira is the one that's flagging it consistently