File name is…
utt41f.tmp.bat
C:\Documents and settings\user\Local Settings\temp\utt41f.tmp.bat
Should I remove this or not?
Not sure if it’s anything to be worried about.
Also, Svchost.exe keeps asking for permission to be used whenever my computer is switched on, and im not sure whether it’s a virus named as a Windows file, because it’s also saying it doesn’t have a valid siganture.
All help appreciated guys!
Hi necrohands,
If you can find the FP file,you can submit through this link:Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year we can go to have a look at it.
Thanks and Regards,
FangFang
I recognised that particular TMP file… it’s from a uTorrent update. It just contains the commands to delete the downloaded EXE. There is also usually a EXE version as well. It’s nothing to worry about. Perfectly normal for a uTorrent update. But, you will continue to get them unless you create AV exceptions to ignore them. Unfortunately, that requires the use of wildcards (eg. C:\Users\username\AppData\Local\Temp\utt*.tmp.exe). So, there is a slight risk in doing that.
Care to comment FangFang?
Hi kail,
If you can find the FP file,you can submit through this link:Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year we can go to have a look at it.
Thanks and Regards,
FangFang
Hi FangFang
I have submitted the BAT file. But, to be honest, there’s not a lot of point looking at this like that. Here’s the content of what I just submitted (utt5BC5.tmp.bat) & I think you’ll see what I mean.
ping -n 2 127.0.0.1
del C:\Users\kail\AppData\Local\Temp\UTT409~1.EXE
So, they always come in pairs (the UTT*.TMP.BAT & UTT*.TMP.EXE) and being an update they are always different.
Massively thankful for that response, that’d make sense due to uTorrent being on my machine. I’ll set it to ignore the file.
In regards to Svchost.exe, anyone got any suggestions?
necrohands
The SVCHOST issue is something completely different and is a potential concern. I recommend that you post a separate topic (in the section depending on which CIS component issued the alert) on this issue & submit SVCHOST to Comodo for analysis (just in case).
Welcome to the forums btw.
Ok, I will do.
I allowed it to run once and it came up with Hijackthis as a virus alert, which I did some research on. Doesn’t look harmful, but i’ll keep blocking it for now, given the fact that it isn’t causing any harm by me blocking it! I’m more concerned by the fact I havent downloaded Hijackthis, nor does it have a valid signature.
Thanks for the welcome too, i’ve been lurking a little while, I usually just google most things, but I’d like to be able to input where others need help too, and you know, get involved. After all, if it wasn’t for every one of you guys doing the same, we wouldn’t have the comodo we love and need today!