FYI, I am using Win XP SP3, CIS FW since 7/2009, and just today I updated to CIS Version.3.1.4.130099.587. I do not use the CIS antivirus.
Beginning in December 2009 Comodo alerted me that Firefox was trying to create a new directory or file with the name C:\Windows\system32\Macromed\Flash\testUpdate.txt. Wondering if it was malware trying to trick me, because I would think a valid update from Firefox would let me know by a method other than a Comodo alert, I blocked it.
I had version 10.0.32.18 of Adobe Flash, so I updated to Adobe Macromedia Flash NPAPI version and Active X Control 10.0.42.34. Interestingly, after I did the two updates in Secunia, I started to do one for Yahoo Messenger. IE7 opened up for that. And almost immediately after came a Comodo alert that IE was trying to create that same named .txt file, so I blocked it there too.
Despite the Flash update, the alert messages did not disappear. So I then checked “Remember my answer” to block every time.
For many weeks now, I have noticed that Defense+ alerts many, many times during the routine use of my computer. I have been on the computer for about two hours now. When I click in Proactive Defense in Comodo on the number of suspicious attempts blocked so far, in Defense+ Events screen that displays I already have about 70 instances of C:\Program Files\Mozilla Firefox\firefox.exe wanting to modify file C:\Windows\system32\Macromed\Flash\testUpdate.txt.
I posted in the Mozilla forum. This was the reply:
Reply notification: From: “notifications@support.mozilla.com”
“Snerdly” has posted a reply to a thread you’re watching.
You can view the thread and reply at the following URL:
https://support.mozilla.com/en-US/fo...threadId553929
Message:
I permanently blocked this random request today. Possible virus action?"
Snerdly" has posted a reply to a thread you’re watching.
You can view the thread and reply at the following URL:
https://support.mozilla.com/en-US/fo...threadId554977
Message:
Prevx has this listed as cloaked malware. See:
http://www.prevx.com/filenames/X1407...ZSYDZ.EXE.html
testUpdate.txt
Anyway, even after putting the most current version of Adobe Flash on my computer, Comodo is still blocking this thing. I may get dozens or even more than 100 attempts in a day when I use Firefox. And I have had it show up a few times when I use IE7, which I had been using much less often. So, I will still block it every time it shows up.
I went to C:\Windows\system32\Macromed\flash\ and had a look. I have Flash10c.ocx, Flash10d.ocx, (both ActiveX controls), flashplayer.xpt, GetFlash.man, install.log (only text file), FlashUtil10d.exe, NPSWF32.dll (10.0.42.34 Shockwave Flash), NPSWF32_FlashUtil.exe, uninstall_activeX.exe and uninstall_plugin.exe.
I do NOT have testUpdate.txt in that folder, and a search of my whole computer does not find testUpdate.txt either!
I was advised to “Head to the Comodo forum. I don’t understand why Comodo would be blocking one program on your computer firefox.exe from doing anything to another file on your computer.
A firewall blocks something from the outside from coming in or something from the inside going out. Clearly something isn’t listed correctly.”
Any ideas? I lean toward this being some cloaked malware that has nothing to do with Firefox, IE or Flash. I also tend toward it being something lurking on the hard drive even prior to my installation of Comodo, which was July 2009.
How can I tell if it is something outside trying to get in or something trying to get out?