Defense+ alerts that firefox.exe wants to modify Flash\testUpdate.txt

FYI, I am using Win XP SP3, CIS FW since 7/2009, and just today I updated to CIS Version. I do not use the CIS antivirus.

Beginning in December 2009 Comodo alerted me that Firefox was trying to create a new directory or file with the name C:\Windows\system32\Macromed\Flash\testUpdate.txt. Wondering if it was malware trying to trick me, because I would think a valid update from Firefox would let me know by a method other than a Comodo alert, I blocked it.

I had version of Adobe Flash, so I updated to Adobe Macromedia Flash NPAPI version and Active X Control Interestingly, after I did the two updates in Secunia, I started to do one for Yahoo Messenger. IE7 opened up for that. And almost immediately after came a Comodo alert that IE was trying to create that same named .txt file, so I blocked it there too.

Despite the Flash update, the alert messages did not disappear. So I then checked “Remember my answer” to block every time.

For many weeks now, I have noticed that Defense+ alerts many, many times during the routine use of my computer. I have been on the computer for about two hours now. When I click in Proactive Defense in Comodo on the number of suspicious attempts blocked so far, in Defense+ Events screen that displays I already have about 70 instances of C:\Program Files\Mozilla Firefox\firefox.exe wanting to modify file C:\Windows\system32\Macromed\Flash\testUpdate.txt.

I posted in the Mozilla forum. This was the reply:
Reply notification: From: “
“Snerdly” has posted a reply to a thread you’re watching.
You can view the thread and reply at the following URL:


I permanently blocked this random request today. Possible virus action?"

Snerdly" has posted a reply to a thread you’re watching.
You can view the thread and reply at the following URL:


Prevx has this listed as cloaked malware. See:


Anyway, even after putting the most current version of Adobe Flash on my computer, Comodo is still blocking this thing. I may get dozens or even more than 100 attempts in a day when I use Firefox. And I have had it show up a few times when I use IE7, which I had been using much less often. So, I will still block it every time it shows up.

I went to C:\Windows\system32\Macromed\flash\ and had a look. I have Flash10c.ocx, Flash10d.ocx, (both ActiveX controls), flashplayer.xpt,, install.log (only text file), FlashUtil10d.exe, NPSWF32.dll ( Shockwave Flash), NPSWF32_FlashUtil.exe, uninstall_activeX.exe and uninstall_plugin.exe.
I do NOT have testUpdate.txt in that folder, and a search of my whole computer does not find testUpdate.txt either!

I was advised to “Head to the Comodo forum. I don’t understand why Comodo would be blocking one program on your computer firefox.exe from doing anything to another file on your computer.
A firewall blocks something from the outside from coming in or something from the inside going out. Clearly something isn’t listed correctly.”

Any ideas? I lean toward this being some cloaked malware that has nothing to do with Firefox, IE or Flash. I also tend toward it being something lurking on the hard drive even prior to my installation of Comodo, which was July 2009.

How can I tell if it is something outside trying to get in or something trying to get out?

As to the why does Comodo flag FF writing to that folder? Because it is a protected folder.

The url’s that point to the FF forums are not working. Can you edit them?

First things to try would be to uninstall Flash with this tool and then reinstall both versions of Flash from the Adobe web site.

Second thing I would try is to run FF in its Safe mode (all extensions switched off) and see if the same thing happens. May be you are using a funky extension.

A next step could be to harden FF by enabling all the Protection Settings in its D+ rule and then see if the D+ logs sheds a new light on things.

Then see what What to do if you’re infected - eXPerience Rev.3 brings to light or not.