..\Macromed\Flash\testupdate.txt reported as malware

Hello,

Comodo Firewall Pro is reporting that Firefox is attempting to launch a file from windows\system32\macromed\flash\testupdate.txt when opening several tabs all at once so I was unable to identify which site was generating the issue.

I have blocked this file and followed all the instructions at http://forums.majorgeeks.com/showthread.php?t=139313 and none of those tools reported a problem.

I've done google searches and the only reference I can find is to certain malware creating and deleting this file (like this one: www.pcreview.co.uk/forums/thread-1709118.php).

I've checked Adobe's support pages/forums, Comodo's support pages/forums, etc. and there is no clear indication of what this file is supposed to be doing and I am not seeing any of the other behaviors.

Do you have any information on this file and what it is supposed to do? It seems odd that a legitimate Flash update would revolve around a .txt file.

I have the logs if you'd like me to send them along. The only odd thing I could recognize was that combofix reported this:
" /wow section - STAGE 32
The requested operation cannot be performed on a file with a user-mapped section open." and rebooted my machine but continued to run fine after the reboot.

Any thoughts would be greatly appreciated! Thanks in advance!

 

See attached for the first three.

 

And the fourth.

Thank you for your earlier prompt response, greatly appreciated.

 

Hi Tim,

I ran CCleaner as part of the first steps recommended at this link: http://forums.majorgeeks.com/showthread.php?t=35407

Here's what happened:
I loaded a bunch of bookmarked blogs from Firefox's "open all in tabs" and Comodo fired referencing the testupdate.txt. Two things caused me to pause, the shortened spelling of Macromed and the fact it was trying to access a .txt file so I blocked it.

I was curious so I searched Google for macromed\flash\testupdate.txt which referenced that file was added/deleted by some viruses but no references to what it actually did. I also checked Adobe's site and forums with no results as well as Comodo's forums and support.

The fact that there did not appear to be any good references to the file also puzzled me and in my searching I found the malware removal forums here and proceeded to follow the steps of running cccleaner, etc. and then all the anti-malware tools that generated those logs.

I did not try to run Internet Explorer, I rarely open it.

I did a search for that file immediately after blocking it with Comodo Firewall with no results which added to my curiosity.

As my normal protection package, I run: Comodo Firewall, AVG Anti-Virus, Lavasoft Ad-Aware and Watch, Spyware Blaster and weekly Spybot S&D immunizations and search and destroys.

A few days prior to the message appearing, I did insert a CD from a friend, the CD had only images in .jpg format on it, I scanned it for viruses with nothing found, copied the files to my desktop and scanned the folder with nothing found.

Frankly, I'm a bit paranoid about all this stuff, so figured I'd post and see what could be seen.

 

Thanks, I'll try the software forum.

 

It found zero bad files. Log is attached.

Thanks again for all your help!

 

That's my working theory but it was quite vexing to find so little information on it floating around on the internet. It's nice to have some confirmation.

Thanks again for your help!