My apologies if this has been discussed before, but I could not find an exact match.
Not exactly sure how it happened, but my "FlashPlayerUpdateService" was installed in Windows/System32/Macomed/Flash folder and harbored a nasty virus that put files in prefetch and executables (Oie7ij01.exe) in the scheduled tasks list that kept respawning, also put entries in the Registy "Run" key and effectively shut down my computer. Took me a day to find the root cause and have not seen this mentioned on any virus sites.
I figured out it was respawning every hour, so I took a look at the scheduled tasks. Once I paused them, the spawning stopped. I disabled the Flash Player Update and restarted the other scheduled tasks and all seemed OK all day. Still thought there were other remenants around, so I decided it was time for my "once very 2 years" rebuild.
Below is a picture of the Flash directory before I wiped the machine. The files with an ".eee" extension were originally .exe executables. The 3 files with a similar name look suspicious. I still have this directory saved to an off-line drive if someone wants to take a close look.
I understand the automated mechanism when it works properly. I have been using Adobe products for years and they are generally designed superbly.
However, something affected its operation so that whenever it ran, it created an entry in the Windows prefetch folder titled "OEI7IJ01.EXE-02DFE2EF.pf" and also created multiple entries in the scheduled task list to run an 82KB process named "Oei7ij01.exe. Everytime I cleared out the processes they would show up an hour later. When I paused (and eventually disabled) the Flash Player Updater the creation and execution of this process stopped.
Thanks for the heads up. I haven't seen this before but I just forwarded your post along to the developer responsible for this feature. I'd definitely like to hear from any others that have also had this happen.
Europe, Middle East and Africa