9 Files flagged as trojan occurred after todays update not sure related.

Boclean just identified 9 files that supposedly are infected with a Trojan.
I choose do not remove files because they appeared to be important ones.
Interestingly the alert came up when I first booted into my limited user
account. Does not in Admin account and going back to LUA it didn’t not come
up again. Anyone else have this. Occurred after last update. Joti indicated nothing found I realize that that is for viruses only . AVG full scan found nothing. Will do maleware scans next.

C: windows/system32/devldr32.exe
C: windows/system32/ntdll.dll
C: windows/system32/kernel32.dll
C: windows/system32/msvcrt.dll
C: windows/system32/advapi32.dll
C: windows/system32/rpcrt4.dll
C: windows/system32/gdi32.dll
C: windows/system32/user32.dll
C: windows/system32/shlwapi.dll


Edited: AVG Antispyware, Asquared, AVG free AV, joti and virus total show no problems.

What should my next step be? Thanks

have a look here:
Seems to be a similar problem.
What’s happening?
An fp for sure. But how come the alerts are so ‘unreliable’?

some of them look like legitimate files… others, i am not familiar with, right off… i think they are false positives and i am glad you didn’t allow BOC to remove the files…

maybe you should zip copies of the files and submit them to comodo as possible false-positives…

for info about how to submit false-positives to comodo, look in the FAQ’s at the top of the forum…

Disregard below found out how to pswrd protect sent in to company

[s]Last thing I could think of scanning files with was spybot also showed clean.

I have all 9 files in a zipped folder but I don’t know how to password protect.

Windows XP Pro SP2
Thanks a great deal

I’ve reported your post to the team for review.
Thank you for your help!

Reports in other forums point to an “unreported” update of (2007-8-06 16:50:52) as being the culprit.

Just to make it clear, I get the update notices and there wasn’t a notice for that update, but that’s what was reported in the program. (I was one of the people that posted that else where.)
That kind of threw me, but it’s happened before so I didn’t think twice about it until all heck broke loose on two XP boxes.


Thanks for confirming G!

Just as a matter of interest just how do windows files happen to come up as false positives, does someone at BOClean add them to the definitions by mistake?

Just very curious as to how this happens. Just how do FPs occur?

As you can guess I know nothing about how the technical side of this works.



From what I gather BoClean does not have any particular definitions but uses a process where the behavior of the file triggers the alerts. I am sure others more technically minded will fill us in more as the day progresses.

Keep in mind there could very well be a problem in my operating system and these files have been modified and are now behaving in a way that BoClean is trained to recognize that behavior as suspicious.

The selfish part of me is hoping these are false positives. Grin (I apologize Comodo)

We had a faulty update which caused this. It has been taken care of.
If you are still noticing these false-positive cases, please make sure you have latest signature updates.


(:CLP) (:LOV) Thank you for the reply. Errors can occur in any security program. I am most appreciative of this fine forum and the ifine responses I got in regards to this issue.

Thank you Cat and all involved.

Take Care