FP [Fixed]

C:\Windows\winsxs\Manifests\x86_microsoft-windows-i…l-keyboard-00000449_31bf3856ad364e35_6.0.6000.16386_none_e897409f65053372.manifest TrojWare.Win32.Hrup.a[at]97653966 Weirdly enough this ONLY shows up when I am scanning with another scanner, say superantispyware or malwarebytes then when the other scanner reaches that point the real time scanner (CIS) picks up the malware but nor malwarebytes or superantispyware picks it up as a virus. (Which leads me to my next question why does the AV alerts vanish after a period of time it should stay there until a action is taken.) When using the right click scan or running a scan normally nothing is found I might add which I explained when I sent the FP on the website. I submitted it to CIMA and the comodo and there email is as follows


The file KBDINTAM.DLL (SHA:bf1e0a1519c8cc850bbed500c126f3197526b61b) submitted as false positive is not detected by Comodo
Internet Security version 3.14.129887.586 with database version 3977.
Please make sure the Antivirus Database is updated and check again.
If detection is still present, please submit the file on Comodo forums at
along with details about the environment on which this event occurred.

Comodo AntiVirus Lab

Hi patrice58,

Can you please give us more details about your system?

  • CIS version & AV DB version
  • version of Windows, platform (x32/x64), any service pack that you have installed


Vista home 32 bit service pack 2 I don’t know what the DB version was then but now it’s 3981.

I forgot to say all heuristics are on high but it was not a heuristic detection anyway but thought it might help.

Hi patrice88,

The file

KBDINTAM.DLL (SHA:bf1e0a1519c8cc850bbed500c126f3197526b61b)

does not correspond to reported detection


and this is the reason why response was sent that respective file is not detected.

The false-positive with corresponding signature


was fixed with DB 3975 and should not result in false-positives anymore.

If you can, please try to recreate the steps that previously led to false warning to verify if there are any more issues to look into.

Thanks and regards,

Why you had KBDINTAM.DLL (SHA:bf1e0a1519c8cc850bbed500c126f3197526b61b) and not C:\Windows\winsxs\Manifests\x86_microsoft-windows-i…l-keyboard-00000449_31bf3856ad364e35_6.0.6000.16386_none_e897409f65053372.manifest is because you can’t upload the former file when you do you are made to click to the latter file. Try it yourself and see if you can upload the former file. You will be disappointed.

Oh FP has been fixed. :-TU :slight_smile: