FP [Fixed]

patrice58 · February 18, 2010, 3:46pm

C:\Windows\winsxs\Manifests\x86_microsoft-windows-i…l-keyboard-00000449_31bf3856ad364e35_6.0.6000.16386_none_e897409f65053372.manifest TrojWare.Win32.Hrup.a[at]97653966 Weirdly enough this ONLY shows up when I am scanning with another scanner, say superantispyware or malwarebytes then when the other scanner reaches that point the real time scanner (CIS) picks up the malware but nor malwarebytes or superantispyware picks it up as a virus. (Which leads me to my next question why does the AV alerts vanish after a period of time it should stay there until a action is taken.) When using the right click scan or running a scan normally nothing is found I might add which I explained when I sent the FP on the website. I submitted it to CIMA and the comodo and there email is as follows

Hi,

The file KBDINTAM.DLL (SHA:bf1e0a1519c8cc850bbed500c126f3197526b61b) submitted as false positive is not detected by Comodo
Internet Security version 3.14.129887.586 with database version 3977.
Please make sure the Antivirus Database is updated and check again.
If detection is still present, please submit the file on Comodo forums at
https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected-b154.0/
along with details about the environment on which this event occurred.

–
Thanks,
Vaishnavi.V.K
Comodo AntiVirus Lab

e_xistense · February 18, 2010, 4:07pm

Hi patrice58,

Can you please give us more details about your system?

CIS version & AV DB version
version of Windows, platform (x32/x64), any service pack that you have installed

Thanks,
Ionel

patrice58 · February 18, 2010, 4:15pm

Vista home 32 bit service pack 2 I don’t know what the DB version was then but now it’s 3981.

patrice58 · February 18, 2010, 4:24pm

I forgot to say all heuristics are on high but it was not a heuristic detection anyway but thought it might help.

e_xistense · February 18, 2010, 4:37pm

Hi patrice88,

The file

KBDINTAM.DLL (SHA:bf1e0a1519c8cc850bbed500c126f3197526b61b)

does not correspond to reported detection

TrojWare.Win32.Hrup.a[at]97653966

and this is the reason why response was sent that respective file is not detected.

The false-positive with corresponding signature

TrojWare.Win32.Hrup.a[at]97653966

was fixed with DB 3975 and should not result in false-positives anymore.

If you can, please try to recreate the steps that previously led to false warning to verify if there are any more issues to look into.

Thanks and regards,
Ionel

patrice58 · February 19, 2010, 9:29am

Why you had KBDINTAM.DLL (SHA:bf1e0a1519c8cc850bbed500c126f3197526b61b) and not C:\Windows\winsxs\Manifests\x86_microsoft-windows-i…l-keyboard-00000449_31bf3856ad364e35_6.0.6000.16386_none_e897409f65053372.manifest is because you can’t upload the former file when you do you are made to click to the latter file. Try it yourself and see if you can upload the former file. You will be disappointed.

patrice58 · February 19, 2010, 9:32am

Oh FP has been fixed. :-TU