MS Root Certificates Update Trojan FP?

During the installation of the latest Root Certificates Update via Windows Update BOClean stopped and removed the installation claiming it was a Trojan. See below.

This has never happened before in all the years I have used this program. I have never turned BOClean off during the installation of updates and never has it intercepted anything from Microsoft Updates until today.

The BOClean update def files I was using are dated 2007-09-26 14:39:44

Please advise if this is a false positive or a problem with the above definition file.

09/26/2007 15:15:20: BKDR-HUPIGON.ABG VARIANT STOPPED BY BOCLEAN!
Trojan horse was found in memory.
C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\INSTALL\ROOTSUPD.EXE contained the trojan.
Active trojan horse WAS shut down. System safe.

Hi there,

this should be an FP.

I have a similar problem with MSN Messenger upgrade file on Windows 2000, see here:
https://forums.comodo.com/comodo_boclean_antimalware/fp_of_msn8_forced_upgrade_install_on_win2k-t13113.0.html;msg91836#msg91836

best regards,

PSchuetz

Tks PS

I was sure it was. I just saw your post too. Looks like there may be a problem with the latest BOClean update file.

Hi!

I’m having the same problem here. This was the first time I’ve seen BOClean in action! Very impressive. “Errare Humanum est” Let’s wait new BOClean updates to resolve this FP.

Thank you for reporting what may be a false positive.
Please submit the file as directed in our FAQ.

[u][b]Suspected False Positives?[/b][/u]

https://forums.comodo.com/index.php/topic,8630.0.html (temp link)

Q: Where do we send the files that are being alerted on that we suspect are FPs?

A: You can email them to: malwaresubmit [ at ] avlab.comodo.com .
You may want to specify in the subject line “False Positive?” for clarity’s sake.
As usual, zip and password protect with “infected” including that information in the body.

Edit: I’ve flagged this for administrative review.

Got the same problem here BOClean thinks MS Root is a trojan and shuts it down

yeah i had the same problem when i went to Microsoft Updates and posted at DSLR

Thanks for fixing the problem so quickly guys, much appreciated. (:CLP)

so, was it confirmed to be a false-alert…a false-positive?

Hi there,

yes it would be better to confirm it official from an stuff member at Comdo, instead of only silently fixing the problem…!

So Comodo users can be really sure…!

best regards,

PSchuetz

Hi,

I had confirmation from the BOClean devs that the issue was fixed yesterday.

Garry

Fixed? I still have a red star and question mark error message in my MS update history. Did the latest BOC update install the update for me?

Parlau

Hi there,

thanks, that’s great.

I don’t know whether this update is working, but my MSN Messenger upgrade problem is gone and now I can install the upgrade…

best regards,

PSchuetz

parlau, your “windows updates history” is not going to change… the “history” shows that the installation of an update failed… that is history… you cannot rewrite history… :slight_smile: (well, at least, you cannot rewrite the windows updates history)… the question is do you have the update in question installed now…

you could go to the windows updates website and check to see if there are any updates available for your computer… also, you can look in the “history”, there, and see if the update in question has been installed, even though the history shows that the install failed, in the past…

Thanks for the tips redwolfe_98,
on the Windows update site I see nothing “waiting” to be updated, nothing important, software or hardware.
In Control Panel/Software (show updates) this update (kb931125) is not listed, so probably not present.
It isn’t the end of the world as it was only about certificates but the red error status is annoying and the update isn’t repeated as OK.
:slight_smile:

parlau, i guess you are talking about not seeing an option for uninstalling the update in “add/remove”… that doesn’t mean that the update wasn’t installed, but just that there isn’t an option there for uninstalling it…

where are you seeing the “annoying red x” that you mention?

i don’t use windows automatic updates, but you can go to the windows updates website and maybe it will show your “history” there and you can check, in your windows updates history, to see if the update in question has been installed…

when you check for updates at the windows updates website (or the “microsoft updates” website), when you scan for updates, you should select “custom” instead of “express”… i think the “root certificate” update only comes up when you use “custom” to check for updates…

sorry if you already know about all this… i just don’t know what the problem is that you are having…

Quick reply, thanks,
My problem is basically that BOClean threw up an error and stopped the update.

You are right about uninstall option and I agree with what you say.
I do use the custom update, er if any of my titles for MS subjects seem odd it is because my OS is in German. The error status in update history is what I meant with “red X”.
The “root certificate update” was in “Software” by the way.

As it isn’t really a big deal, I shall wait and see, maybe the next update will include previous certificates too. :SMLR

Found this, a direct link to the update:

http://download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/rootsupd.exe

It wont get rid of the red spot in my history mind :wink: