K-lite codec pack suddenly gets a TrojWare.Win32.Trojan.Katusha.~E[at]104915147 alert on the libavcodec.dll (Program Files\K-Lite Codec Pack\fddshow\libavcodec.dll), i seriously doubt this being a positive find. I downloaded the latest version from the K-lite codec pack official site (http://www.codecguide.com/) wich seems to be down at the moment. Got K-lite codecs installed forever and nothing in the FFMpeg ever came up as a trojan nor did it ever ask for internet access or whatever.

Running WinXp SP3 with latest updates, K-lite codec pack is latest, V6.04 i think.

Thanks in advance.

Hi Saintj,

Could you please submit the detected file at Comodo Antivirus Database | Submit Files for Malware Analysis.

Thanks and Regards,

Uploading doesen’t work, for some reason network administrator of the company i’m at doesen’t let me, wen i try to upload it just goes blank so that’s a no-go, sorry, all i can do is give you the exact info i’m getting and the place i downloaded the file from (wich is the official site). Never dowload exes, bats, coms whatever so don’t run other executables (unlesss they are known to be safe) so it can’t be infected from the outside.

The weird thing is, it says it’s a trojan wen Mplayer classic was turned on and not wen it was turned off, now i rescanned the single file with the program turned off, no trojan, rescanned with a full scan heuristics high (file size up to 1024mb and scan everything really, nothing in the allow list but the comodo files) the file didn’t come up as a trojan again (Now Winrar’s Default.SFX. WinCon.,SFX and Zip.SFX pop up again as “Heur.Packed.Unknown” wich i posted before and should have been fixed already…).

Opened the same video file (a avi file) I had open before, did a single file scan (same settings as above) no trojan found, did another full scan now it popped up TrojWare.Win32.Trojan.Katusha.~E[at]104915147 (and the Winrar files popped up again but i won’t mention those again, they should have been fixed a ton of Virus DB releases ago… atleast that’s what i was told), Ran a different file (Matroska (MKV)) no virus popup on full scan, no virus popup (because it uses haali splitter instead of FFmpeg), ran a different video file again (this time another avi wich uses FFMpeg) the virus popped up again.

Ran a Threat Fire scan with the file open, nothing came up.

Well that’s all the info I can give you, it’s obviously only picked up wen FFMpeg is open.
Their site is up and running again so you can download and test the file from there, it hasen’t been modified or whatnot so as soon as FFMpeg opens with a file the virus pops up (while it makes no connection to internet what so ever).

Try putting it in a password protected zip file with the password ‘infected’ (no quotes).

Then either upload it to the website or send it as a false positive to:

You’re probably not allowed to upload it because a scanner detects it as malicious.

Doesen’t work either email bounces back… sigh
Seriously I tried, I want to help but it just doesen’t work, it might be my Admin filtering stuff I have no idea, i’m using my own laptop on the wifi here so my privilege to do stuff is like 0% on the server (since i’m not a registered user with this comp i’m just using their hotspot).

Can’t you guys just download the package from codecguide.com (previously stated aswell) it’s just the full package install and as soon as you run something that requires FFMpeg and you do a scan you get the trojware, if you turn it off it’s gone…
I know it’s alot to ask but I really have no idea what else to do, maybe someone else cfan submit it, the trojware comes free for everybody that downloads the k-lite package :stuck_out_tongue: while CNet and softpedia etc. say its tested spyware/virus free.

as for the winrar thing that should have been fixed already but it just isen’t, check topic https://forums.comodo.com/av-false-positivenegative-detection-reporting/false-positive-cygwin-t55278.0.html;prev_next=prev

Hi Saintj,

Can you tell us which version of Comodo Internet Security are you using? The latest version is 4.1.150349.920. If you’re not using this, please update CIS and verify if the issue is still present.

You can perform update the program by accessing “More” → “Check for Updates”.

Please let us know if you encounter any further issues.

Thanks and regards,

Seems to be fixed wen I updated to 4.XX, i was still on the latest 3.XX because welll, 4.0 was a beta/RC1 at the most,I hear great things about 4.1 though but it’s still RC2/RC3 if you ask me (with the slight bugs being there, the sandbox still not working 100%, CLT still comming up with some fails and spyshelter test still having some openings (webcam, screenshots, sound etc.)) so I kind of wanted to wait until the next release but well it seems to be ok now.
Still running a scan now but it seems to be corrected (atleast the scan hasen’t picked up anything yet and before it picked up the trojware in the first few sec).

Thanks for the help guys and keep up the good work :slight_smile:

I have an problem like that. The Comodo quarantine does not offers me priviledges, but I am an admin of the computer. So i can not delete or move this files. So are the files in quarantine. But I obeserved if I restore a file from quarantine I don’t have any permissions. So I can not upload, delete, move and open the file. The solutin si to manualy add from comodo the file in quarantine and remove it from there. Hope this bug will be resoved.