Could someone please assist me here? I am running Windows Vista Home Premium. I have the Free Comodo Internet Security version 4. A couple of days ago, I downloaded (from Windows Update) Vista SP2. Everytime I tried to download, a box would come up from comodo saying I had a Trojan.Katusha. It’s located in a file I cannot access with a very long name. It begins with:


I try to access this file to upload it so it can be scanned, but it says I cannot access it.

Microsoft said to “disable” my anti-virus so that SP2 could download and install. It did, but now I keep getting this dialog box from Comodo saying I have this trojan.katusha.

I have scanned with ESET online scanner & there were no threats. I have scanned with Malwarebytes Anti-Malware and there were no threats founds. I have scanned with SuperAntiSpyware and nothing was found.

I have combed the Comodo Forums and have found little. I suspect this may be a false positive. However, I do realize that a true katusha trojan is a botnet and is very dangerous. How could I have gotten this from Windows Update?

Could someone from Comodo PLEASE advise me on this?

Thank you so much. I know very little about computers & appreciate whatever SIMPLE assistance you can give me.

please submit the file here and you will get an answer Comodo Antivirus Database | Submit Files for Malware Analysis

This sounds like a false positive to me. Please upload the file as a false positive to the link given by languy99. They will send you an email letting you know if the file was actually malicious or not.

If it’s not they will fix it and you will never receive that warning again.

Thank you so much for the suggestion as to submitting the file where the suspected trojan is located. However, this is a “hidden” file and I don’t know how to access it so I can upload it to the site.

I appreciate your being so patient and elementary in your suggestions as I an not that adept with computers. Could you please tell me how to simply and safely find this file. Again, it is in

c:\Windows\winsxs\Temp\PendingRenames… (there is a long list of numbers/letters after this)

I cannot get access to it. When I try to find it, I get a dialog box that says: “You do not have permission to view this object’s security properties. To view its security properties, you can try taking ownership of the object. As the onwer, you can also control who gets permissions on the object. Please note that once you take ownership, the previous owner might not have access to the object.”

I would appreciate you continued assistance so that I may submit this file.

When you’re in a folder try going to Organize / Folder and Search Options. Then go to the View tab and select the option to 'Show hidden files, folders, and drives. At least this is how it works in Windows 7.

Let me know if this works or not. I’m hoping it will be sufficient for you to upload it online as I’m not sure how to change the access permissions for folders. I did it once, but now I don’t remember how.

For anyone that found this thread in Google whilst searching for “Trojan.Katusha”, the new windows update "Security update for windows 7 “KB2507938” is setting of the AntiVirus with a false positive. You can go ignore this, and continue updating… I’m assuming an update will be implemented into comodo at some point.

BenJG is referring to Windows Update kb2507938 TrojWare.Win32.Trojan.Katusha?.

Please don’t try to erase things from the WinSxS folders. It can harm your Windows installation. It looks like the Comodo people are picking up on the Trojan.Katusha alert. Please follow the mentioned topic to see if it gets judged to be a false positive and if the fix makes your alert go away or not.


To whom it may concern,

Thanks and regards,