I installed and have been using a program called “Ciel.exe” for several months. Recently, when I tried to run the program, I received a Comodo real time scanner alert warning me that “Ciel.exe” was infected with the TrojWare.Win32.Trojan.Katusha virus. When I scan the program I get no hits. I sought help on Comodo Forums here:

And uploaded it to VirusTotal with the following negative results:

I also submitted it to

And got an email back saying that they found nothing and directed me to post the problem here.

Do I have a virus?


Hi rgardner,

If you can find the FP file,you can submit through this link:Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year we can go to have a look at it.

Thanks and Regards,

I don’t know what a FP file is. Please clarify.

It has been several days since I first got this alert. I really need to figure this out so I can start using my computer again! Your assistance is appreciated.


A FP is a false positive, find the files that was detected and submit it to comodo by the link provided.

Ah, sorry. Yes, I already submitted the Ciel.exe and Catalog.dll files and got the following email back.

Tuesday, May 18, 2010 12:05 AM
From: “Comodo AntiVirus Lab”

The samples u submitted as false-positive is not detected by Comodo Internet Security version <4.0.141842.828> with database version <4868>. Please make sure the Antivirus database is updated and check again.
If detection is still present, please submit the file on Comodo forums at along with details about the environment on which this event occurred.

when i run it, but not found “catalog.dll”, so please submit this dll.

Comodo Antivirus lab

Hi rgardner,
Please pack all files that ciel.exe needed to run and submit the package(inlcude ciel.exe and it’s needed files) at

then we can confirm it.

Thanks and Regards,

There are over 93 MB of files in the application directory. How do I know which ones are needed to run it? Or do you want them all? The installation files are about 55 MB.

Just link comodo to the product\application download page and they should take it from there…

Rather than starting a new thread I add this here as it flags up the same message for me.
I am in the process of uploading 17 files that Comodo has flagged up as a result of a virus scan

Virus DB 8064
Comodo version 5.3.181415.1237

All are .cab files that seem to relate to nero burning rom v7 installer
Also attached is a text file with the saved results
Also 2 .jpg images (same info as text file)

Thanks for your submission. we will check this and if found to be a malware detection will be added soon.


Hi:) I just finished running a scan and the trojan.katusha showed up on it 27 times:

C:\Documents and Settings\Barbara\Local Settings\Temp\NERO1005887\Cab\|gdiplusA455ADFC.DLL
TrojWare.Win32.Trojan.Katusha.~E@104915147 C:\Documents and Settings\Barbara\Local Settings\Temp\NERO1005887\Cab\|gdiplusCDCB8768.DLL

The above is just a few of the paths it showed. The difference in them is after \Cab
What should I do?

Hi barbinla,

Please submit the detected files at Comodo Antivirus Database | Submit Files for Malware Analysis, so we can check it.

Thank you.


hi there, awesome program!

i got the same virusreport, also using ciel! (btw. search 4 a program named stellarium, is a grate software 2 to view stellar objects)

i´ll send the identified files.

have fun!