Windows Update kb2507938 TrojWare.Win32.Trojan.Katusha?

when installing the Windows Update kb2507938
I get the following Comodo alerts,False Positive and nothing to worry?

COMODO Internet Security Premium - Log Viewer Logs



Antivirus Events

Date Created


2011-07-13 08:06:52

Records count


Date Location Malware Name Action Status
2011-07-13 08:00:53 C:\Windows\WinSxS\Temp\PendingRenames\f5baccd61941cc01b9010000580a640f.x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_93e0f4a0b76565a2_kernel32.dll_ef9eca7e TrojWare.Win32.Trojan.Katusha.~E@104915147 Detect Success
2011-07-13 08:00:57 C:\Windows\WinSxS\Temp\PendingRenames\f5baccd61941cc01b9010000580a640f.x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_93e0f4a0b76565a2_kernel32.dll_ef9eca7e TrojWare.Win32.Trojan.Katusha.~E@104915147 Ask Success
2011-07-13 08:01:22 C:\Windows\winsxs\Temp\PendingRenames\f5baccd61941cc01b9010000580a640f.x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_93e0f4a0b76565a2_kernel32.dll_ef9eca7e TrojWare.Win32.Trojan.Katusha.~E@104915147 Quarantine Success
2011-07-13 08:01:32 C:\Windows\WinSxS\Temp\PendingRenames\b2cd23ee1941cc01bb010000580a640f.x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_93e0f4a0b76565a2_kernel32.dll_ef9eca7e TrojWare.Win32.Trojan.Katusha.~E@104915147 Detect Success
2011-07-13 08:01:32 C:\Windows\WinSxS\Temp\PendingRenames\b2cd23ee1941cc01bb010000580a640f.x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_93e0f4a0b76565a2_kernel32.dll_ef9eca7e TrojWare.Win32.Trojan.Katusha.~E@104915147 Ask Success
2011-07-13 08:01:48 C:\Windows\winsxs\Temp\PendingRenames\b2cd23ee1941cc01bb010000580a640f.x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_93e0f4a0b76565a2_kernel32.dll_ef9eca7e TrojWare.Win32.Trojan.Katusha.~E@104915147 Quarantine Success
End of The Report

Hi finn1313 ,

Please submit the detected files as False Positives using the following link: Comodo Antivirus Database | Submit Files for Malware Analysis

Thanks & Regards,

Very weird. I specifically registered just now to ask this exact same question. I am running Windows 7 32-bit, and downloaded Windows Update KB2507983. Every time this update tries to install, I get a TrojWare.Win32.Trojan.Katusha warning via Comodo.

To the original poster, are you sure the KB you are downloading via Microsoft Update is KB2507938 and not KB2507983? You have the last two numbers transposed…

Please let us know what you find out, finn1313!

I got the same warning this morning, too. My Windows Update number is KB2507938, I double checked it. I am running Windows 7 32-bit, also. Please give us an update!

I think you and the OP are correct. I think I might have transposed the last two numbers of the KB string. My bad! :o

Which files do I submit for false positive testing? There were at least 6 generated for each of the 4 notices I received. When I tried to send the DLL file, I was told I was not authorized to open it. Then, when I tried to send one of the others, it started uploading, then continued for over an hour before I terminated it. Any suggestions?

Updated Win 7 this morning (64bit) and no problems with the referenced MS KB update.

Hi Everyone

I had the same problem with Windows Update number KB2507938.

On my notebook which is Windows 7 32 bits it detected the Trojware.Win32.Trojan.Katusha

When i updated Windows in another notebook which has Windows 7 64 Bits it was OK and did’nt show anything.

So this issue is clearly with the update to the 32bits version of Windows 7.


Unfortunately, I am still having the same problem installing KB2507938. I’ve updated Comodo’s definitions and I’m still getting a TrojWare.Win32.Trojan.Katusha warning.

Additionally, I have discovered another update from Microsoft that is causing the same problem: KB2533623. Anyone else encountering issues when installing this update from Microsoft?

Got the exact same problem with the same windows 7 32-bit updates. CIS keeps reporting the same trojan on those updates and keeps me from installing them.

Is it this one?

…or this one?

On my XP system CIS doesn’t detect them.

EDIT: Yeeeeeeeyyy…my post #1000 !!! :BNC :■■■■

[attachment deleted by admin]


Can you please tell us the language of the operating system? Which version?


Mine is windows 7 ultimate - 32 bit, portuguese (PT).

I’m using the English (US) version of Microsoft Windows 7 Ultimate, 32-bit.

I’ve had the same thing today on two PC’s both running W7 32 Bit English (UK) version.

Turning Comodo off didn’t help. I had to uninstall it before the updates would install.

NB: I didn’t have the Anti-Virus module, just the Firewall and Defense +.

I am having the same problem with KB2533623 as I did with KB2507938, with Windows 7, Home Premium, 32 bit. This morning I tried to install KB2507938, and, each time the Comodo alert came up, I chose “Ignore - once” (It popped up about 10 times). When it was done, Windows Update said that the update had installed correctly. I know I took a chance in doing it that way, but figured if it came from MS, it had to be a false positive, since others I know who installed it, and were not running Comodo, did not have a problem.

Hi everyone,

We isolated the issue where some legitimate files were detected as TrojWare.Win32.Trojan.Katusha.~E. An update was released and the fix is now live. Anyone who encountered any issues related to this detection, please update the CIS virus database to version 9392.

Thanks and regards,

Thanks for the quick work on this! Does the update account for both KB2507938 and KB2533623?


The fix is available for both updates.


What will happen with those running just the Firewall and Defense + modules where the installation is still blocked?