Author Topic: Trojan.Katusha  (Read 16360 times)

Offline FormerYooper

  • Newbie
  • *
  • Posts: 2
Trojan.Katusha
« on: June 05, 2010, 06:46:02 PM »
Could someone please assist me here?  I am running Windows Vista Home Premium.  I have the Free Comodo Internet Security version 4.  A couple of days ago, I downloaded (from Windows Update) Vista SP2.  Everytime I tried to download, a box would come up from comodo saying I had a Trojan.Katusha.  It's located in a file I cannot access with a very long name.  It begins with:

C:\Windows\winsxs\Temp\PendingRenames

I try to access this file to upload it so it can be scanned, but it says I cannot access it. 

Microsoft said to "disable" my anti-virus so that SP2 could download and install.  It did, but now I keep getting this dialog box from Comodo saying I have this trojan.katusha. 

I have scanned with ESET online scanner & there were no threats.  I have scanned with Malwarebytes Anti-Malware and there were no threats founds.  I have scanned with SuperAntiSpyware and nothing was found.

I have combed the Comodo Forums and have found little.  I suspect this may be a false positive.  However, I do realize that a true katusha trojan is a botnet and is very dangerous.  How could I have gotten this from Windows Update? 

Could someone from Comodo PLEASE advise me on this? 

Thank you so much.   I know very little about computers & appreciate whatever SIMPLE assistance you can give me. 

Offline languy99

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3981
Re: Trojan.Katusha
« Reply #1 on: June 05, 2010, 06:52:23 PM »
please submit the file here and you will get an answer http://www.comodo.com/home/internet-security/submit.php
http://www.youtube.com/languy99

Software Reviews for all.

Follow me on Twitter http://twitter.com/#!/languy99

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: Trojan.Katusha
« Reply #2 on: June 05, 2010, 09:12:20 PM »
Could someone please assist me here?  I am running Windows Vista Home Premium.  I have the Free Comodo Internet Security version 4.  A couple of days ago, I downloaded (from Windows Update) Vista SP2.  Everytime I tried to download, a box would come up from comodo saying I had a Trojan.Katusha.  It's located in a file I cannot access with a very long name.  It begins with:

C:\Windows\winsxs\Temp\PendingRenames

I try to access this file to upload it so it can be scanned, but it says I cannot access it. 

Microsoft said to "disable" my anti-virus so that SP2 could download and install.  It did, but now I keep getting this dialog box from Comodo saying I have this trojan.katusha. 

I have scanned with ESET online scanner & there were no threats.  I have scanned with Malwarebytes Anti-Malware and there were no threats founds.  I have scanned with SuperAntiSpyware and nothing was found.

I have combed the Comodo Forums and have found little.  I suspect this may be a false positive.  However, I do realize that a true katusha trojan is a botnet and is very dangerous.  How could I have gotten this from Windows Update? 

Could someone from Comodo PLEASE advise me on this? 

Thank you so much.   I know very little about computers & appreciate whatever SIMPLE assistance you can give me. 
This sounds like a false positive to me. Please upload the file as a false positive to the link given by languy99. They will send you an email letting you know if the file was actually malicious or not.

If it's not they will fix it and you will never receive that warning again.

Offline FormerYooper

  • Newbie
  • *
  • Posts: 2
Re: Trojan.Katusha
« Reply #3 on: June 06, 2010, 08:38:22 AM »
Thank you so much for the suggestion as to submitting the file where the suspected trojan is located.  However, this is a "hidden" file and I don't know how to access it so I can upload it to the site. 

I appreciate your being so patient and elementary in your suggestions as I an not that adept with computers.  Could you please tell me how to simply and safely find this file.  Again, it is in

c:\Windows\winsxs\Temp\PendingRenames....... (there is a long list of numbers/letters after this)

I cannot get access to it.  When I try to find it, I get a dialog box that says: "You do not have permission to view this object's security properties.  To view its security properties, you can try taking ownership of the object.  As the onwer, you can also control who gets permissions on the object.   Please note that once you take ownership, the previous owner might not have access to the object."

I would appreciate you continued assistance so that I may submit this file. 


Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: Trojan.Katusha
« Reply #4 on: June 06, 2010, 09:07:24 PM »
When you're in a folder try going to Organize / Folder and Search Options. Then go to the View tab and select the option to 'Show hidden files, folders, and drives. At least this is how it works in Windows 7.

Let me know if this works or not. I'm hoping it will be sufficient for you to upload it online as I'm not sure how to change the access permissions for folders. I did it once, but now I don't remember how.

Offline BenJG

  • Newbie
  • *
  • Posts: 6
Re: Trojan.Katusha
« Reply #5 on: July 14, 2011, 07:02:41 AM »
For anyone that found this thread in Google whilst searching for "Trojan.Katusha", the new windows update "Security update for windows 7 "KB2507938" is setting of the AntiVirus with a false positive. You can go ignore this, and continue updating.. I'm assuming an update will be implemented into comodo at some point.
« Last Edit: July 14, 2011, 07:07:00 AM by BenJG »

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25976
Re: Trojan.Katusha
« Reply #6 on: July 14, 2011, 12:47:25 PM »
BenJG is referring to Windows Update kb2507938 TrojWare.Win32.Trojan.Katusha?.

Please don't try to erase things from the WinSxS folders. It can harm your Windows installation. It looks like the Comodo people are picking up on the Trojan.Katusha alert. Please follow the mentioned topic to see if it gets judged to be a false positive and if the fix makes your alert go away or not.

Offline Ionel

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3580
Re: Trojan.Katusha
« Reply #7 on: July 15, 2011, 07:27:32 AM »
Hi,

To whom it may concern,


We isolated the issue where some legitimate files were detected as TrojWare.Win32.Trojan.Katusha.~E. An update was released and the fix is now live. Anyone who encountered any issues related to this detection, please update the CIS virus database to version 9392.



Thanks and regards,
Ionel

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek