Worm:W32/Kataja is a detection for shortcut (.LNK) files that are designed to trick users into unwittingly launching and spreading worm-like malware.
Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.
A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:
Check for the latest database updates
First check if your F-Secure security program is using the latest updates, then try scanning the file again.
Submit a sample
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.
Exclude a file from further scanning
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
Note: You need administrative rights to change the settings.
LNK files identified by the Worm:W32/Kataja detection are used by worm-like malware to lure users into clicking them, unwittingly launching the worm so that it can install itself onto a machine and spread copies of itself.
Malicious LNK files may be dropped onto a system as part of the payload of another malware (for example, a trojan-dropper that is spread in email file attachments), and point to malicious files or components secretly installed elsewhere on the system. LNK files are also seen used in infected removable drives; in such cases, the malicious files are hidden on the removable drive, while the LNK file pointing to them is visible. In both scenarios, clicking on the LNK file launches the associated malicious files.
Based on the specific malware or variant involved, clicking on the LNK file may result in the worm performing various actions, such as stealing data, contacting a remove server for further instructions, downloading and installing additional files and so on. Once launched, the worm will often also try to spread copies of itself by infecting any other attached removable drive, or other connected network targets.