Highlighted
Super Contributor - Level 1

Possible S32 Firmware virus?

I just downloaded the firmware for all the X32 and X-Air gear - except the S32 firmware - Avira Antivirus says it is infected an will not allow the download.
Indianapolis, IN
Tags (1)
TimPadrick Super Contributor - Level 1 2017-05-29

2017-05-29

Possible S32 Firmware virus?

I just downloaded the firmware for all the X32 and X-Air gear - except the S32 firmware - Avira Antivirus says it is infected an will not allow the download.

  • 0 Kudos
  • 16 Replies
  • Reply
Triber Moderator

Re: Possible S32 Firmware virus?

Tim Padrick;124648 wrote:
I just downloaded the firmware for all the X32 and X-Air gear - except the S32 firmware - Avira Antivirus says it is infected an will not allow the download.


Hi Tim,

Can you please provide us the specific link you used when trying to download this update from us? Also please kindly provide a screenshot of the message that pops up for us if you can.

We take security on our website very seriously and we're going to be looking into this further. Thanks!
Michael Lapke
Contributor - Level 2

Re: Possible S32 Firmware virus?

This is most likely the old problem with the "TR/Dropper.Gen" file that hinders some of the Music Group software from beeing installed without a hitch. It's been like that for ages - I have to say I really don't understand why a company like music group is not able to program their software better and isn't even able to get their drivers signed. As great as the products are, things are really lacking on the software side.
Super Contributor - Level 1

Re: Possible S32 Firmware virus?

This is not an install issue - I cannot even download it owing to the AV software.

The link is http://downloads.music-group.com/software/behringer/S32/S32_Firmware_Update_1.7.zip

Turns out that Rafael is right, it is trdropper.gen
Indianapolis, IN
Contributor - Level 3

Re: Possible S32 Firmware virus?

Tim Padrick;124853 wrote:
This is not an install issue - I cannot even download it owing to the AV software.

The link is http://downloads.music-group.com/software/behringer/S32/S32_Firmware_Update_1.7.zip

Turns out that Rafael is right, it is trdropper.gen


If the file is in quarantine does that mean you can tell your virus protection software that this one is ok and let it thru? I know they should fix the problem but if this is urgent will this let you continue with what you are trying to download?
Contributor - Level 2

Re: Possible S32 Firmware virus?

I've downloaded and scanned that file with Avast and MalwareBytes. It looks fine. It's likely you've just got a false positive. A Dropper.Gen false positive issue is known concerning Avira.

Google: "avira false positive dropper"

I'd temporarily disable Avira and download it to a flash drive. You can scan it on other computers loaded with other virus programs, if you want to be sure. Or you could download on a different computer and move it via a flash drive.
Contributor - Level 1

Its a False positive, I had scanned it using more than 20 Virus scanners

Dear Tim,

Thanks for reporting. Its a false positive and I will report it to Avira and other vendors to update their virus definitions file.

Complete scanning result of "S32_Firmware_Update_1.7.zip",

[ file data ]
* name..: S32_Firmware_Update_1.7.zip
* size..: 645935
* md5...: ab56dabc1eaacc0624609d9b992d8393
* sha1..: d450654bda8c7d1d6aae639d121ee01218a26699

[ scan result ]
ALYac 1.0.1.9/20170603 found nothing
AVG 16.0.0.4776/20170603 found nothing
AVware 1.5.0.42/20170603 found nothing
Ad-Aware 3.0.3.1010/20170603 found nothing
AegisLab 4.2/20170603 found nothing
AhnLab-V3 3.9.0.17697/20170603 found nothing
Alibaba 1.0/20170602 found nothing
Antiy-AVL 1.0.0.1/20170603 found nothing
Arcabit 1.0.0.806/20170603 found nothing
Avast 8.0.1489.320/20170603 found nothing
Avira 8.3.3.4/20170603 found TR/Dropper.Gen
Baidu 1.0.0.2/20170601 found nothing
BitDefender 7.2/20170603 found nothing
CAT-QuickHeal 14.00/20170603 found nothing
CMC 1.1.0.977/20170603 found nothing
ClamAV 0.99.2.0/20170603 found nothing
Comodo 27209/20170603 found nothing
Cyren 5.4.30.7/20170603 found nothing
DrWeb 7.0.28.2020/20170603 found nothing
ESET-NOD32 15523/20170603 found nothing
Emsisoft 4.0.1.883/20170603 found nothing
F-Prot 4.7.1.166/20170603 found nothing
F-Secure 11.0.19100.45/20170603 found nothing
Fortinet 5.4.233.0/20170603 found nothing
GData A:25.12682B:25.9684/20170603 found nothing
Ikarus 0.1.5.2/20170603 found Trojan.Dropper
Invincea 6.3.0.25390/20170519 found virus.win32.virut.br
Jiangmin 16.0.100/20170603 found nothing
K7AntiVirus 10.14.23550/20170603 found nothing
K7GW 10.14.23550/20170603 found nothing
Kaspersky 15.0.1.13/20170603 found nothing
Kingsoft 2013.8.14.323/20170603 found nothing
Malwarebytes 2.1.1.1115/20170603 found nothing
McAfee 6.0.6.653/20170603 found nothing
McAfee-GW-Edition v2015/20170603 found nothing
MicroWorld-eScan 12.0.250.0/20170603 found nothing
Microsoft 1.1.13804.0/20170603 found nothing
NANO-Antivirus 1.0.76.17180/20170603 found nothing
Panda 4.6.4.2/20170603 found nothing
Qihoo-360 1.0.0.1120/20170603 found nothing
Rising 28.0.0.1/20170603 found Malware.Generic.5!tfe (thunder:5:X0icdpFSaTL)
SUPERAntiSpyware 5.6.0.1032/20170603 found nothing
Sophos 4.98.0/20170603 found nothing
Symantec 1.3.1.0/20170603 found nothing
Tencent 1.0.0.1/20170603 found nothing
TheHacker 6.8.0.5.1582/20170602 found nothing
TotalDefense 37.1.62.1/20170603 found nothing
TrendMicro 9.740.0.1012/20170603 found nothing
TrendMicro-HouseCall 9.900.0.1004/20170603 found Suspicious_GEN.F47V0602
VBA32 3.12.26.4/20170602 found nothing
VIPRE 58558/20170603 found nothing
ViRobot 2014.3.20.0/20170603 found nothing
Webroot 1.0.0.207/20170603 found nothing
WhiteArmor 9101275/20170601 found nothing
Yandex 5.5.1.3/20170602 found nothing
Zillya 2.0.0.3302/20170602 found nothing
ZoneAlarm 1.0/20170603 found nothing
Zoner 1.0/20170603 found nothing
nProtect 2017-06-03.02/20170603 found nothing

Antony Santhanamariyan
Principal Engineer, Security
MUSIC
Contributor - Level 1

Avira confirms that the software is clean.

The analysis you requested is now complete:
File Result
S32_Firmware_Update_1.7.zip/S32update_1-7.exe Clean
S32_Firmware_Update_1.7.zip/S32_Firmware_Update_1,7.pdf Clean

For more information regarding our detections please visit the Avira Virus Lab page.
Stay safe,
Your Avira Virus Lab team

I hope this helps.

Antony Santhanamariyan
Principal Engineer, Security
MUSIC
Super Contributor - Level 1

Re: Possible S32 Firmware virus?

For this and other reasons, I dumped Avira and went back to AVG.
Indianapolis, IN
Contributor - Level 2

Re: Possible S32 Firmware virus?

This is no Avira issue. It's a sloppy programming issue.