TR.Dropper.Gen virus detected in balenaetcher-portable-1.5.109.exe

Hello.
I downloaded balenaetcher-portable-1.5.109.exe but the antivirus installed in my Windows 10 Pro PC (360 Total Security, with Avira AntiVir scanning engine) reports high risk item TR.Dropper.Gen.
It moves the downloaded file to quarantine.
Why ?

To be honest !!!
this type of thing never happened to me
does google chrome/other browser stated it was a virus when you downloaded it
if it will be a virus or something harmful google chrome and other browser such as firefox automatically blocks it from downloading
so i recommend you that it is just a normal error that you can ignore ACCORDING TO ME
(i am saying this because i think that you have downlaoded the software from the official website)
you can contanct me if you face any problems
THANKS

I downloaded balenaetcher-portable-1.5.109.exe from the official site using the Firefox developer latest portable version.
Firefox didn’t report anything to me.
Instead, antivirus software (360 Total Security with Avira engine) did.
I specify that previous portable versions of Balenaetcher had never given me similar problems.

ok I understand what the issue is

  • do you installed that file of etcher in your system

  • did you tried to redownload it from other browser

  • if you installed that file does the antivirus still reports it as virus or blocks it from opening

THANKS

I notice that we don’t have SHA sums for the portable version; the setup version does though. If you’re in a pinch then you could install Etcher and check the sums before hand. I will notify the Etcher devs that we should publish the sums for the portable exe too :+1:

For completeness I point out:
Obviously, I have neither installed nor started the downloaded file on my system;
I downloaded the same file through another browser (Microsoft Edge) with the same result (downloaded file recognized as a virus and moved to quarantine);
I take care not to install and start a file recognized as a virus.
Here is what the antivirus reports:

Type: TR.Dropper.Gen
Scan Engine: Avira AntiVir engine
File path: C: \ Users \ LTspp \ Downloads \ balenaEtcher-Portable-1.5.109.exe
File size: 112.34M (117,801,008 Bytes)
File version: 1.5.109
File Description: Flash OS images to SD cards and USB drives, safely and easily.
MD5: b9564c442819d83fae8d0aff3ffa4f4a
Suggestion: Quarantined files

ok I understand
your personal antivirus states it as virus. does the microsoft defender states it as a virus ?

i think so you must turn off the 360 Total Security antivirus and enable the microsoft defender for some time
just download the setup again

  • if microsoft defender states it as a virus too and blocks it from opening and put it on quarantine it means that file is a virus

  • if nothing happens it means that file is not a virus and you can install it and use it

THANKS

OK.
Thank You very much.
I understand perfectly what you mean.
In fact, I scanned the file with other antivirus without getting any alerts.
This only happens with 360Total Security and Avira antivirus engine.
What I would like to understand better is: why does this only happen starting from version 1.5.109 and not the previous ones?
Why?
For what reason?
What has changed since that version that causes the problem?
I’d like to know it.

Hey.hope you are good
I would like to clear your doubt
some antivirus marks some files as a virus it doesn’t matter if it is not a virus but some antivirus do so
a minority of antivirus performs this type of things
the solution is that there is nothing to worry and there is nothing you must do

YOU ARE ALL SET !!!
just open that file and flash the iso you want

and about your question that of the setup
I don’t know about that the version things etc
sorry for that

BUT I HOPE YOU WILL UNDERSTAND THE SITUATION
THANKS :+1: :+1: :+1: :+1: :+1:
:grinning: :grinning: :grinning: :grinning: :grinning:

Version = Release
The release of BalenaEtcher portable software that seem involved are 1.5.109 or higher (e.g. balenaetcher-portable-1.5.109.exe or balenaetcher-portable-1.5.110.exe).
(Previous versions do not exhibit the reported problem.) <- deleted
I did some further checks and the problem seems to arise from release 1.5.89.

that’s okay
i want to know does the file is giving you any problem ?
are you having any problems in flashing the iso or while booting ?

and where you researched this

Sorry but i prefer do not use possible dangerous files in my computer.
I will continue to use the realises that they have not the problem.
Because they work fine for me, the same .
I will try to do the suggest test as soon as possible with a specific machine (probably a virtuale machine).
I will do to know you.
Tank you

bro that’s okay and completely normal
if you are in doubt that this is an virus so don’t worry it’s your choice to use it or not
and about the test on virtual machine it’s just a waste of time and hardwork
so i recommend you not to do the test or it’s your choice again
if you think this software/file can harm your computer/pc
so you can use another softwares available in market according to your requirements

HEY BUDDY I HAVE AN QUESTION !!!

  • For what purpose you were using balena etcher
    I mean what file you were trying to flash in the pendrive

please answer
THANKS
:smiley: :smiley: :smiley: :smiley: :smiley: :smiley: :smiley: :smiley:

I use balenaEtcher to flash simple linux .iso files to install or execute the operating systems.
But the problem is not the .iso files but, the suspected portable BalenaEtcher .exe file to flash it into usb drive.

Now, I have some questions for you:
are you a developer of BalenaEtcher portable?
Why are you so sure that version doesn’t contain a virus or code that could be detected as such?

please answer
THANKS

Hi. If you downloaded Etcher Portable from the official website (https://www.balena.io/etcher/) it should be clean. If in doubt you can try checking with services that use multiple AVs, for example: https://www.virustotal.com/. I just ran a check there with balenaEtcher portable v1.5.109 and it came out clean. What might be happening is that your AV is guessing based on heuristics, which can return false positives.

1 Like

Thanks a lot for your reply.
It is very clear, satisfying and reassuring.
I take it seriously, although it would also be interesting to understand what alarms the antivirus heuristic function.
Thank you very much

Did I said that the file will not contain virus
you are kind of assuming things by your own which is not good !!
i am not a developer of balena etcher
but it’s my duty to help those who are in need

but you are kind of sounding rude