USB cable driver CD triggers malware alert; probably false positive
Could files on the driver CD included with some USB radio programming cables be triggering a malware alert?
It’s a possibility in one case, according to James, K7NEO. He apparently stumbled upon the warning yesterday after running a check on the driver CD he had received with his USB programming cable.
“I was excited to get my radio, but I erred on the side of caution and scanned the CD that came with it,” wrote James. “I can’t say it’s 409shop’s fault as I have no clue who did what — just giving everyone a heads-up.”
After receiving a warning from his desktop virus scanner indicating that the files could contain malware called “Trojan.ADH.2,” James ran the files through VirusTotal, a service that checks many different anti-virus programs simultaneously. Of the 40 services tested, he said that 23 indicated that the file was possibly suspect. We analyzed the same USB driver software available as an online download from both 409shop and a US distributor and neither showed as infected (VirusTotal showed 0 positive of 19 tested). It is also very possible, however, that this alert is a false positive and is being triggered erroneously.
Even if it’s not a false positive, Trojan.ADH.2 is a low-level threat and easy to remove if it were to infect your computer, according to Symantec’s website. The episode, however, has made James think twice about installing drivers, even from supposedly trusted sources.
“What really hit home for me was the common sense of never blindly trusting a source of data or files. You should always scan for threats,” he said.
In some cases it may be better to download drivers from the seller’s or manufacturer’s website directly versus using accompanying CDs. Not only are these often the latest and most up-to-date versions, they can also be more easily scanned through an online service (like VirusTotal) before downloading.
Editor’s Update: Jim, KC9HI purchased a programming cable from 409shop which came with a driver CD. He scanned the CD and found no viruses or malware. Not sure what to make of this other than to assume that the original case was some kind of false positive.
Heard back from Carol at 409shop. She didn’t indicate whether or not they had received other reports, but did offer up their website driver download page as an alternative:
Been there, I was given a graphics tablet some years back for Christmas poped the driver disc in and hey presto! virus alert. Needless to say I tried to contact the manufacturer who had gone out of business. My family had brought it from a clearance shop. I decided to go ahead and install the drivers, the computer didn’t work well, the tablet not at all, a full virus scan showed a file not included on the CD which was a virus. The tablet ended up in the bin with the CD, great Christmas present! I always now check everything.
Good info. Has someone considered contacting the manufacturer? They may be able to make a small change to the file code to prevent this..
Not going to bother to attempt to get Baofeng’s or 409shop’s side of the story before recklessly smearing them?
The Baofeng UV-5R doesn’t come with any software. My guess is that James purchased a UV-5R as a package from 409shop that included the programming cable. It would have been the programming cable that included the software, not the radio. My 6-034 programming cable (which I purchased from 409shop separately) included a software and driver CD but I didn’t open it (I already had the software and drivers downloaded and installed before the radio and cable arrived). For the fun of it I got the CD out and popped it into my CD drive and scanned it. No threats were found.
Thanks for the info, Jim. I suspect that this is probably a false positive or some other kind of minor problem.
I own a Baofeng UV-3R and programming cable. Mine didn’t come with a CD either, now that I think of it.
I appreciate your comment, Robert. I have no issue with Baofeng radios (just the opposite, actually — I like them a lot). I scanned the driver from 409Shop’s website and did not find a problem — and reported that. The issue with the driver on the CD, as I noted, could be a false positive.
I will email 409Shop to see if they’ve had any other reports from users.