Trojan in Dune v3.53 windows installator [Solved]

[Tomarkus]

Hello,

I purchased a Dune 3 yesterday and today I wanted to install the Windows version on my workstation (Win11). As soon as I downloaded dune352win.zip from the website, Windows Defender detected and immediately deleted the file finding the following Trojan in it:



More information about this threat:
https://www.microsoft.com/en-us/wdsi/th ... 2147735503

Is it false-positive? or are the installation files actually infected?

I'd like to ask for a reaction - not the best first experience for a new customer who just spent $179 to buy the plugin...

[Christophe]

no problem here with Windows Defender

[Kriminal]

Where did you download it from?

[Tomarkus]

hmm, this is strange.

I have deleted Windows Defender detection history following this guide:
https://answers.microsoft.com/en-us/win ... 5a3402d26a

and attempted to re-download the dune3 installator one more time, this is how it looks on my end (screen recording):
https://drive.google.com/file/d/1yWhXNq ... share_link

as you can see - I'm not making this up

[Teksonik]

No problems with Bitdefender Total Security either. I just ran the file through Virus Total and it scored a perfect 0/55. You can do the same.

https://www.virustotal.com/gui/home/upload

D3 031623-2.png

It's a false positive most likely due to the level of security you have Windows Defender set to.

Synapse Audio has been around for almost 25 years so they are a trusted company.

Oh and I can't play your .mp4 file. It says I'm missing a codec. I have played countless of such videos without issue so I'm not sure what's going on.

[Tomarkus]

Where did you download it from?

Directly from https://www.synapse-audio.com/service-downloads.html

[Teksonik]

Run the file through Virus Total and post a screenshot of the results as I did earlier.

https://www.virustotal.com/gui/home/upload

[Tomarkus]

Synapse Audio has been around for almost 25 years so they are a trusted company.

Of course, I have full confidence in Synapse Audio and do not doubt their reputation.

Hacking into sites sometimes happens and sometimes and along with the application you can get a keylogger or a crypto miner as a freebie - that's the case I'm afraid of.

As for my Windows Defender, it runs on absolutely default settings and I have changed absolutely nothing.

[Tomarkus]

Oh and I can't play your .mp4 file. It says I'm missing a codec. I have played countless of such videos without issue so I'm not sure what's going on.

Here is the YT version:
https://www.youtube.com/watch?v=BbtEbdH8qps

[Tomarkus]

Run the file through Virus Total and post a screenshot of the results as I did earlier.

https://www.virustotal.com/gui/home/upload

This may not be easy since windows defender immediately removes the file from the hard drive, and I'd rather not add it to the exception since I'm not sure it's infected. But since you were able to check the version from the website and it's fine, maybe it's a false positive after all - but I hope my case is/will be an isolated one.

[Teksonik]

Hacking into sites sometimes happens and sometimes and along with the application you can get a keylogger or a crypto miner as a freebie - that's the case I'm afraid of.

Yes a supply chain hack is possible but I see no evidence of that happening in this case.

As for my Windows Defender, it runs on absolutely default settings and I have changed absolutely nothing.

I just scanned the .exe on my other system which does run Windows Defender and it passed.

Do you have "Controlled Folder Access" enabled in Defender? That's the only option I have turned off, all the other options are enabled.

No one else is reporting the issue yet and none of us can reproduce it so at this point it appears to be a false positive. I just downloaded the file again this morning so it should be up to date.

EDIT: OK I normally don't do this but I downloaded directly on my studio computer (I normally download on this system then move the files by USB stick) and Windows defender allowed the download to complete and then scanned the .zip file as clean.

So I don't know what's going on. You'd think that Windows Defender would react the same way to the same file. I assume you've tried to download again today?

My Defender definition file is 1.385.169.0 created on 15 March at 10:17pm

Anyway if you're still uneasy then you could send a support request to Synapse or wait for the owner Richard to post here.

[Tomarkus]

Hacking into sites sometimes happens and sometimes and along with the application you can get a keylogger or a crypto miner as a freebie - that's the case I'm afraid of.

Yes a supply chain hack is possible but I see no evidence of that happening in this case.

As for my Windows Defender, it runs on absolutely default settings and I have changed absolutely nothing.

I just scanned the .exe on my other system which does run Windows Defender and it passed.

Do you have "Controlled Folder Access" enabled in Defender? That's the only option I have turned off, all the other options are enabled.

No one else is reporting the issue yet and none of us can reproduce it so at this point it appears to be a false positive. I just downloaded the file again this morning so it should be up to date.

EDIT: OK I normally don't do this but I downloaded directly on my studio computer (I normally download on this system then move the files by USB stick) and Windows defender allowed the download to complete and then scanned the .zip file as clean.

So I don't know what's going on. You'd think that Windows Defender would react the same way to the same file. I assume you've tried to download again today?

Anyway if you're still uneasy then you could send a support request to Synapse or wait for the owner Richard to post here.

I have "Controlled Folder Access" disabled as well, but since this is a fresh install of Win11, it is disabled... by default?

Just now I downloaded the file on my girlfriend's Win10 laptop without any issues from WD side - this is super weird since the WD version and virus definition files are the same. After this, I added an exception in Defender on my Audio Workstation, downloaded the file and installed it. Then, I ran a full scan - no issues were found. Looks like indeed this is a false positive.

Thank you Teksonik for the help and for the investigation!

[Teksonik]

No problem, I'm glad you got it working.

Could it be an issue with Win 11? I'm still on Win 10 as well so maybe Win 11's WD is a bit more aggressive?

[Richard]

The "Controlled Folder access" option in Windows Defender seems to give you a virus warning for just about anything you try to install, at least from our tests (except for Microsoft products I suppose). I don't know what the point is in having this option. Oddly enough, maybe 10-20% of the time it will allow an installer to complete, so it does not appear to be secure either.