virus in sansa firmware update program???

"Virus detected: W32/Xor-encoded.A


I got this message from Panda IS 2008 when i tried to run the Sansa Firmware Updater that i got from

Also when i try to run it, it fails at “downloading latest sansa updater” with the message “the installation failed, please try again later” i’m guessing because of my anti-v.

What gives? Let me know if you need more info.

Message Edited by login on 10-11-2008 04:28 AM

Additional Info:

I have a sandisk C240 mp3 player and the current firmware is 01.00.04A. I thought maybe it could use a firmware update as it had been doing something funny for a bit (blanking out artist names, multiple copies of the same song showing up in playlist, etc) and i was worried something might have gotten damaged in the players internal system files. do i want a firmware update or something else?

anyway, i dont want to try installing the program with the antivirus turned off until i get confirmation that im getting a false positive. is there a virus attached to the updater program or not? i havent found anything in the forums about this or anything else similar besides here:

I too have just recieved a quarantine notice from ESET NOD32 Smart Security about this install. The file in my user application data folder ‘SansaUpdater.exe’ ( installed from SansaUpdaterInstall.exe ), and the file ‘SansaUpdater.tmp’ which was downloaded as part of the update using the previous updater; were both imediately quarantined and will not stay on my system because they have been picked up as a variant of the Win32/Genetik Trojan.

This presents quite a problem. Even if I turn off the protection, as soon as I turn it back on the file is removed. I cannot update to the latest version of the updater. The two other files that accompany the file still remain but the main one I need is gone. 

Could this be a false positive that is being detected by ESET NOD32 by the means in which the program obtains information for updating the Sansa? This was my initial assumption being that the program has to automatically access the external device without user action and is reading information from the device, and downloads files to be replaced; both characteristics of Trojans and keyloggers…Or is it that the Sansa Updater has been exploited?

Just Curious…

Really hoping to get a resolution to this issue…

I have submitted the file to ESET for analysis and have written them concerning the problem as well.

THX… :smiley:

System: Windows XP SP3

Sansa: Sansa E260 V2


No news about the Virus detected: W32/Xor-encoded.A problem with the Sansa Firmware Updater ??


Also, I would like to know if this forum is sometimes visited by Sandisk/Sansa Team, please.

Same problem with NOD32. I’m curious to know if it’s the firmware update program or if it’s a NOD32 database update that’s causing it.

Previously, I was able to install all versions of the Sansa firmware update program. But why would this version cause it to be recognized as a trojan if it is any different from other versions. All versions have to ‘call home’ to Sansa to check firmware revisions. 

to e2xxAA:

Im relying on this site to give me further information. As of the date of this post, my internet security still gives me this warning “Virus detected: W32/Xor-encoded.A” when i run Sansa Firmware Updater. The path to the problem that it gives me is The installation always fails, i assume, because the antivirus blocks it from finishing. Not running it with antivirus turned off until i get official confirmation that its some sort of false positive.

Message Edited by login on 11-02-2008 08:44 AM

According to the release notes:

Known Issues:


• Some proxy server configurations may affect the connectivity with the back-end server

• Some firewall configurations may affect and block the communication with the back-end server

I would say this is most likely your problem (your anti-virus and/or firewall configuration). A company like SanDisk is not going to put out software with a virus in it. Bugs, glitches? Yes. Viruses, Trojans? No.

If you’re really concerned, un-install the latest Updater, and manually update your firmware. An update only occurs ‘once in a blue moon’ anyway, so having the Updater hang around on your system trying to connect and seraching for updates every time you plug in your player is kinda pointless (and irritating).

You can always check here on the forum for any news of a firmware update. The only one we know of in the near future is one for the Fuze in November. Haven’t heard any rumors about anything else being updated. Manually installing the updates is simple, easy, and probably just as fast as using the Updater. And there are always instructions on how to do it in the release notes. :smiley:

How can it be a user’s problem when the anti-virus is set default. Add to the fact that the problems started with this updater.

It’s not that we’re concerned about the integrity of Sandisk. It’s just that we would like an updater that works. It’s just convient to not have to manually update the firmware. Take a normal user into account also. Suppose you’re just a person who has no tech experience fiddling around with gadgets and firmware. He doesn’t want to read through hundreds of posts to find out how to update his device. 

It’s either poor programming or the updater needs to be submitted to the respective AV companies for inclusion on their database. 

I have been running NOD32 for a very long time, currently build 3615 and it’s without protest, though I have not been running updater.