Audacity 2.4.2 download infected with Trojan virus [SOLVED]

Hi
Long time no speak :slight_smile:

I have just downloaded the current version of Audacity from your main website - which took me to fosshub.com where I selected the Windows file to download.

My internet security Bitdefender stopped the download for few moments, then released it with this message:

“The file…is infected with Trojan.Agent.EQRF. The threat has been successfully blocked, your device is safe”.

Now that’s an unexpected nasty surprise. Are you aware that your file is infected?

Are you talking about audacity-win-2.4.2.exe? I’m betting on a false positive… The checksum is matches and VirusTotal finds nothing.

Unfortunately has a NASTY misleading ad positioned above our downloads
Nasty Fosshub ad.png
Did you by any chance click on that very misleading blue Download button ?

You need to click on the options blow further down that page relevant to the OS you are downloading for

WC

Hey guys,

@waxcylinder - that misleading ad is deceptive, misleading - we blocked it a dozen times so far, automatically placed by Google but harmless. It does not contain any malware.

There are over 160 ads, manually verified all of them, and blocked the misleading ads - see the attached images below.

The user claims that the downloaded file was infected, which is not possible if you check the Audacity file signatures.

If it is a misleading ad, it is not the one with WinZip, so I would like to identify that advertiser and get in touch with Google ASAP.

Please check the browser download history.
winzip-download.png
winzip-download-blocked.png
winzip-download-blocked2.png

Thanks for the heads up Sam

Peter

ok. Few interesting issues are happening here and now I actually need your help please.

  1. I did NOT click on the blue download button in the ad. Looking at the screenshot above - I clicked on the link underneath Audacity Windows.zip.. Once finally downloaded and installed (after being disinfected by my Bitdefender) I opened it to check - it looked and worked ok. I noticed a larger than previously counter at the bottom. I closed the program.

  2. I’m using Windows 8.1/64. When just now prompted by the Forum message to include the version of Audacity I’m using I clicked About AUdacity - I saw that the version I have is 2.3.0. (???) Checked in Control Panel Programs - Audacity 2.3.0. What is going on?..
    Yesterday I downloaded 2.4.2. Checked in my Downloads folder - sure, 2.4.2.

  3. Clicked to run .exe again - a dialogue window opened with a warnining:
    “Unknown Publisher. This file does not have a valid digital signature that verifies its publisher”. - I wonder why? I clicked to run and it was installed. I opened it - the current version 2.4.2. Great. I closed it.

  4. To pin it to the taskbar, I typed audacity on the windows desktop and selected Audacity to pin to taskbar. opened it from the taskbar - the current version. ok, Closed it.

  5. Opened programs in the Control Panel - 2.3.0. Clicked on the desktop shortcut - it opened 2.3.0. Clicked on the taskbar icon - opened 2.3.0. Back to the Windows desktop typed audacity - one icon available when opened 2.3.0.

  6. After I installed 2.4.2, theere were two options coming up on Windows desktop: “Audacity” and “audacity.exe” . I didn’t select .exe to pin it to the taskbar, of course. Now that option is gone. Desktop shortcut created in the install opens 2.3.0.

It looks like somehow 2.4.2 does not properly override 2.3.0. The only way I can open 2.4.2 is from the Downloads folder.

Questions:

  1. Shall I uninstall 2.3.0 from the Control Panel before running 2.4.2?
  2. Will this affect my numerous audacity files saved on my computer?
  3. Why does the download file have an invalid digital signature? (does not show the publisher) Come to think of it, I now recall that when I ran it for the first time, there WAS a publisher which I didn’t recognise (?)
  4. Bitdefender internet Security is a very reliable program. I’ve been using it for many years - It does not give false positives on identified viruses. Based on this, I’m positive that there was a virus in the downloaded file. Was the file somehow infected or replaced? I don’t know, I’m not a cyber expert. Your thoughts? Should I remove this download and download the again from another (trustworthy) site?

I would appreciate your help.

You probably need to update Windows.


You have probably installed the two versions in different directories.
You could try to sort it out by uninstalling both versions, then reinstalling Audacity 2.4.2.

Also, ensure that your anti-virus is up to date.

You probably need to update Windows.

My Windows is up to date.

You have probably installed the two versions in different directories.
You could try to sort it out by uninstalling both versions, then reinstalling Audacity 2.4.2.

No. During the first install I selected the existing folder (was asked to choose). Even if the new version was installed elsewhere, it would still show in the control panel programs list. And yet, it is not there.

If I uninstall both versions - will it affect my saved Audacity files?

Also, ensure that your anti-virus is up to date

My antivirus Bitdefender is always up to date.

Is there another source/site from which I can download Audacity?

Check that you have this update: Support for urgent Trusted Root updates for Windows Root Certificate Program in Windows - Microsoft Support

Perhaps you already had two Audacity folder?
Can you do a search for the file “audacity.exe”
From your description, you must have at least two versions of that file. Where are they?


Do you mean “Audacity projects”?
Assuming that you have them saved correctly in your normal user space (such as in “Documents” or “Music”) then they will be fine.


Test the file here: VirusTotal


There’s plenty of dodgy third party websites where you can download Audacity, but we don’t recommend using them.

You can verify if you have a genuine, unmodified copy of the Audacity 2.4.2 installer, by uploading it here: WASM File Hash Online Calculator - MD5, SHA1, SHA2 (SHA256), SHA512
Then check that the “SHA256” matches this number:

1f20cd153b2c322bf1ff9941e4e5204098abdc7da37250ce3fb38612b3e927ba

See also: Redirecting to: https://www.audacityteam.org/FAQ#is-audacity-safe-to-download

@Quantum Do you still have both versions of Audacity installed or downloaded? 2.4.2 or 2.3.0? If so, test the file signatures for both of them. You can do it using a command-line file signatures program or, as Steve suggested - upload them to VirusTotal, which will scan the applications you downloaded with over 70+ antivirus engines.

BitDefender is a good antivirus. We also use it, but please keep in mind that any antivirus product might give a false positive. You should not rely on 100%. Steve suggested VirusTotal; I am doing the same.

You keep saying that you want to download Audacity, but with all the risk involved (to sound a little bit arrogant) you won’t find a more trustworthy download source than FossHub, and I will explain to you why below:

  1. Audacity files, like many other projects, are uploaded directly to FossHub by the original author - the creators of this software, these are the original, unaltered files.
  2. Once the files are uploaded, they are scanned by “Jotti’s malware scan,” a similar service with VirusTotal. We scan each file with 15 antivirus engines, as you can see, Bitdefender, the antivirus that you currently use is included. More info here: https://blog.fosshub.com/fosshub-announcing-jotti-malware-scan-integration/
  3. Audacity team, publish the file signatures on their website. By doing this, you can compare the file signatures from both Audacity and FossHub websites. How? Merely by uploading the file, you downloaded from FossHub to VirusTotal. If the file signatures match, then you are 100% sure that the file is legit.

So, in your case, you downloaded the latest Audacity version for Windows from our page:
To be more specific, this file, I just copied the URL from our website: https://www.fosshub.com/Audacity.html?dwl=audacity-win-2.4.2.exe

If you download version 2.4.2, do nothing, go to your download folder and upload it on VirusTotal, once you do it, it will take you here:
https://www.virustotal.com/gui/file/1f20cd153b2c322bf1ff9941e4e5204098abdc7da37250ce3fb38612b3e927ba/detection

As you can see, the file has already been scanned 6 hours ago but you can re-scan it once again (left corner - reload arrow). Look for the file signature, it is this one:

1f20cd153b2c322bf1ff9941e4e5204098abdc7da37250ce3fb38612b3e927ba


Now, go to Audacity download page here: https://www.audacityteam.org/download/windows/
You should see the same file signature:

SHA256 Checksum:

1f20cd153b2c322bf1ff9941e4e5204098abdc7da37250ce3fb38612b3e927ba

You can now go to FossHub Audacity project page and click on “Signature”: https://www.fosshub.com/Audacity.html
The SHA256 string should be the same:

1f20cd153b2c322bf1ff9941e4e5204098abdc7da37250ce3fb38612b3e927ba

Now you are 100% sure that the file you want to execute “audacity-win-2.4.2.exe” is safe. Furthermore, once you click on it to install, the Windows UAC should alert you that the publisher “James Crook” is verified.

You did not download any malware from us, most likely a false-positive, for your reference: https://blog.fosshub.com/how-safe-is-fosshub/

I hope this helps!

@FossHub - I’m sorry I didn’t mean to be disparaging. As the official download site selected by the Audacity Team you clearly have all the necessary credentials. My apology :slight_smile:

@steve - thanks for the links.

I will address all your points together as there is some overlap.

I do have that windows update. I could not test the infected file in the link provided as Bitdefender did not allow any access to it not even to upload it. When I attempted the installation of 2.4.2 for the second time - again, Bitdefender blocked an infected file. I then had a closer look - that file was mail.zip I suspect that this file - which was not inside the unzipped Audacity folder - was somehow attached to the downloaded file. By the way - I was not downloading any other files at that time.

Since I couldn’t do anything with it - I permanently deleted it. I have also deleted all Audacity files and folders and rebooted my computer. (well, it turned out there were still some files left…).

@FossHub thank you for providing a link to the download file. I just clicked on it and now I can see the difference..

THIS file (your link) opened as audacity-win-2.4.2.exe. Publisher - James Crook. I have now downloaded and installed Audacity successfully! Thank you!

But now I’m curious:

Where is this .exe file on your Audacity downlad site? I did not see it (still don’t) and so I initially downloaded the only applicable file I can see - Audacity Windows Zip. highlighted in yellow on this screenshot.

That file did not show the publisher. It was also highjacked to deliver a Trojan virus - which was luckily stopped (twice) by my Bitdefender. That’s the problem with .zip files. I leave it to you to investigate this file as you wish. :slight_smile:

So - all has been resolved now. I still would like to know where is the .exe file on the download site :slight_smile:

many thanks for yours and Steve’s prompt response! :smiley:
Audacity download site.jpg

It looks like I have missed a few updates…WOW…I LOVE the dark theme!!! It is perfect for my late night editing…LOL

How can I stay in touch to be notified of all updates?

We announce new releases here on the forum, on facebook and on twitter (see links near the top left corner of this page).
Release announcements include a link to a list of major changes in the new version.

ok, thanks :slight_smile:

Did bitdefender describe the file as a “trojan”?

I’d highly recommend that you do a full in-depth malware scan of your computer - not the quick scan, do the one that reboots the computer and runs for many hours (run it overnight).


Here:

@Quantum - no worries, the Windows Installer is the first link - hover your mouse over the first link, you will see it is the same I copied and pasted you, this one: https://www.fosshub.com/Audacity.html?dwl=audacity-win-2.4.2.exe

I added a red arrow - you downloaded the ZIP file (highlighted with the yellow color). There is a difference between an installer (EXE) and (ZIP) portable file. The security certificate will show up when you attempt to install the file while at the ZIP archive, well there’s an archive so you can’t insert the certificate before opening the archive, I hope this does make sense.
Audacity-Windows-Installer.png

thanks LOL sorry, I’m not geek enough to know that .exe file is in Windows Installer. I thought that this is some sort of support program like download manager :laughing: No worries.

yes, I know the difference between .exe and .zip. Avoid downloading zip whenever I can as they are often infested with viruses.

yes, Bitdefender called it Trojan.

thanks, I will run a full scan (it takes 13 hrs).
Bitdefender alert.jpg

@Quantum - I am glad you managed to sort it out, I confirm that we have no program named mail(1).zip :slight_smile:

If you would like to double-check your computer, we have some excellent anti-malware programs listed here: https://www.fosshub.com/Anti-Malware.html

Thank you!

@FossHub

I still believe that this program was somehow downloaded together with yourWindows.zip file. I know it’s not your program, but hackers can attach their virus carrying files to the legitimate downloads without the owner’s knowledge.

It was not a coincidence that this malicious file was stopped by my Bitdefender TWICE, each time I attempted to run Audacity from your zip file at that very moment. If it was once - ok. But twice?..

I would recommend examining that zip file closely :slight_smile:

many thanks for the link - I will try those antimalware programs :slight_smile:

@Quantum - sorry, but what you’re suggesting is that the malware was contained inside the “audacity-2.4.2.zip” file. To be more specific, this file:

https://www.fosshub.com/Audacity.html?dwl=audacity-2.4.2.zip

This file always had the following signature: 0c14f7c6850c93b9dacc14fe66876b8dc3397d92dbd849898783a21bad1fff55

All services that we use have the same signature since it was published.

Please, look carefully at your browser history and see from where you downloaded that archive. From the image, you have uploaded the file named “mail(1).zip” is located on your “Downloads” folder. If it was as you claim, that file should’ve been found inside the Audacity ZIP archive and quarantined/removed by BitDefender.

The BitDefender log should show that file as a standalone file or keep a basic history.

I am confident that “mail(1).zip” from your computer is not from us. References:

https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/W32~Bagz-A/detailed-analysis.aspx
https://malware.wikia.org/wiki/W32.Sober.X@mm

If you do a little research, you will see that there’s a lot of malware spread as “mail.zip”

We serve between 5-10 million downloads each month, and we monitor carefully any malware report. Yours is alone regarding this file, and we did not receive any other complaints.