Hi
Just a quick question.
There appear to be a number of links around suggesting that Trovi ‘malware’ is being installed along with the Audacity installation?
Can anyone confirm (or deny) this as I know at least one person this appears to have affected?
Cheers
LRon
Can you point to one of these links? Can you tell if the person got Audacity from the approved server?
http://audacityteam.org/download/
Koz
The links are here http://tinyurl.com/qz68bnm .
Audacity does not come with bundleware and malware if you download it from our site: http://audacityteam.org/download/ . Search for “audacity” (without quotes) here and look at the results.
If you choose to download Audacity elsewhere or from advertisements offered by Google search results you must take your chances. Audacity has no connection with third-party distributors of Audacity other than those linked to on http://audacityteam.org .
If anyone needs Trovi removal instructions, try http://malwaretips.com/blogs/trovi-com-removal/ .
Gale
Hiya
Thanks for your replies.
I’ve asked the person involved and, apparently, the download was from the audacity/sourceforge link!
She’s very tech-savvy and checks what’s installed so unless it came via some other route…!
I don’t know what other route that might be though.
It does seem a bit odd that there are a number of other folk that have had similar experiences with Trovi after installing Audacity.
I’ve got no criticism of Audacity (I use it myself for some things when I’m not using Logic Pro) but it might be worthwhile checking out other forums which mention this and investigating the circumstances. Audacity is a great piece of kit and it would be a shame to have the perception of any links to Trovi.
Many thanks
LRon
There is no such site controlled by Audacity Team as “audacity/sourceforge”.
This is the official download site of Audacity: Audacity ® | Downloads .
Obviously I already looked at other topics about this. Please be completely specific. What is the exact URL of the download link on http://audacityteam.org/ that contains Trovi?
Gale
Hi, I am the person involved.
I downloaded Audacity 2.0.5 on 11June for my daughter to use for homework. We downloaded it from the Audacity website, and in my list of programs the publisher is shown as “Audacity Team”.
The next time the computer was started up and browser opened we had the Trovi homepage and all other tabs had disappeared (Firefox), and a pop-up window from “Opti-something”. I closed my browser to check what was going on. In my list of programs there was something with the suffix Opti-" which had installed at the same time as Audacity. I deleted this unwanted program but left Audacity because my daughter’s homework was still in progress.
When I looked online to see if there was any info about this Trovi thing I found the link that have already been mentioned, so I felt that I wasn’t alone in having had this happen. Although, obviously I have no idea where the other people downloaded from.
Sorry, there have been lots of link previously mentioned so it is not clear what you are referring to.
The correct place to download Audacity for Windows is here: Audacity ® | Download for Windows
I have personally checked those downloads and they are 100% clean.
The recommended download for Windows is:
Audacity 2.0.5 installer > (.exe file, 21.2 MB, including help files) for Windows 2000/XP/Vista/Windows 7/Windows 8
The scan results (downloaded and scanned today) from over 50 leading anti-virus scanners are available here:
Full link:
https://www.virustotal.com/en-gb/file/88e63316304304c8e028062bb117025ce0da7a72e5032e9726e2a1ea3c2b961d/analysis/1402919759/
Note that checksum: 88e63316304304c8e028062bb117025ce0da7a72e5032e9726e2a1ea3c2b961d .
If you run an SHA-256 checksum calculator such as Checksum calculator for Windows - Bitser Freeware on the 2.0.5 installer you downloaded and you get a different checksum, then it is not the same file as ours in the virustotal scan.
Gale
Hi
If you check my original post you’ll see that I said “‘malware’” not virus so I’m not sure why you’re getting so het up about Audacity containing a virus - this wasn’t what I said!
Malware can refer to all sorts of PUP’s not just viruses and in this case the ‘malware’ that I was referring to is a ‘browser helper’ (sic) of some sort.
I have downloaded the latest software from your site (and please note that your address is audacity.sourceforge etc. so the silly comments made about my use of Audacity/Sourceforge are infantile) SHA-ed it and checked it myself for viruses so I know it’s clean.
The point I was enquiring about and bringing to your attention was that there is a growing perception that the Trovi crap and Audacity are being linked and was trying to help you with a potential problem. Personally I couldn’t care less if this happens as I’m quite happy with Logic Pro and only use Audacity for quick jobs or when I can’t be bothered to fire up the Apple.
But hey, it’s your product - do what you want.
Anyway, I hope that you are prepared to address the problem and that it doesn’t damage your reputation if there are ‘additional’ attributes found!
Cheers
LRon
We never used the word “virus” but we use virustotal to indicate that our downloads do not contain malware.
What do you suggest we do? You apparently admit that the download links on http://audacityteam.org/ do not contain Trovi but neither you or emmammj will give the actual address where you downloaded Audacity from. Obviously “the audacity/sourceforge link” is meaningless as something we can investigate.
Your browser history will say where you visited if you retain history.
If you were apparently on http://audacityteam.org/ then you could already have malware on your computer that was showing you our site when you were on another site.
So thanks for the heads up but as you can appreciate there is nothing we can do without some concrete information to go on.
Gale
I’m pleased that you agree. That being the case, I don’t see that there is much that we can do about a problem that isn’t in our product.
Hi
OK - so two replies, one pedantic and the other smug!
Pedantic first:
the link/file address referred to by both myself and emmaamj is http://audacity.googlecode.com/files/audacity-win-2.0.5.exe which is copied from your audacity/sourceforge website.
Now the smug:
Perhaps you missed my point and the reason I contacted you in the first place. But I’ll repeat it again one last time in the hope that it’ll make some sort of impression. There is a perception out in Audacity userland that a relationship exists between Audacity and the Trovi ‘browser helper’. This may be mistaken or it may have some reality - I neither know nor care - but it exists and it is your reputation that will take a nosedive if you fail to act in such a way as to reassure users that no such relationship exists. You are already aware of this - Gale already supplied a link and here’s a few more:
http://malwaretips.com/threads/trovi-arrrrrg.24706/
http://askleo.com/how-do-i-keep-my-browser-from-being-hijacked/
http://www.youtube.com/watch?v=XF9Jff14dB4
http://dwpexamination.org/forum/off-topic/anyone-know-about-this-annoying-window-and-how-to-possibly-get-rid-of-such/
All of the above associate an unwanted Trovi installation with Audacity. So you can keep repeating that it’s not official or they didn’t download it from the official repository or whatever you want but your software is being associated, rightly or wrongly, with this annoying problem.
As I’ve already stated, I don’t care one way or the other, but it seems a shame that you nit-pick and prevaricate and waffle and patronise and act pedantically and basically do nothing while the fruits of your hard work risk being damaged by your low quality attitude.
This association will spread unless you do something about it.
Anyway, you do what you feel is best and good luck - you might need it quite soon!
Cheers
LRon
Referring back to your original question:
I believe that both Gale and I have confirmed that Audacity, as released by the Audacity team, is totally free of malware of any kind.
Sadly there are bad people out there that do all sorts of bad things, including repackaging Audacity with malware, breaching the terms of the GPL license agreement, infringing the legal rights of the the registered trademark holder, passing off Audacity as their own commercial product, and other immoral and/or illegal practices. We do not have the resources to police the Internet or to follow up every criticism. We do however spend a great deal of time and effort in making Audacity the best multichannel audio editor that we can, provide comprehensive documentation and on-line support, and provide all of this for free. We strongly urge all users to obtain Audacity (free of charge) from the official download locations and when appropriate, we point out the potential dangers of installing software that has been obtained from unofficial sources.
Thank you for your stated concern about the reputation of Audacity. Probably the best tool that we have in combating the fraudsters and malicious hackers is for the millions of happy users of (genuine) Audacity to spread the word and let others know how and where to safely get it from. (Here: Audacity ® | Downloads )
You can’t have it both ways. Or are you suggesting that download became infected and now isn’t infected?
As an open source application we don’t and can’t control third-party distributors of Audacity. Therefore there is a general perception that Audacity is malware among a minority of users who click on scam advertisements for Audacity but don’t find our real site.
It is the same for most popular open source software. It gets abused by people offering the “latest” versions of it who lace the installer with malware of any kind including PUP’s.
Even if we wanted to take action against the source of the Audacity installer containing Trovi, we can’t - because no-one has given the URL of that installer.
I don’t think it’s mistaken, though there have been no reports of Trovi to our feedback address, so I don’t think the problem is widespread.
What I think is mistaken is that you got the BHO from http://audacity.googlecode.com/files/audacity-win-2.0.5.exe .
You still have not told us what we should do about that.
We already have a FAQ Audacity Manual which is near the top of our FAQ list.
I already posted Trovi removal instructions in my first reply.
Then I suggest you stop posting about it unless you reveal what you think we should do about it. How can we remove a PUP from our installer that isn’t there?
Same comment as above.
Gale
This association will spread unless you do something about it.
I think you overestimate the size of the Audacity Corporate Family. We would sic our crack legal office on the offending web sites, but there is no office and there’s no corporation, either. We’re a tiny collection of volunteers that can, in general, barely keep up.
If you wanted to volunteer to police the problem that would be good. Are you volunteering? We’ll put you down for that (enter your name, not the American sense)
Koz