Audacity Forum

@FossHub - I'm sorry I didn't mean to be disparaging. As the official download site selected by the Audacity Team you clearly have all the necessary credentials. My apology

@steve - thanks for the links.

I will address all your points together as there is some overlap.

I do have that windows update. I could not test the infected file in the link provided as Bitdefender did not allow any access to it not even to upload it. When I attempted the installation of 2.4.2 for the second time - again, Bitdefender blocked an infected file. I then had a closer look - that file was mail.zip I suspect that this file - which was not inside the unzipped Audacity folder - was somehow attached to the downloaded file. By the way - I was not downloading any other files at that time.

Since I couldn't do anything with it - I permanently deleted it. I have also deleted all Audacity files and folders and rebooted my computer. (well, it turned out there were still some files left...).

@FossHub thank you for providing a link to the download file. I just clicked on it and now I can see the difference..

THIS file (your link) opened as audacity-win-2.4.2.exe. Publisher - James Crook. I have now downloaded and installed Audacity successfully! Thank you!

But now I'm curious:

Where is this .exe file on your Audacity downlad site? I did not see it (still don't) and so I initially downloaded the only applicable file I can see - Audacity Windows Zip. highlighted in yellow on this screenshot.


That file did not show the publisher. It was also highjacked to deliver a Trojan virus - which was luckily stopped (twice) by my Bitdefender. That's the problem with .zip files. I leave it to you to investigate this file as you wish.

So - all has been resolved now. I still would like to know where is the .exe file on the download site

many thanks for yours and Steve's prompt response!

It looks like I have missed a few updates...WOW...I LOVE the dark theme!!! It is perfect for my late night editing...LOL

How can I stay in touch to be notified of all updates?

Quantum wrote: ↑

Tue Jun 30, 2020 12:44 pm

How can I stay in touch to be notified of all updates?

We announce new releases here on the forum, on facebook and on twitter (see links near the top left corner of this page).
Release announcements include a link to a list of major changes in the new version.

ok, thanks

Quantum wrote: ↑

Tue Jun 30, 2020 12:30 pm

I then had a closer look - that file was mail.zip I suspect that this file - which was not inside the unzipped Audacity folder

Did bitdefender describe the file as a "trojan"?

I'd highly recommend that you do a full in-depth malware scan of your computer - not the quick scan, do the one that reboots the computer and runs for many hours (run it overnight).

Quantum wrote: ↑

Tue Jun 30, 2020 12:30 pm

Where is this .exe file on your Audacity downlad site?

Here:

@Quantum - no worries, the Windows Installer is the first link - hover your mouse over the first link, you will see it is the same I copied and pasted you, this one: https://www.fosshub.com/Audacity.html?d ... -2.4.2.exe

I added a red arrow - you downloaded the ZIP file (highlighted with the yellow color). There is a difference between an installer (EXE) and (ZIP) portable file. The security certificate will show up when you attempt to install the file while at the ZIP archive, well there's an archive so you can't insert the certificate before opening the archive, I hope this does make sense.

thanks LOL sorry, I'm not geek enough to know that .exe file is in Windows Installer. I thought that this is some sort of support program like download manager No worries.

yes, I know the difference between .exe and .zip. Avoid downloading zip whenever I can as they are often infested with viruses.

yes, Bitdefender called it Trojan.


thanks, I will run a full scan (it takes 13 hrs).

@Quantum - I am glad you managed to sort it out, I confirm that we have no program named mail(1).zip

If you would like to double-check your computer, we have some excellent anti-malware programs listed here: https://www.fosshub.com/Anti-Malware.html

Thank you!

@FossHub

I still believe that this program was somehow downloaded together with yourWindows.zip file. I know it's not your program, but hackers can attach their virus carrying files to the legitimate downloads without the owner's knowledge.

It was not a coincidence that this malicious file was stopped by my Bitdefender TWICE, each time I attempted to run Audacity from your zip file at that very moment. If it was once - ok. But twice?...

I would recommend examining that zip file closely

many thanks for the link - I will try those antimalware programs

@Quantum - sorry, but what you're suggesting is that the malware was contained inside the "audacity-2.4.2.zip" file. To be more specific, this file:

https://www.fosshub.com/Audacity.html?d ... -2.4.2.zip

This file always had the following signature: 0c14f7c6850c93b9dacc14fe66876b8dc3397d92dbd849898783a21bad1fff55

All services that we use have the same signature since it was published.

Please, look carefully at your browser history and see from where you downloaded that archive. From the image, you have uploaded the file named "mail(1).zip" is located on your "Downloads" folder. If it was as you claim, that file should've been found inside the Audacity ZIP archive and quarantined/removed by BitDefender.

The BitDefender log should show that file as a standalone file or keep a basic history.

I am confident that "mail(1).zip" from your computer is not from us. References:

https://www.sophos.com/en-us/threat-cen ... lysis.aspx
https://malware.wikia.org/wiki/[email protected]

If you do a little research, you will see that there's a lot of malware spread as "mail.zip"

We serve between 5-10 million downloads each month, and we monitor carefully any malware report. Yours is alone regarding this file, and we did not receive any other complaints.