Case, can you integrate refalac as well in the Free Encoder Pack? The new foobar2000 will have the string ready for the 32-bit and 64-bit versions or qaac and refalac (http://www.hydrogenaud.io/forums/index.php...st&p=891641 (http://www.hydrogenaud.io/forums/index.php?s=&showtopic=108274&view=findpost&p=891641)).
Also, the latest Pack from Mar 05 has a new flac.exe, was this compiled from the latest git?
Thanks.
Bundled encoders are up-to Peter. The new flac binary is from the official 1.3.1 sources but this time it's my MSVC compile. The old official binary required SSE2 instructions and MSVC compile encodes faster at least on my machine. Changes in Git since 1.3.1 don't affect encoding but once a new official version is released things will of course be updated.
Perfect, thanks.
The Free Encoder Pack (http://www.foobar2000.org/encoderpack) was just updated and it now includes refalac.
The old official binary required SSE2 instructions and MSVC compile encodes faster at least on my machine.
On my old Core2 (Wolfdale/Yorkfield core):
official: 59.3 seconds
from the pack: 63.7 seconds
So it slightly depends on CPU.
Thanks Case.
Hi Case,
I know that simple x86 exec is fully compatible with x86-64 systems, however I tend to use "native" 64 bit when possible. "Original" FLAC is available as 64bit exec (I refer to Rarewares ICL compile - in general I always use files sourced from there). I assume that every encoder included in Free Encoder Pack is just 32bit/ simple x86 - including your MSVC compile of FLAC. Is it possible to make such encoders package, that will contain both x86 and x86-64 versions of encoders (when available of course) and that would check during installation if my system is simple x86 or x86-64 and extract desired exec (32/64bit) to my system? Or do I have to manually maintain my FLAC execs as I always did?
All encoders in the pack are indeed 32-bit programs without any advanced instruction set requirements. It would be possible of course to detect host bitness on install and extract optimized binaries, but I'm not sure it's a good idea. My concerns are about the file size and potential portability issues. Carrying 64-bit encoders in a portable foobar2000 installation would no longer universally work everywhere.
The original idea was to make it easy for any user to get the Converter in a working condition. But your request and lvqcl's post makes me wonder if its scope should be extended and it should pay more attention to the host machine.
I use x64 versions as well BUT I think it's a good idea to keep the Free Converter Pack in x32, compatible with everyone. The speed difference between x32 and x64 encoders is not even significant IMO.
Make the next major fb2k version 64-bit only: problem solved. Sort of.
i see 1.3.8 final has been released.
Cool. The free encoder pack was updated a few days ago as well.
i see 1.3.8 final has been released. hallelujah.
Told you, he forgot j/k
Shit, I think for the Apple Lossless string is better "refalac.exe;refalac64.exe;qaac.exe;qaac64.exe" instead of "qaac.exe;qaac64.exe;refalac.exe;refalac64.exe" so it will work even if ONLY the Free Encoder Pack is installed (like the description says) instead of iTunes too, since qaac.exe is always present with the Pack.
Installing qaac is optional like any part of the pack. User should only install it if iTunes (or its dlls) are available. In theory qaac could do a better job at ALAC encoding if Apple had kept some special optimizations a secret and not released them as open source. But practice seems to so far suggest that isn't the case.
9/9 update, changelog? Thanks.
Encoder updates. Refalac v1.59, QAAC v2.59, Wavpack v4.80 and Opus uses libopus 1.1.3. The Opus encoder is as fast as the old official Mozilla compile and shouldn't require SSE2 instructions.
Free_Encoder_Pack_2017-01-02 changelog? Can you guys post a changelog on the encoder pack page? Thanks.
There was a release on 2016-12-09 that updated WavPack to 5.0, refalac to 1.61 and qaac to 2.61. The latest one from 2017-01-02 contains MSVC compile of FLAC 1.3.2 without forced SSE2 requirement, refalac 1.62 and qaac 2.62.
Update on 2017-01-22: WavPack 5.1.0, Opus 1.1.4.
Updated again on 2017-01-24: Opus now uses opus-tools v0.1.10.
2017-02-13: FLAC 1.3.2 with fix for this (https://hydrogenaud.io/index.php/topic,113391.msg935584.html#msg935584).
Thanks for the quick FLAC fix/update.
Hello! The new Free Encoder Pack generated a virus report on my Windows system! I have G Data IS. The Download is blocked (because the website contains infected code) with the virus info: Gen:Variant.Graftor.361717
Is the file clean or has an infection crept in?
According virustotal and others security sandbox checking tools your latest encoder pack "Free_Encoder_Pack_2017-05-15.exe" contains malware...
According virustotal and others security sandbox checking tools your latest encoder pack "Free_Encoder_Pack_2017-05-15.exe" contains malware...
AegisLab Gen.Variant.Graftor!c 20170516
Arcabit Trojan.Graftor.D584F5 20170516
BitDefender Gen:Variant.Graftor.361717 20170516
Bkav HW32.Packed.5911 20170516
Emsisoft Gen:Variant.Graftor.361717 (B) 20170516
F-Secure Gen:Variant.Graftor.361717 20170516
GData Gen:Variant.Graftor.361717 20170516
McAfee-GW-Edition BehavesLike.Win32.ObfusRansom.tc 20170516
eScan Gen:Variant.Graftor.361717 20170516
Palo Alto Networks (Known Signatures) generic.ml 20170516
Symantec Trojan.Gen.8!cloud 20170516
TrendMicro-HouseCall Suspicious_GEN.F47V0515 20170516
Checkpoint threat emulation:
Threat Emulator Malware Report
Emulated On
Windows XP, Acrobat 9, Office 2003/2007
Windows 7, Acrobat 11, Office 2013
Document Details
File Name Free_Encoder_Pack_2017-05-15.exe
File Size 1802112 bytes
File Type exe
MD5 deb0bbb99987073547fe0a02e749a539
SHA1 1fea4243d94d9dcb2c71f7db20d97f4832320319
Detected Malicious activity found - please DO NOT open the file
Same for the latest foobar, with less AV triggering though...
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9830 20170503
Bkav W32.NSISSmall.87A9 20170516
... shit I already installed it on my machine...
me too :(
This is a new low for anti-virus software. Are they overcompensating for their failure to detect WannaCry in time by making their products suspicious of anything not whitelisted?
It's a false positive.
It has nothing to do with wannacry, antivirus is signature based, it is normal that they do not detect a new malware like wannacry.
Might be false positive for foobar has only 2 AV trigger, but already a bit suspicious... However for the latest encoder pack it is very suspicious. I just tested the 2 previous one, and 3 AV are alerting. Here are some sandbox analysis for the latest one. Are you the developer "Case" ? why is it doing something with sc.exe as it is only meant to copy files to the correct places ??
Suspicious Activities
Malware detected ( Gen:Variant.Graftor.361717 )
Malware signature matched ( Trojan.Win32.Generic.W.gvaof )
Processes Spawned or Interacted with
C:\Windows\System32\sc.exe (Terminated ,Started)
Files Changed
C:\Users\admin\AppData\Local\Temp\nsn1061.tmp (Created ,Deleted)
C:\Users\admin\AppData\Local\Temp\nsn10FE.tmp (Created ,Modified)
C:\Windows\Temp\UACGateway.out (Created)
Registry Keys Modified
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName (Deleted)
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass (Deleted)
00:00:12
Registry Deleted
C:\Windows\System32\cmd.exe
Deleted
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
00:00:12
Registry Deleted
C:\Windows\System32\cmd.exe
Deleted
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
00:00:15
Process Creation
C:\Windows\System32\consent.exe
Created
C:\Windows\System32\sc.exe
00:00:15
Process Termination
C:\Windows\System32\consent.exe
Terminated
C:\Windows\System32\sc.exe
00:00:16
File Create
C:\Windows\System32\consent.exe
Created
C:\Windows\Temp\UACGateway.out
00:00:20
File Create
C:\te_files\emulatedFile25030_1.exe
Created
C:\Users\admin\AppData\Local\Temp\nsn1061.tmp
00:00:24
File Delete
C:\te_files\emulatedFile25030_1.exe
Deleted
C:\Users\admin\AppData\Local\Temp\nsn1061.tmp
00:00:24
File Create
C:\te_files\emulatedFile25030_1.exe
Created
C:\Users\admin\AppData\Local\Temp\nsn10FE.tmp
00:00:24
File Write
C:\te_files\emulatedFile25030_1.exe
Wrote To
C:\Users\admin\AppData\Local\Temp\nsn10FE.tmp
The new included lame.exe is causing those false positives, they're targeting mp3 encoders maybe? :)
https://www.virustotal.com/en/file/25acdb23cdd0909b42a46c9650dd0cf1dad86d0411aa9e547e5c726b7db8cd67/analysis/1494964952/
interesting... didn't go to the individual file level. But personally I do not think this is false positive. 12 AV positive on virustotal is
bad. I just checked lame.exe version 3.99 release 5 downloaded from elsewhere (hard to find which is the official site) and it has no alerts. Hoperfully I use only flac and ogg :-)
Yeah, from RareWares (0 / 60):
https://www.virustotal.com/en/file/cc83240bb736ecbb54b7cfc40b6a98eb0c35702dd1c79e165ad8849fe66a8ccc/analysis/
It has nothing to do with wannacry, antivirus is signature based, it is normal that they do not detect a new malware like wannacry.
They use signatures because they are fast, but all better products have behavior based analysis for threats too.
Are you the developer "Case" ? why is it doing something with sc.exe as it is only meant to copy files to the correct places ??
I scripted the installer. It doesn't touch sc.exe. Your report showed everything that was happening on the machine, not just what the installer does. The installer literally only asks the OS to elevate itself, reads foobar2000 install dir from the registry and checks if foobar2000.exe exists in that location. If the key is missing it checks the two default install locations under Program Files and Desktop. If foobar2000 install dir appears to be found it allows extracting the files.
But personally I do not think this is false positive. 12 AV positive on virustotal is
bad. I just checked lame.exe version 3.99 release 5 downloaded from elsewhere (hard to find which is the official site) and it has no alerts. Hoperfully I use only flac and ogg :-)
It is a false positive. The lame.exe in the pack is my Visual Studio 2017 compile so I can be sure it doesn't require SSE2 or other new instructions. Fingerprint matching is way too prone to false positives and I really wish anti-virus makers would stop using them so broadly.
Would be great if you submitted the file for analysis to all companies that falsely detect it so they can fix their software.
I reported the false positive to F-Secure last night before going to bed and they fixed their detection during the night (https://virustotal.com/en/file/2fac21ed4c885919811bc679ea7a04089e19646a7f95b4fac42cb29c1bccac27/analysis/1494995310/).
I reported the false positives to the remaining companies apart from Palo Alto Networks. From what I saw they only want to deal with companies using their products.
Now only one scanner has yet to fix their lame.exe detection (https://virustotal.com/en/file/25acdb23cdd0909b42a46c9650dd0cf1dad86d0411aa9e547e5c726b7db8cd67/analysis/1495175848/). Four products are still having issues with the installer (https://virustotal.com/en/file/2fac21ed4c885919811bc679ea7a04089e19646a7f95b4fac42cb29c1bccac27/analysis/1495175799/).
Not sure McAfee submission ever made it past their automatic ignore rules as different support pages had contradicting requirements for submission. Either way I hope this proves there is no malware in the encoder pack.
Thanks Case!
Free Encoder Pack updated with opusenc using libopus 1.1.5. This compile detects CPU instructions at runtime and works without SSE.
Pack updated with Opus 1.2.
Pack updated with Opus 1.2.
BTW, does it still works without SSE? It seems that other compiles are either 64-bit or require SSE2.
It does. I verified it working on an emulated Pentium II.
Updated with Opus 1.2.1.
Update 2018-05-22: new qaac 2.67 and refalac 1.67.
posted in wrong thread
Update 2019-04-25: new opusenc (opus-tools 0.2-3-gf5f571b, libopus 1.3.1).
2019-08-04: FLAC 1.3.3.
Why oggenc2 included in encoder pack is standard libvorbis and not aoTuV? Shouldn't aoTuV be better in theory according to Hydrogenaidio wiki (https://wiki.hydrogenaud.io/index.php?title=Recommended_Ogg_Vorbis)? Or things have changed since 2007 and info from wiki page is irrelevant for actual versions of libvorbis and aoTuV patch?
I don't feel comfortable promoting an encoder that Xiph people don't feel comfortable embedding in their own library. Also I'm not convinced of its higher quality, only that it creates larger files. I encoded my entire library as a test at the beginning of this year and aotuv encoder resulted in 11% larger size compared to official encoder. Puts target bitrate estimates way off.
2019-12-23: WavPack 5.2.0.
2020-04-17: WavPack 5.3.0.
2020-07-11: qaac 2.69, refalac 1.69 and oggenc with libvorbis 1.3.7.
2021-01-22: WavPack 5.40, qaac 2.71, refalac 1.71. WavPack is custom compile and supports Windows XP.
Latest version flagged as trojan by Microsoft Defender.
https://hydrogenaud.io/index.php?topic=120328.msg991764#msg991764
I feel safe saying false positive. Of course, this same false positive issue didn't stop me from completely discarding and reformatting my development virtual machine last year or so, only to reproduce the exact same false positive on a fresh compile on a fresh vm installed from verified install media, installing only Visual Studio Community, git for windows, and cmake for windows, and then acquiring a fresh clone of the source repository.
False positives don't even lead to improving the detection algorithms, they only lead to whitelisting tactics, because apparently detection rates are just that important.
Files submitted to Microsoft for whitelisting. Hopefully they'll fix the false detection quickly and release updated definitions.
Edit: Microsoft removed the false positive detections.
I attached a test version of Encoder Pack that should make Apple's AAC encoder easier to use. If it detects Microsoft Store version of iTunes it will automatically install qaac with proper bitness and offers to copy the required dlls.
This is undocumented territory and I have no idea how well this works in the wild. I have only tested it on my own machines and here it works fine.
(https://i.imgur.com/FL6Uz95l.png)
Edit: Attachment removed. Feature included in the released version.
Oh nice thanks man. Why only the MS Store version? Wouldn't be easier to detect the normal installation of iTunes from the default Program Files location/s first?
It's my understanding that the "normal" encoder pack install of qaac 2.71 already does that (use the dll's from a non-Store install of iTunes), which is why Case added the option for using the Store iTunes which is otherwise not available using the standard method. If that is correct, it might be better if Case worded the new checkbox as "Copy the required dll's if the Microsoft Store iTunes is used."
It's also worth noting that qaac versions 2.70+ require iTunes installer version equal to or greater than 12.10.9.3. See https://sites.google.com/site/qaacpage/news/qaacrelease270refalac170 (https://sites.google.com/site/qaacpage/news/qaacrelease270refalac170).
Thanks for the feedback.
As
@sveakul correctly stated, the regular version doesn't need dll copying. The encoder can use those dlls directly so copying would only waste disk space. Though the points you raised made me change the qaac part once more.
Now the qaac selection will show the "(requires iTunes)" bit only if no iTunes is detected. And when iTunes is detected and the installer runs on a 64-bit OS the selection name will have "(x64)" added to the end to inform that the user gets 64-bit version. This version is required as 64-bit iTunes no longer bundles 32-bit dlls.
The installer will remove the 32-bit qaac.exe on a 64-bit machine unless it detects proper QTfiles directory with the required dlls. And in reverse it will remove qaac64.exe on a 32-bit machine unless it detects QTfiles64 directory with the required dlls. This is done to prevent foobar2000 from trying to execute a version of the program that can't function.
I'm open to suggestions if anyone has better wording for the dll copy feature.
Edit: Attachment removed. Feature included in the released version.
Free Encoder Pack.exe (https://hydrogenaud.io/index.php?action=dlattach;topic=108593.0;attach=18835)
Trojan:Win32/Zpevdo.B
Shit, I have it installed on my old PC :-(
Free Encoder Pack.exe (https://hydrogenaud.io/index.php?action=dlattach;topic=108593.0;attach=18835)
Trojan:Win32/Zpevdo.B
Shit, I have it installed on my old PC :-(
I'm not sure if you are serious or sarcastic. There is no trojan, some antivirus products are just insanely stupid. Some for example seem to flag all NSIS creations as trojan.
Send the file to your antivirus vendor as a false positive and you'll hear from them soon enough that they have whitelisted the file as it is not malicious at all.
Sorry, not sarcastic by me. I wanted install the Encoder Pack on my new PC (Windows 10) and the file was blocked by the Defender. I cannot send the file anywhere. I can't it also download no more (also with my old PC). Therefore I copied on a USB stick and moved to the other computer.
Here, the Defender says to me:
Trojan:Win32/Zpevdo.B
Alert level: severe
Status: Quarantined
Category: Trojan
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3aWin32%2fZpevdo.B&threatid=2147729093
Regards
muxx
Downloaded the Free Encoder Pack.exe just now from Case's attachment using Firefox 85 on Windows 10 v2004 x64. No warning flags at all from Defender. Manually scanning with Defender both the exe and the extracted contents: "Zero threats found." This is a clean file.
Please could you send me the sha-512/256 checksum of your downloaded file?
I have downloaded it on yesterday (28.01.2021).
Maybe I could make a checksum comparison from the file at my USB stick...
Thank you!
edit:
my
Free Encoder Pack.exe has the checksums as follows
BLAKE2sp: 14E5C81701020E3F823C730B83EFDCFB023CA235765FEBB1624DFF7F8525A9C4
CRC32: F388E0CA
CRC64: EEE05790F60701A6
MD5: E49912AA27FFA1BBCC1AF016DEF0A7D3
SHA-1: C9759CB10BBB9CFBDF21CCC232679979853512FB
SHA-256: 4D03269052A7075A27C7AA5D31DB898278775C9DAE7C2186C016685AD07738F1
SHA-384: 26F4BAAD2987A515F2BC6D742B70C39580B05EF00A2038BCFEE9FDF6C3395F9CBFD0399C35E98D384EC24C37D03C8938
SHA-512: E60895D879FA6600C09A6753510CA7CB872BBFE33E165DDDB6D56C597A06CFF00A73E036C12BB816BA86894840527DE29B12D088526C590D5402CD218EF64DD9
SHA3-512: FB86C4B4CA0001F2BE8311F43C5C50924B67CE1C0A39EFCBAF89FCB331DEA62368422C697D1624B91F9EE12C594B04D245108CD492DB5CBBB730D78323F71033
...And if I will download the file now: no download possible.
On my HD seems to me like an incomplete file...
SHA-256: 4D03269052A7075A27C7AA5D31DB898278775C9DAE7C2186C016685AD07738F1
SHA-512: E60895D879FA6600C09A6753510CA7CB872BBFE33E165DDDB6D56C597A06CFF00A73E036C12BB816BA86894840527DE29B12D088526C590D5402CD218EF64DD9
Both of these match those in your post.
There is indeed a piece of an incomplete download in your jpg. Delete BOTH of the files shown. Then, restart your browser and completely delete/flush its cache and history. Exit/re-open the browser, and re-download the original file.
Microsoft has now whitelisted the file. Update the definitions in Defender and it will no longer be falsely detected as a trojan.
Me too and Comodo is still blocking it.
https://www.virustotal.com/gui/file/08b64307bb7e07d3f70f2452cd713d2c8ad55ec85d9de4bd67f26e4c74f8d114/detection
[Please delete this message.]
Download a compiler and build them all yourself, then. Then you can upload them and it can tell you they're a virus, because anything sufficiently obscure enough is obviously not to be trusted.
Updated on 2022-02-22: FLAC 1.3.4, qaac 2.73, refalac 1.73.
Virustotal once again thinks the pack contains adware and trojans because what else could these new binaries be.
If you are unfortunate enough to use one of these AV products, please submit a sample as a false positive and get the vendors to fix their detections.
I'm using Malwarebytes Premium and 0 problems with Encoder Pack. But Malwarebytes always detects some heuristic virus when I try to install foobar2000 SACD input plugin, because it's Potentially Unwanted Program for Microsoft. Decoding SACD is something that's pure evil. If you want to decode SACD, you should buy hardware SACD player instead... :D Just don't always trust your antivirus and use your head too.
"Potentially Unwanted" has become a catch-all for everything from "might be bundled with something you maybe didn't ask for" to total disaster.
Suits the AV software very well as an excuse for not being able to distinguish, and for putting the bar so low they flag false positives all the time. Which in turn has one rationale in how type I vs type II errors aren't equally severe - and one rationale in hyping up the justification for their own existence, see there is so much to flag out there, what would you do without our products?!
Installed just fine for me.
"Potentially Unwanted" has become a catch-all for everything from "might be bundled with something you maybe didn't ask for" to total disaster.
Suits the AV software very well as an excuse for not being able to distinguish, and for putting the bar so low they flag false positives all the time. Which in turn has one rationale in how type I vs type II errors aren't equally severe - and one rationale in hyping up the justification for their own existence, see there is so much to flag out there, what would you do without our products?!
I mean you could use "install with care because the installer might include something you don't want" to "I won't you install because it will wreck your system beyond repair". That would take effort to implement and what if one of them gets it really wrong one day?
"install with care because the installer might include something you don't want"
I wonder if that really includes everything down to
"this software uses an installer tool that also has been employed by some other unrelated application wherein they include something we for good or bad reason flagged as potentially unwanted - and so we flag everyone who uses that installer tool"?
Feature suggestion that has probably been considered and rejected (will it increase the AV false flags?)
Add location to PATH.
Following-up to myself:
* If AV software would get more zealous over exe's that alter system variables, why not outsource that to foobar2000 itself, which can then create an empty "encoders" folder and add it to path?
* Except for untidiness, is there a reason for users not to move all encoders one folder up from "encoders" to "foobar2000"? It is easier than explaining to users how to manipulate PATH.
is there a reason for users not to move all encoders one folder up from "encoders" to "foobar2000"? It is easier than explaining to users how to manipulate PATH.
But foobar2000 does automatically search for encoders in folder "encoders" first. Why to manipulate PATH?
Because those who install a bunch of free encoders, might want to be able to use the encoders also outside of foobar2000 - including on signals that foobar2000 does not handle losslessly?
Example: DSD. (https://hydrogenaud.io/index.php?topic=122190.msg1008519#msg1008519)
PATH manipulation is not planned. Filling the application install directory with random files isn't wanted either.
The encoders are meant purely for foobar2000. No one is stopping people from writing helper components that can utilize the binaries from their current install location. Also I believe people who are willing and competent enough to use command line directly can edit search path manually. Or just type the commands so that proper paths are used.
Noted.
I anyway updated https://wiki.hydrogenaud.io/index.php?title=Foobar2000:Free_Encoder_Pack and noticed a discrepancy: the installer says "Winamp 5.62 or newer" but the wiki also says (I didn't touch it) 5.62 to 5.666 as 5.8 won't do.
Someone probably knows all the details and can fix whatever needs to be updated. If it doesn't work with all newer, then ...
Indeed the latest Winamp 5.8 beta build 3660 doesn't bundle FhG AAC encoder. Apparently the new Winamp owner had no license for it: http://forums.winamp.com/showthread.php?p=3163565#post3163565 (http://forums.winamp.com/showthread.php?p=3163565#post3163565)
I suppose for the next build I should change the text to "requires Winamp 5.62-5.666". Though newer version is ok if it's upgraded from older one, so the description would be inaccurate then too.
New version created yesterday with the following updates: FLAC v1.4.0, WavPack v5.5.0, qaac v2.76 and refalac v1.76.
FLAC is a custom MSVC compile, official binary requires libflac.dll which is unacceptable.
Edit: and another update as someone forgot to fix the fhgaacenc note.
Updated 2022-09-23 with FLAC 1.4.1.
One little issue about its wavpack conversion, when I try to use the 384kbps hybrid option, the converted file reads at 406kbps. Or if I do 320, it exports as 332. Can't seem to get the exact values I want. Is this a bug?
Note that the bundled WavPack encoder is the official encoder. I'm unfortunately not a WavPack expert but the hybrid mode seems to try to maintain the audio quality as close to original as possible and appears to treat the target bitrate only as a request.
The codec pack was updated with FLAC v1.4.2 on 2022-10-25.
And with WavPack v5.6.0, qaac v2.77 and refalac v1.77 on 2022-11-30.
The latest code pack "Free_Encoder_Pack-2022-11-30.exe" contains malware:
Trojan:Win32/Wacatac.B!ml
found by Windows Defender
The latest code pack "Free_Encoder_Pack-2022-11-30.exe" contains malware:
Trojan:Win32/Wacatac.B!ml
found by Windows Defender
Can you please read from the top and down this thread?!
Here is my Windows' "more honest" message:
Microsoft Defender SmartScreen prevented an unrecognised app from starting. Running this app might put your PC at risk.
It
does not know the executable. Fair enough.
@Case will this work for x64 if path is set as right now installer assumes x86
Use Free Encoder Pack Installer. Locate foobar2000 installation (Browse), should be for 64 bit C:\Program Files\foobar2000\ (Standardinstallation).
New version 2023-04-30 available: https://www.foobar2000.org/encoderpack (https://www.foobar2000.org/encoderpack).
This version restores the ability to use Microsoft Store version of iTunes with qaac. Last versions were missing this feature as I had used old build scripts by mistake.
The pack can now also detect 64-bit foobar2000 installation.
Opus was updated to v1.4, qaac is v2.79 and refalac v1.79.
Hi,
could not be installed in a custom folder - old version works, (seems to be a bug)
or am I wrong.
In FB2K I can choose the folder in advanced settings.
You could browse to custom folder.
Hi,
sadly no chance - NEXT will be grayed out. A new created folder will be grayed out too :(
Upps, folder has to contain a foobar2000 installation.
@ASopH
https://www.foobar2000.org/encoderpack
What is this?
> The binaries are conveniently installed into a subfolder of the foobar2000 installation folder.
Current versions of foobar2000 will automatically recognize these encoders and no longer ask you for encoder binary location.
hello grimes
I see :-)
My folder is outside of foobar installation folder (I'd copied this away) - 2 more portables are using this folder...
It seems, I must change it back. Thank you
Updated version 2023-07-04.
Bundles FLAC 1.4.3. Custom generic static GCC compile.
Can I get a confirmation that there is no threat in the 7-04 version of the Free Encoder Pack? This is a much more intimidating message than I normally get from foobar-related stuff.
Zero detection from my Windows Defender (latest updates), and VirusTotal shows Zero detections from 70 out of 71 vendors. IOW, no viruses.
Thank you.
..executes commands from an attacker.
"Destroy the non-lame mp3 bastion"
"Avoid suffering losses" *puts flac
"Attack with the highest capacity" *puts wavpack
"....do somethihng" *puts vorbis
Updated on 2023-07-05 with new qaac 2.80 and refalac 1.80.
A friendly request: if your anti virus software claims the bundle or a file in it is malware, could you kindly report it to the vendor as a false positive. That way everyone benefits.
https://www.virustotal.com/gui/file/fbfa19de37cd5619bad57e44f12a9ff1e53c582eddad886b472923c8289acaef/behavior
Do not report this as a false positive. Requesting for a kernel privilege is not something that could be falsely reported as a malicious behavior of just a driver installer. The same for attempting to take a camera shot. The same is for a System.dll dropping from an external online host.
It's devs' responsibility to make an installer as simple as possible. Does your installer scan Apple's registry tree on purpose? Does it scan the autocompletion registry trees on purpose? Does it spawn a taskhost on purpose? Are all these essential for just extracting and copying some DLLs?
And please don't use any tool that runs itself from %TEMP%. Software Security Policies were developed by MS just for that thing: to prohibit any crap from being run from an improper directory. Your installer won't run on a properly configured host.
Have you verified that all of that is true yourself, or are assuming that what is the amalgamation of the output of 10 different tools into one report is absolutely accurate?
The autocomplete is simply the box where you enter the installation path.
Requesting for a kernel privilege is not something that could be falsely reported as a malicious behavior of just a driver installer. The same for attempting to take a camera shot. The same is for a System.dll dropping from an external online host.
If you did report this as a possible false positive to a vendor you trust, you would get a reply that it's harmless.
The behavior analysis you see there is nonsense. It tracks all sorts of background activity of the machine and accounts that as coming from the installer.
The installer does not request kernel privileges. And it does not attempt to take camera shots.
System.dll is NSIS installer component (https://nsis.sourceforge.io/Docs/System/System.html) that is used to create the graphical interface. Just because its name is "system" does not make it malicious. It isn't dropped from external online host, it is inside the installer.
It's devs' responsibility to make an installer as simple as possible. Does your installer scan Apple's registry tree on purpose?
It does, to see if user has Microsoft Store installed iTunes so it can copy the needed DLLs for QAAC to function.
Does it scan the autocompletion registry trees on purpose? Does it spawn a taskhost on purpose? Are all these essential for just extracting and copying some DLLs?
Autocomplete registry key must be accessed by the operating system as the installer requests it to be enabled. Taskhost is not touched by the installer, it must be some background activity.
And please don't use any tool that runs itself from %TEMP%. Software Security Policies were developed by MS just for that thing: to prohibit any crap from being run from an improper directory. Your installer won't run on a properly configured host.
The installer only uses temp to extract temporary files. Any exe you see running from there is not the installer's doing.
Updated 2024-03-03 with WavPack 5.7.0, qaac 2.81 and refalac 1.81.
Hello, thank you for the very useful package!
A question that has always arisen in my mind: is it an exclusively 86bit or 64bit package?
I know it runs on all versions of foobar2000 (x64, x86). I'm just curious to know the nature of the binaries contained in the package: 64bit or 86bit?
They are all 32-bit (x86 not "86bit") except for the single 64-bit file qaac64.exe, for which there is also a 32-bit version supplied (qaac.exe).
Thank you!
Any Eta on when libOpus/opusenc 1.5.1 will be in the encoder pack? Was a bit of bad luck that it got released one day after your last release it seems.
The timing indeed was less than ideal. I'll need to do some more testing before I'm comfortable bundling a new encoder.
Note that the new low bitrate enhancements are not finalized yet, encoding files with those features makes little sense as the finalized version will just ignore the experimental payload. Quoting the Opus page:
Beware that DRED is not yet standardized and the version included in Opus 1.5 will not be compatible with the final version. That being said, it is still safe to experiment with it in applications since the bitstream carries an experiment version number and any version incompatibility will be detected and simply cause the DRED payload to be ignored (no erroneous decoding or loud noises).
The new features will also bloat the encoder binary quite a bit. Test compile I made the other day is 5.5 MB, current opusenc.exe is 430 KB.
And there are currently no decoders for the enhancements as far as I can tell. Peter will probably not implement support for them until they are finalized. And the official opusdec.exe doesn't seem to be able to use the features either.
And there are currently no decoders for the enhancements as far as I can tell. Peter will probably not implement support for them until they are finalized.
Didn't take him long! v2.2 preview 2024-03-08 change log:
Opus decoder updated to 1.5.1
It uses the new library but none of the new experimental features are enabled. They require setting decoder complexity and if I understood some comments correctly, there's no straightforward way to even do that when not using the opusfile helper.
Updated 2024-03-08 with Opus 1.5.1. Note that the experimental features to improve low bitrate quality are not included.
I installed iTunes and reran the Free Encoder Pack setup (newest version). I confirmed the files were successfully copied to my working foobar2000 (portable) folder, but QAAC doesn't want to work. I did a quick Google search and it looks like maybe something has changed with the newer iTunes versions? Can anyone confirm QAAC should work with the latest iTunes Windows App and the latest Free Encoder Pack?
Error:
1 out of 1 files converted with major problems.
Source: "F:\music\Game\Final Fantasy 9\Final Fantasy IX OST\Disc1\18 - Battle 1.flac"
An error occurred while writing to file (The encoder has terminated prematurely with code 2 (0x00000002); please re-check parameters) : "F:\out\foobar\18 - Battle 1.m4a"
Additional information:
Encoder stream format: 44100Hz / 2ch / 32bps floating-point
Command line: qaac.exe --ignorelength -s --no-optimize -V 82 -o "18 - Battle 1.m4a" -
Working folder: F:\out\foobar\
Conversion failed: The encoder has terminated prematurely with code 2 (0x00000002); please re-check parameters
I just tested on my machine with a clean portable install and latest iTunes from Microsoft Store and everything worked fine.
Do you have 32-bit OS? The error message you pasted shows qaac.exe is used, that's 32-bit. On a 64-bit OS the iTunes in Store is 64-bit version and Free Encoder Pack should have given you qaac64.exe.
The default qaac profile in foobar2000 uses both qaac.exe and qaac64.exe, but it attempts 32-bit version first. If that binary exists, it will get used.
The Free Encoder Pack tries to prevent wrong version from being used. It checks if the install dir already contained different bitness version of qaac and if one exists but there are no QTFiles libraries to go with it, the old binary gets removed.
If your OS is 64-bit, is it possible you have qaac.exe somewhere in path so it got used over the Encoder Pack version?
64 bit Windows 11, 64 bit foobar2000.
I checked and it looks like a long time ago (before I even switched to Windows 11) I had set a dir full of encoders in environmental variables, and sure enough there was an old version of qaac.exe in there. Good call. Removing it fixed the issue.
Updated 2024-04-23 with Opus 1.5.2, qaac 2.82 and refalac 1.82.
Installer also changed - now no longer asks for admin credentials for regular users. And can query default install dir from the browse dialog for portable install users.