I am having trouble loading the mediation package. Within the process, rmarkdown failed. I tried installing rmarkdown on its own and within that, loading tinytex failed. I believe this failure occurred due to my virus protection, via Bitdefender. It gave the message below:
The process C:\Program Files\RStudio\rstudio.exe manifests ransomware behavior and was blocked. Several files were encrypted by it and we couldn't automatically restore all of them. You can find the files to be restored below.
It turns out it is not just "several", but many. Since this, I have not yet found other R functions that do not work.
My suspicion is that "ransomware" must use similar processes as those involved in installing this package and I should just block Bitdefender. However, I would like to verify from others that there is no embedded malware in the mediation package and that its processes, especially for tinytex are safe. Thank you.
First, just making sure, how did you install R and RStudio? Do you still have the installer on your computer (e.g. Downloads\RStudio-2025.05.0-496.exe or similar, to check the SHA256).
What error message(s) do you get when trying to install and load {mediation}? As far as I can tell, mediation does not depend on rmarkdown, so I don't see why they would be related.
What kind of files were those? Only files in the Rstudio installation? Also files from Windows or your Documents?
I'm not familiar with the RStudio internals, but I really don't see why it would start interacting with files all over your hard drive.
The original R, RStudio, mediation, rmarkdown, and tinytex should be safe (they are developed by reputable organizations/people), but I would worry if you somehow ended up with a corrupt version. Though Bitdefender seems prone to false positives, which would be the easiest explanation.
Thank you for responding, Alexis. I am using R version 4.2.2 (2022-10-31 ucrt) -- "Innocent and Trusting"
Copyright (C) 2022 The R Foundation for Statistical Computing Platform: x86_64-w64-mingw32/x64 (64-bit)
and RStudio 2023.06.0+421 "Mountain Hydrangea" Release (583b465ecc45e60ee9de085148cd2f9741cc5214, 2023-06-05) for windows and primarily use Firefox for my browser.
Here are some of the over 200 files that require restoration using a new path, while 40 or 50 were automatically restored. The others, Bitdefender reports, were encrypted by ransomware and automatic file restoration was blocked, presumably for safety reasons. Here is a sample of some of the files that need restoration:
mediation_4.5.0.zip
rmarkdown.html
rmarkdown_2.29.tar.gz
test.tex
test-dvi.tex
tinytex_0.57.tar.gz
knitr_1.5.tar.gz
AUTHORS.txt ..related to rmarkdown
LICENSE.txt ..related to rmarkdown
knitr.css
bootstrap.css
R.css
and maybe 60+ other css files, plus many gif, png and bmp files.
I don't know if it was all over the hard drive. I kind of doubt it. Everything else on my computer, including in RStudio seems to be working normally. Here are some other files that could be outside of RStudio, but I don't know that level of details:
default.html
preview.html
It looks like all these files are related to R, rmarkdown and tinytex, so there is a legitimate reason for them to be modified. In that case I'm pretty sure this was a false positive.
To be extra safe, you can make sure you install R and RStudio from the official sources. Once downloaded, and before installing, doublecheck their checksums to be completely sure they haven't been tampered with:
For RStudio, you can see just below the "Download" button this:
Thank you Alexis, that is reassuring. I assume what you are recommending is to first uninstall R and RStudio. I don't know how aggressive that uninstall will be. The concern that I have with that is whether the uninstall process will also delete all of the various R program (*.R) files that I have saved in my own folders. Do I need to take special precautions to prevent that?
Not necessarily: when installing newer versions of R, it's common to leave the old one; for RStudio I think the installer takes care of uninstalling the old version.
In your case, if you're worried about the old version version being compromised, maybe explicitly uninstalling beforehand is preferable.
You should always have a saved version of your files, if only because hard drives fail regularly, laptops gets stolen, files get corrupted, etc. The currently accepted best practice is to use git, but that has a steep learning curve. At the very least you should have a *Drive or *Cloud copy somewhere.
That being said, no, de/re-installing R and RStudio should only affect their own files, typically in C:\Program Files, and optionally some cache and configuration (e.g. registry entries, stuff in %AppData%, ...), it should not affect your saved files in your personal folders.
I have uninstalled both R and RStudio, after saving my .R files on a flash drive. After reinstalling both, and then installing the mediation package, it loaded without a problem and seems to operate properly. Nothing associated with previous work was lost. I was previously running R v.4.2.2 and had received a warning about the mediation package having been built under R v.4.2.3. I was hesitant to upgrade for reasons related to consistency within an impending publication submission. That difference in itself didn't seem to cause the meditation package installation to fail. Perhaps whatever conflict it created caused my antivirus software to reject it. I don't know, but things are operating fine now!
AlexisW, I appreciate the guidance and reassurance that you provided. Wishing you the best.
