Windows Defender finds Trojan Codinx.B!cl in openvpnserv2.exe

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
mikef
OpenVpn Newbie
Posts: 2
Joined: Fri Dec 09, 2016 11:06 am

Windows Defender finds Trojan Codinx.B!cl in openvpnserv2.exe

Post by mikef » Fri Dec 09, 2016 11:13 am

After activating OpenVPN (2.3.14 & 2.4-rc1 64-bit) as a windows 10 service I get a message from defender telling me that file:C:\Program Files\OpenVPN\bin\openvpnserv2.exe, service:OpenVpnService is infected with a Trojan Win32/Codinx.B!cl
Installed via the Win-Installer available at https://openvpn.net/index.php/open-sour ... loads.html

As I see it this is:
a) probably Microsoft being over-enthusiastic and a false-positive
b) possibly a sign that I've actually got an infection coming from somewhere else
c) not worth taking a risk on

So - is this a known issue? Or am I unique and it's therefore something to worry about? Google didn't find anything useful in this context - which is a bit worrying ...

Thanks for any info!

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Windows Defender finds Trojan Codinx.B!cl in openvpnserv2.exe

Post by TinCanTech » Fri Dec 09, 2016 12:45 pm

You are the only person to make such a claim .. perhaps your download was intercepted ?

Code: Select all

SHA256(openvpn-install-2.3.14-I601-x86_64.exe)= 
43771970958a1e39471065e011c980b8e36fd43aec91684c4ae35d2cca73e044

SHA256(openvpn-install-2.4_rc1-I601.exe)= 
1435769a97ad18bb9d321a3fc22b06cd73dc457bd4350204db99d94de9b67975
that's what I see :geek:

mikef
OpenVpn Newbie
Posts: 2
Joined: Fri Dec 09, 2016 11:06 am

Re: Windows Defender finds Trojan Codinx.B!cl in openvpnserv2.exe

Post by mikef » Sat Dec 10, 2016 6:49 am

Odd

- I've downloaded the (SHA1) signature and key on another system, using a different OS, internet connection and vpn server and used an existing trusted installation of gpg - which validated it correctly
- A full system sweep (in safe mode, command prompt only) gave me no other issues

Any thoughts how else I could put my mind at rest? - I'm tempted to trust openvpn more than microsoft but would rather not have to choose ...

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Windows Defender finds Trojan Codinx.B!cl in openvpnserv2.exe

Post by TinCanTech » Sat Dec 10, 2016 6:38 pm

mikef wrote: I've downloaded the (SHA1) signature and key on another system, using a different OS, internet connection and vpn server and used an existing trusted installation of gpg - which validated it correctly
Good.
mikef wrote:Any thoughts how else I could put my mind at rest? - I'm tempted to trust openvpn more than microsoft but would rather not have to choose
Report it as a false positive to Microsoft .. Let us know what they have to say. (As ever, make sure your system is fully up-to date)

Openvpn is Free Open Source Software, so if you verified your downloads then I would not worry about it any further.

Post Reply