Windows Defender finds Trojan Codinx.B!cl in openvpnserv2.exe

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.
Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
mikef
OpenVpn Newbie
Posts: 2
Joined: Fri Dec 09, 2016 11:06 am

Windows Defender finds Trojan Codinx.B!cl in openvpnserv2.exe

Post by mikef » Fri Dec 09, 2016 11:13 am

After activating OpenVPN (2.3.14 & 2.4-rc1 64-bit) as a windows 10 service I get a message from defender telling me that file:C:\Program Files\OpenVPN\bin\openvpnserv2.exe, service:OpenVpnService is infected with a Trojan Win32/Codinx.B!cl
Installed via the Win-Installer available at https://openvpn.net/index.php/open-sour ... loads.html

As I see it this is:
a) probably Microsoft being over-enthusiastic and a false-positive
b) possibly a sign that I've actually got an infection coming from somewhere else
c) not worth taking a risk on

So - is this a known issue? Or am I unique and it's therefore something to worry about? Google didn't find anything useful in this context - which is a bit worrying ...

Thanks for any info!

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3006
Joined: Fri Jun 03, 2016 1:17 pm

Re: Windows Defender finds Trojan Codinx.B!cl in openvpnserv2.exe

Post by TinCanTech » Fri Dec 09, 2016 12:45 pm

You are the only person to make such a claim .. perhaps your download was intercepted ?

Code: Select all

SHA256(openvpn-install-2.3.14-I601-x86_64.exe)= 
43771970958a1e39471065e011c980b8e36fd43aec91684c4ae35d2cca73e044

SHA256(openvpn-install-2.4_rc1-I601.exe)= 
1435769a97ad18bb9d321a3fc22b06cd73dc457bd4350204db99d94de9b67975
that's what I see :geek:

mikef
OpenVpn Newbie
Posts: 2
Joined: Fri Dec 09, 2016 11:06 am

Re: Windows Defender finds Trojan Codinx.B!cl in openvpnserv2.exe

Post by mikef » Sat Dec 10, 2016 6:49 am

Odd

- I've downloaded the (SHA1) signature and key on another system, using a different OS, internet connection and vpn server and used an existing trusted installation of gpg - which validated it correctly
- A full system sweep (in safe mode, command prompt only) gave me no other issues

Any thoughts how else I could put my mind at rest? - I'm tempted to trust openvpn more than microsoft but would rather not have to choose ...

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3006
Joined: Fri Jun 03, 2016 1:17 pm

Re: Windows Defender finds Trojan Codinx.B!cl in openvpnserv2.exe

Post by TinCanTech » Sat Dec 10, 2016 6:38 pm

mikef wrote: I've downloaded the (SHA1) signature and key on another system, using a different OS, internet connection and vpn server and used an existing trusted installation of gpg - which validated it correctly
Good.
mikef wrote:Any thoughts how else I could put my mind at rest? - I'm tempted to trust openvpn more than microsoft but would rather not have to choose
Report it as a false positive to Microsoft .. Let us know what they have to say. (As ever, make sure your system is fully up-to date)

Openvpn is Free Open Source Software, so if you verified your downloads then I would not worry about it any further.

Post Reply