Jump to content
Not connected, Your IP: 44.192.26.60
De Facto Pantalones

Windows 'Process Explorer' flags two AirVPN processes

Recommended Posts

   Windows 7, 64bit, Eddie Version 2.21.8  When I check the Process Explorer Application (by SysInternals) I notice two AirVPN processes are flagged by Process Explorer (through Virus Total).  There is no feedback under "community" on Virus Total website that notes these files are safe or false flag.  So I'm a little bit concerned the files I have might be compromised, but I'm pretty sure these processes are flagged b/c of the Privileges given to them. 
   The 2 processes flagged are "openvpn.exe", and "stunnel.exe".  Maybe staff or if anyone else has some time to spare, log-in to VirusTotal and note some community feedback?  Just a thought.  Or, maybe I'll assume the worst and wipe my machine and clean install.  :unsure:

Attached .jpg of the 2 VT flagged itemsWin7_ProcessExplorer_Flags_2_AirVPN_Apps.thumb.jpg.0f01282a573f276354011d17b908a719.jpg

Share this post


Link to post

Clicking on those will lead you to the VirusTotal entries for both. You could post the links here for us to take a look.
Be advised that, while one or two engines flag it as malicious, about 70 don't, so it's quite safe to assume false positives. I imagine those engines flag it because both are custom-built, some database has hashes for the "real" EXEs and a simple comparison was done. If both engines flag it due to a heuristic analysis, some additional caution must be applied interpreting the flag.

In short, Eddie is not dangerous and its installation certainly doesn't warrant a wipe of your hard drive. If it is, why trust AirVPN as a whole, then? What's running on the servers is not known, and here you at least have the source code, so you know what's running on the client. It's a shame that Mr. Flx went all out and suggested that; even as a joke, you wouldn't have gotten it. It's also not "VirusTotal garbage", but a side feature of Process Explorer (which can help with identifying unknown running programs, as you did right there; you simply need to take that info with a bit of salt).


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Unofficial Eddie for Android F-Droid repository: repo.opensourcery.eu

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Thanks OpenSourcerer for the feedback.  You make a lot of good points in your reply.  Just for kicks I downloaded the latest stable Eddie installer 2.21.8 (win7 64bit, unpacked it with 7zip, and submitted the specific files to VirusTotal directly (not through Process Explorer, so they weren't "running" ofc).  Here's links to those .exe's flagged Id mentioned in OP (stunnel.exe and openvpn.exe).  It's kinda reassuring to see community feedback on VirusTotal by a few users noting "goodware" or whatever.   Thanks again for your feedback!  :) 
https://www.virustotal.com/gui/file/d148ca505cde5f13a3ce4be765113feebe4870d3a99ce69d5445c975732c28f8/summary 
and

https://www.virustotal.com/gui/file/519b10b7cfd07baeaa0b21139e672fe0235bc5505d726ebdeb42f86c4614ec19/summary
 

Share this post


Link to post

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Unofficial Eddie for Android F-Droid repository: repo.opensourcery.eu

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...