From: Brian Inglis <Brian.Inglis@SystematicSw.ab.ca>
To: cygwin@cygwin.com
Subject: Re: XLanuch.exe is a Trojan-It allows remote control of my pc without my knowledge or permission
Date: Wed, 28 Jun 2017 16:55:00 -0000 [thread overview]
Message-ID: <30051303-5c89-3f71-6de5-aece77a58c6c@SystematicSw.ab.ca> (raw)
In-Reply-To: <CACoZoo13PwvqZ6p6kuUAggTfBW0sF3absub0i7rFBXz50vLk5A@mail.gmail.com>
On 2017-06-28 10:21, Erik Soderquist wrote:
> On Wed, Jun 28, 2017 at 12:07 PM, Sagar Kapadia wrote:
>> HI,
>> I wish to report that Cygwin.XLaunch.exe is a Trojan and it allows
>> remote control of a pc without the users knowledge or permission. I
>> installed the cygwin package and the Xwindows server too. However,
>> today, I found somebody controlling my pc remotely. I know because the
>> mouse behaved erratically and then the XLanuch configuration screen
>> came up. I tried to kill it using the Task Manager but it would
>> restart. I had to reboot and turn off networking and then delete the
>> cygwin folder.
I've had mice behave like that when they needed a new battery or before they
died; also intermittent responsiveness which can have weird results, while
Windows Update is failing to apply patches and backing them out in the background.
Replace your mouse battery and check Windows Update History for that timeframe.
> Where did you get this copy of cygwin from? Did you use the official
> installer package from the cygwin site?
> https://www.cygwin.com/setup-x86_64.exe or
> https://www.cygwin.com/setup-x86.exe
> XLaunch itself is a wizard to configure X server sessions, and if
> someone remote controllig your PC is happening with the legitimate
> XLaunch executable, I would suspect there is something else unwanted
> on your machine that is using XLaunch as a tool.
> However, if the cygwin source you downloaded from was either
> compromised or was not a legitimate mirror to start with, that is not
> a direct fault of cygwin, but rather a fault of the source of your
> download.
>> I dont know if you are aware of this issue or not, but I found it
>> serious enough to report.
Do you have Remote Access or Remote Assistance enabled on your system?
Have you opened up your firewall to allow remote access?
Did you run a malware scan to identify if there is something on your system?
--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next prev parent reply other threads:[~2017-06-28 16:55 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-28 16:07 Sagar Kapadia
2017-06-28 16:21 ` Erik Soderquist
2017-06-28 16:55 ` Brian Inglis [this message]
2017-06-28 22:03 ` bzs
2017-06-28 22:13 ` Dan Kegel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=30051303-5c89-3f71-6de5-aece77a58c6c@SystematicSw.ab.ca \
--to=brian.inglis@systematicsw.ab.ca \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).