From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 103255 invoked by alias); 28 Jun 2017 16:55:30 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 103244 invoked by uid 89); 28 Jun 2017 16:55:29 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.4 required=5.0 tests=AWL,BAYES_00,EXECUTABLE_URI,KAM_EXEURI,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=firewall, malware, compromised, Assistance X-HELO: smtp-out-no.shaw.ca Received: from smtp-out-no.shaw.ca (HELO smtp-out-no.shaw.ca) (64.59.134.12) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 28 Jun 2017 16:55:28 +0000 Received: from [192.168.1.100] ([24.64.240.204]) by shaw.ca with SMTP id QGFRdhuRuETFpQGFSdjG9L; Wed, 28 Jun 2017 10:55:26 -0600 X-Authority-Analysis: v=2.2 cv=dZbw5Tfe c=1 sm=1 tr=0 a=MVEHjbUiAHxQW0jfcDq5EA==:117 a=MVEHjbUiAHxQW0jfcDq5EA==:17 a=IkcTkHD0fZMA:10 a=w_pzkKWiAAAA:8 a=fgj1ks8Boy0PR_7ASW0A:9 a=QEXdDO2ut3YA:10 a=sRI3_1zDfAgwuvI8zelB:22 Reply-To: Brian.Inglis@SystematicSw.ab.ca Subject: Re: XLanuch.exe is a Trojan-It allows remote control of my pc without my knowledge or permission To: cygwin@cygwin.com References: From: Brian Inglis Message-ID: <30051303-5c89-3f71-6de5-aece77a58c6c@SystematicSw.ab.ca> Date: Wed, 28 Jun 2017 16:55:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-CMAE-Envelope: MS4wfJAHUuZ+wFo6yLQPy03jAO8KbMxCLO2nJhmYcefHSq96EJnrRUa5I2/Z98ie/dVvIf5kxg4B05OoJBGK+rZMPSs/2uNrV3thQu/hIaipgKQVQ9o4Npiq zbFbjLfBYW/CuLRGv/IvlnCwCUApDS02lSdAJZqSmiIaMgFneuZWGfFi/PSlSdGW60TPGhTyjlHRnQ== X-IsSubscribed: yes X-SW-Source: 2017-06/txt/msg00388.txt.bz2 On 2017-06-28 10:21, Erik Soderquist wrote: > On Wed, Jun 28, 2017 at 12:07 PM, Sagar Kapadia wrote: >> HI, >> I wish to report that Cygwin.XLaunch.exe is a Trojan and it allows >> remote control of a pc without the users knowledge or permission. I >> installed the cygwin package and the Xwindows server too. However, >> today, I found somebody controlling my pc remotely. I know because the >> mouse behaved erratically and then the XLanuch configuration screen >> came up. I tried to kill it using the Task Manager but it would >> restart. I had to reboot and turn off networking and then delete the >> cygwin folder. I've had mice behave like that when they needed a new battery or before they died; also intermittent responsiveness which can have weird results, while Windows Update is failing to apply patches and backing them out in the background. Replace your mouse battery and check Windows Update History for that timeframe. > Where did you get this copy of cygwin from? Did you use the official > installer package from the cygwin site? > https://www.cygwin.com/setup-x86_64.exe or > https://www.cygwin.com/setup-x86.exe > XLaunch itself is a wizard to configure X server sessions, and if > someone remote controllig your PC is happening with the legitimate > XLaunch executable, I would suspect there is something else unwanted > on your machine that is using XLaunch as a tool. > However, if the cygwin source you downloaded from was either > compromised or was not a legitimate mirror to start with, that is not > a direct fault of cygwin, but rather a fault of the source of your > download. >> I dont know if you are aware of this issue or not, but I found it >> serious enough to report. Do you have Remote Access or Remote Assistance enabled on your system? Have you opened up your firewall to allow remote access? Did you run a malware scan to identify if there is something on your system? -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple