From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 25541 invoked by alias); 14 Dec 2002 16:36:02 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 25530 invoked from network); 14 Dec 2002 16:35:59 -0000 Received: from unknown (HELO uhura.concentric.net) (206.173.118.93) by sources.redhat.com with SMTP; 14 Dec 2002 16:35:59 -0000 Received: from cliff.concentric.net (cliff.concentric.net [206.173.118.90]) by uhura.concentric.net [Concentric SMTP Routing 1.0] id gBEGZwC10606 for ; Sat, 14 Dec 2002 11:35:58 -0500 (EST) Received: from Clemens.cris.com (da003d0641.sjc-ca.osd.concentric.net [64.1.2.130]) by cliff.concentric.net (8.9.1a) id LAA17717; Sat, 14 Dec 2002 11:35:57 -0500 (EST) Message-Id: <5.2.0.9.2.20021214082824.00ff3e48@pop3.cris.com> X-Sender: rrschulz@pop3.cris.com Date: Sat, 14 Dec 2002 11:34:00 -0000 To: cygwin@cygwin.com From: Randall R Schulz Subject: Re: How did I get it? In-Reply-To: <3DFB21EF.9030508@mscha.org> References: <003801c2a350$d2995310$2a83883e@pomello> <001d01c2a31a$2c55e8a0$6501a8c0@columbus.rr.com> <003801c2a350$d2995310$2a83883e@pomello> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-SW-Source: 2002-12/txt/msg00780.txt.bz2 Gentlemen, This is a little disappointing... The "MovieWorld" virus described at the McAfee site () appears to be unknown to Norton AntiVirus. I tried searching the NAV virus encyclopedia using both "MovieWorld," "Cygwin," "Cygwin1.dll" and "SUA.BAT" (a file listed as essential to the MovieWorld Trojan on the McAfee site) to no avail. This despite the date on the McAfee listing is June 4, 2002. So, it appears those who use Norton AntiVirus will not detect this Trojan. Randall Schulz Mountain View, CA USA At 04:19 2002-12-14, Michael Schaap wrote: >On 14-Dec-2002 10:11, Max Bowsher wrote: >>Jack Rose wrote: >> >>>Could some tell me how the CYGWIN1.DLL ended up on my computer. It >>>seems to have just appeared at 3:09am yesterday and I know I wasn't >>>working at that time. >>> >>>Could this have been uploaded to my machine for malicious purposes? >>>If so, what else should I be looking for, besides a better firewall >>>and virus detector? >>> >>>Any information would be appreciated... >> >>Well, someone (apparently not you) installed Cygwin, or a program which uses >>a cut down Cygwin install to function. > >And this could indeed be a virus or worm. There is at least one that >includes cygwin1.dll: > >http://vil.mcafee.com/dispVirus.asp?virus_k=99529 > >I'd certainly check your PC carefully for viruses, if I were you. > > - Michael -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/