From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 78557 invoked by alias); 28 Jun 2017 16:21:08 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 77884 invoked by uid 89); 28 Jun 2017 16:21:07 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.8 required=5.0 tests=AWL,BAYES_00,EXECUTABLE_URI,FREEMAIL_FROM,KAM_EXEURI,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM,SPF_PASS autolearn=no version=3.3.2 spammy=compromised, heard, Manager, site X-HELO: mail-wm0-f49.google.com Received: from mail-wm0-f49.google.com (HELO mail-wm0-f49.google.com) (74.125.82.49) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 28 Jun 2017 16:21:06 +0000 Received: by mail-wm0-f49.google.com with SMTP id 62so58518615wmw.1 for ; Wed, 28 Jun 2017 09:21:05 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to; bh=p3ZiGr5jPsm8+YbAHjEk3AzZ/XrhQpj2G9N48xJLIAQ=; b=ExcUQZzwTqE95XIqcySndKWtqGybZMj63HsjRP14n0ZwiDN7gZiIfTdx0m4joqWYyc b3a2u1fphNufHIS++SUK2rto5bw3RxyDCwWkHblNMWoHzbx2SGs6LL+GWqE3qioZANg7 fhfD0T8KC7bawySX6KVflHNbZQcHXUu2WfosMkpIY85VJOWmjQYe7Z4UQDsVSSejwase w7nijO9NAwDLCrasvsPbjCKUOEffaIm1SHzxeoPkt5E9GlAvfSYsRsgq/8lBYaXz91l2 0rwTBcXFfWyME1ZqmVjNYAPl7KKsQ5odxQ2MjKZN2kWaSmYiIpyJgwO0Y8vn26SCK3nW l1Zg== X-Gm-Message-State: AKS2vOzZr7h9POpZTorJvtgZkDFfa9o6Pqsnu2B1PWIv8s6FR1P9vX+q fmqandVNCaCj36gPurrRrfMBdE+wqFit0e8= X-Received: by 10.28.139.145 with SMTP id n139mr8543487wmd.53.1498666863666; Wed, 28 Jun 2017 09:21:03 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.144.106 with HTTP; Wed, 28 Jun 2017 09:21:03 -0700 (PDT) In-Reply-To: References: From: Erik Soderquist Date: Wed, 28 Jun 2017 16:21:00 -0000 Message-ID: Subject: Re: XLanuch.exe is a Trojan-It allows remote control of my pc without my knowledge or permission To: cygwin Content-Type: text/plain; charset="UTF-8" X-IsSubscribed: yes X-SW-Source: 2017-06/txt/msg00384.txt.bz2 On Wed, Jun 28, 2017 at 12:07 PM, Sagar Kapadia wrote: > HI, > I wish to report that Cygwin.XLaunch.exe is a Trojan and it allows > remote control of a pc without the users knowledge or permission. I > installed the cygwin package and the Xwindows server too. However, > today, I found somebody controlling my pc remotely. I know because the > mouse behaved erratically and then the XLanuch configuration screen > came up. I tried to kill it using the Task Manager but it would > restart. I had to reboot and turn off networking and then delete the > cygwin folder. Where did you get this copy of cygwin from? Did you use the official installer package from the cygwin site? https://www.cygwin.com/setup-x86_64.exe or https://www.cygwin.com/setup-x86.exe XLaunch itself is a wizard to configure X server sessions, and if someone remote controllig your PC is happening with the legitimate XLaunch executable, I would suspect there is something else unwanted on your machine that is using XLaunch as a tool. However, if the cygwin source you downloaded from was either compromised or was not a legitimate mirror to start with, that is not a direct fault of cygwin, but rather a fault of the source of your download. > I dont know if you are aware of this issue or not, but I found it > serious enough to report. This is the first I've heard -- Erik -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple