Mail Archives: cygwin/2002/12/14/11:13:42

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2002/12/14/11:13:42

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sources.redhat.com/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Message-ID: <000801c2a38b$8815b1e0$6501a8c0@columbus.rr.com>

From: "Jack Rose" <jrose22 AT columbus DOT rr DOT com>

To: "Max Bowsher" <maxb AT ukf DOT net>, <cygwin AT cygwin DOT com>

References: <001d01c2a31a$2c55e8a0$6501a8c0 AT columbus DOT rr DOT com> <003801c2a350$d2995310$2a83883e AT pomello>

Subject: Re: SPAM - Re: How did I get it?

Date: Sat, 14 Dec 2002 11:11:53 -0500

MIME-Version: 1.0

X-Priority: 3

X-MSMail-Priority: Normal

X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

Thanks for the response Max.

I tried running regedit. It pops up and then immediately closes itself, the
same thing happens when I attempt to run msconfig.

I found cygwin1.dll in the \windows directory. I also found a new exe -
shiver.exe. A search of the web indicates that this is a trojan.

----- Original Message -----
From: Max Bowsher
To: Jack Rose ; cygwin AT cygwin DOT com
Sent: Saturday, December 14, 2002 4:11 AM
Subject: SPAM - Re: How did I get it?

Jack Rose <jrose22 AT columbus DOT rr DOT com> wrote:

> Could some tell me how the CYGWIN1.DLL ended up on my computer. It
> seems to have just appeared at 3:09am yesterday and I know I wasn't
> working at that time.
>
> Could this have been uploaded to my machine for malicious purposes?
> If so, what else should I be looking for, besides a better firewall
> and virus detector?
>
> Any information would be appreciated...

Well, someone (apparently not you) installed Cygwin, or a program which uses
a cut down Cygwin install to function.

What is the full path to Cygwin1.dll? If it is in Windows/System(32) or the
equivalent, look in the registry at:

HKLM\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/
(NB: the value name is a single forward slash.),
and the corresponding path in HKCU.

The value of that will provide a hint.

Max.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Message-ID:	<000801c2a38b$8815b1e0$6501a8c0@columbus.rr.com>
From:	"Jack Rose" <jrose22 AT columbus DOT rr DOT com>
To:	"Max Bowsher" <maxb AT ukf DOT net>, <cygwin AT cygwin DOT com>
References:	<001d01c2a31a$2c55e8a0$6501a8c0 AT columbus DOT rr DOT com> <003801c2a350$d2995310$2a83883e AT pomello>
Subject:	Re: SPAM - Re: How did I get it?
Date:	Sat, 14 Dec 2002 11:11:53 -0500
MIME-Version:	1.0
X-Priority:	3
X-MSMail-Priority:	Normal
X-MIMEOLE:	Produced By Microsoft MimeOLE V6.00.2800.1106