Mail Archives: cygwin/2002/12/19/19:47:57

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2002/12/19/19:47:57

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sources.redhat.com/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Message-ID: <002801c2a7c1$17989ec0$6501a8c0@columbus.rr.com>

From: "Jack Rose" <jrose22 AT columbus DOT rr DOT com>

To: "Michael Schaap" <cygwin AT mscha DOT org>

Cc: <cygwin AT cygwin DOT com>

References: <001d01c2a31a$2c55e8a0$6501a8c0 AT columbus DOT rr DOT com> <003801c2a350$d2995310$2a83883e AT pomello> <3DFB21EF DOT 9030508 AT mscha DOT org>

Subject: Re: SPAM - Re: How did I get it?

Date: Thu, 19 Dec 2002 19:45:27 -0500

MIME-Version: 1.0

X-Priority: 3

X-MSMail-Priority: Normal

X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

I'd like to thank all who responded to my query. The cygwin1.dll was indeed
used maliciously. I dumped my McAfee and purchased Norton System Works 2003.
It took me a total of 3 days get my infected machine back up and running.
Most of the difficultly came from the fact that the "worm" and its
associated programs remapped a lot of the registry.

Norton identified 3 worms with the main culprit being Backdoor.SubSeven22.
Two of the exe's being used were wlhsnrbw.exe and avill.exe.

Again - many thanks!

Jack Rose

----- Original Message -----
From: Michael Schaap
To: Jack Rose
Cc: cygwin AT cygwin DOT com
Sent: Saturday, December 14, 2002 7:19 AM
Subject: SPAM - Re: How did I get it?

On 14-Dec-2002 10:11, Max Bowsher wrote:
> Jack Rose <jrose22 AT columbus DOT rr DOT com> wrote:
>
>
>>Could some tell me how the CYGWIN1.DLL ended up on my computer. It
>>seems to have just appeared at 3:09am yesterday and I know I wasn't
>>working at that time.
>>
>>Could this have been uploaded to my machine for malicious purposes?
>>If so, what else should I be looking for, besides a better firewall
>>and virus detector?
>>
>>Any information would be appreciated...
>
>
> Well, someone (apparently not you) installed Cygwin, or a program which
uses
> a cut down Cygwin install to function.
>

And this could indeed be a virus or worm.  There is at least one that
includes cygwin1.dll:

http://vil.mcafee.com/dispVirus.asp?virus_k=99529

I'd certainly check your PC carefully for viruses, if I were you.

  - Michael

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Message-ID:	<002801c2a7c1$17989ec0$6501a8c0@columbus.rr.com>
From:	"Jack Rose" <jrose22 AT columbus DOT rr DOT com>
To:	"Michael Schaap" <cygwin AT mscha DOT org>
Cc:	<cygwin AT cygwin DOT com>
References:	<001d01c2a31a$2c55e8a0$6501a8c0 AT columbus DOT rr DOT com> <003801c2a350$d2995310$2a83883e AT pomello> <3DFB21EF DOT 9030508 AT mscha DOT org>
Subject:	Re: SPAM - Re: How did I get it?
Date:	Thu, 19 Dec 2002 19:45:27 -0500
MIME-Version:	1.0
X-Priority:	3
X-MSMail-Priority:	Normal
X-MIMEOLE:	Produced By Microsoft MimeOLE V6.00.2800.1106