Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Reply-To:	Cygwin List <cygwin AT cygwin DOT com>
Message-Id:	<6.1.0.6.0.20041029171548.04086b48@pop.prospeed.net>
X-Sender:
Date:	Fri, 29 Oct 2004 17:21:28 -0400
To:	"George Hester" <hesterloli AT hotmail DOT com>, cygwin AT cygwin DOT com
From:	Larry Hall <lh-no-personal-replies-please AT cygwin DOT com>
Subject:	Re: Cygwin finally croaked
In-Reply-To:	<clu8pu$7tb$1@sea.gmane.org>
References:	<clgd13$p30$1 AT sea DOT gmane DOT org> <6 DOT 1 DOT 0 DOT 6 DOT 0 DOT 20041024172159 DOT 041420c8 AT pop DOT prospeed DOT net> <clh8p5$ph6$1 AT sea DOT gmane DOT org> <6 DOT 1 DOT 0 DOT 6 DOT 0 DOT 20041024181115 DOT 0415edb0 AT pop DOT prospeed DOT net> <clhflc$67v$1 AT sea DOT gmane DOT org> <6 DOT 1 DOT 0 DOT 6 DOT 0 DOT 20041025101504 DOT 045a3008 AT pop DOT prospeed DOT net> <clk533$3cu$1 AT sea DOT gmane DOT org> <6 DOT 1 DOT 0 DOT 6 DOT 0 DOT 20041025205130 DOT 04524c18 AT pop DOT prospeed DOT net> <clu8pu$7tb$1 AT sea DOT gmane DOT org>
Mime-Version:	1.0

At 04:05 PM 10/29/2004, you wrote:
>"Larry Hall" <xxx AT xxxx DOT xx> wrote in message 


<http://cygwin.com/acronyms/#PCYMTNQREAIYR>

Someone should bug gmane about this. 



>Larry I think I figured it out and it has nothing to do with Cygwin.  


<snip>


>When I did that I got cscript is not an internal command.  That is not good.  It meant my ccript.exe was missing.  Well sort of.  After investigating this I noticed I had a new Service and new user accounts in my Server.  Sure enough something was uploaded into my system directory.  It is a variant of ServU which is commonly used by hackers.  They used it in conjunction with:
>

<snip>

>There are two more services that also run.  I looked at the ini used to set it all up and so knew where to look.  I believe it happened due to the Windows Media Service because now that is broke.  I removed it.
>
>I found these because I knew the time the issue above started and I was able to see the new files created in my System directory around that time.
>
>Anyway I noticed the issue with Cygwin at about the same time.  I have cleaned these things out and voila Cygwin is fine now.
>
>Thanks for looking into this with me.


Well, I'm quite sure I would not have been able to direct you to what 
you found beyond the references I made to look at "other things" on your
system.  Clearly, you took that to heart though and found something very 
specific and very wrong (which your attempt to run the modified cygwin.bat 
file clearly showed - sorry I didn't comment on that earlier).  In any case,
well done.  Glad you found the problem and got things back under control.
Your persistence paid off and for more than just Cygwin. :-)


--
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
838 Washington Street                   (508) 893-9889 - FAX
Holliston, MA 01746                     


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -