Mail Archives: cygwin/2010/11/03/10:17:10

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2010/11/03/10:17:10

X-Recipient: archive-cygwin AT delorie DOT com

X-SWARE-Spam-Status: No, hits=4.4 required=5.0 tests=AWL,BAYES_20,SPF_HELO_PASS,T_RP_MATCHES_RCVD,WEBMAIL_BODY

X-Spam-Check-By: sourceware.org

From: "Monika Pietrzyk" <mpiet AT if DOT pw DOT edu DOT pl>

To: cygwin AT cygwin DOT com

Subject: trojans in cygwin

Date: Wed, 3 Nov 2010 15:16:54 +0100

Message-Id: <20101103141620.M88811@poczta.if.pw.edu.pl>

X-OriginatingIP: 77.185.210.31 (mpiet)

MIME-Version: 1.0

X-IsSubscribed: yes

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Hi, 

Half a year ago I've downloaded a new version of cygwin. Since then I had a 
big problem on my laptop (there was a trojan which was slowing down my 
computer so that I could not work on it and destroying the sound driver). I 
was trying to localize the source of the problem for several months without 
success (I was checking all software I had on my laptop but not cygwin, I 
thought it is safe). Only last days I understood that the trojan must sit in 
cygwin. And I was right. The trojan ATRAPS!IK was sitting in csih package! 

So, I've downloaded the newest version of cygwin (v. 1.7.5-1) hoping to get 
clean software. But it is even worse: there are already two trojans in 
cygwin!!! They were found by Amsisoft Anti-Malware. Below there are results 
of the scan: 

C:\Documents and Settings\toshiba\Desktop\CYGWIN 1.7.5-1\ftp%3a%2f%2fftp.uni- 
kl.de%2fpub%2fwindows%2fcygwin%2f\release\arj\arj-3.10.22-1.tar.bz2/usr\bin 
\arj.exe     detected: Trojan-Dropper!IK 
C:\Documents and Settings\toshiba\Desktop\CYGWIN 1.7.5-1\ftp%3a%2f%2fftp.uni- 
kl.de%2fpub%2fwindows%2fcygwin%2f\release\arj\arj-3.10.22-1.tar.bz2/ 
rearj.1     detected: Trojan-Dropper!IK 
C:\Documents and Settings\toshiba\Desktop\CYGWIN 1.7.5-1\ftp%3a%2f%2fftp.uni- 
kl.de%2fpub%2fwindows%2fcygwin%2f\release\csih\csih-0.9.1-1.tar.bz2/usr\lib 
\csih\getAccountName     detected: Trojan.ATRAPS!IK 
C:\Documents and Settings\toshiba\Desktop\CYGWIN 1.7.5-1\ftp%3a%2f%2fftp.uni- 
kl.de%2fpub%2fwindows%2fcygwin%2f\release\csih\csih-0.9.1-1.tar.bz2/usr\share 
\doc\Cygwin\csih.README     detected: Trojan.ATRAPS!IK 


Can you advice to me where I can download clean cygwin without trojans? 

Greetings, 

Monika
--
Open WebMail Project (http://openwebmail.org)


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=4.4 required=5.0 tests=AWL,BAYES_20,SPF_HELO_PASS,T_RP_MATCHES_RCVD,WEBMAIL_BODY
X-Spam-Check-By:	sourceware.org
From:	"Monika Pietrzyk" <mpiet AT if DOT pw DOT edu DOT pl>
To:	cygwin AT cygwin DOT com
Subject:	trojans in cygwin
Date:	Wed, 3 Nov 2010 15:16:54 +0100
Message-Id:	<20101103141620.M88811@poczta.if.pw.edu.pl>
X-OriginatingIP:	77.185.210.31 (mpiet)
MIME-Version:	1.0
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com