Mail Archives: cygwin/2017/06/28/12:21:21

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2017/06/28/12:21:21

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:in-reply-to:references:from:date

:message-id:subject:to:content-type; q=dns; s=default; b=wDygBVg

DWD3RayZjAftjfgw85rZ72Wmgpmp/eg5o0Pz8+cOAlXgh+l2xB/EKh37jPrwnhUw

676koytd1vh2iLkHOTTcILQohmNOMJT4Efn9DPXsnq14Ayjr8SogHvwDbYH5Jbjh

k9qRbXKIcw0hD81l+WKdTe2X5wj8ixtkP0L8=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:in-reply-to:references:from:date

:message-id:subject:to:content-type; s=default; bh=8DXS+q7lDCn6B

NwXOy9bS0UPlWM=; b=Okb2e6pgqBRjLIKDGlrUfm81cVIGz/4Y/h6DhmQFoUY7B

PmXZh0abR7P3+iqvSYEjzpwWwgpIa4yG8zGnQyS8SDclmreHBUU0SCowDiJjQTr8

ufno/gOwrq+bpVSDQaIdfYWYbmdRrmXMgLfsmUVIujWdIuPoidxhNTAfsvoPF8=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=0.8 required=5.0 tests=AWL,BAYES_00,EXECUTABLE_URI,FREEMAIL_FROM,KAM_EXEURI,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM,SPF_PASS autolearn=no version=3.3.2 spammy=compromised, heard, Manager, site

X-HELO: mail-wm0-f49.google.com

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to; bh=p3ZiGr5jPsm8+YbAHjEk3AzZ/XrhQpj2G9N48xJLIAQ=; b=ExcUQZzwTqE95XIqcySndKWtqGybZMj63HsjRP14n0ZwiDN7gZiIfTdx0m4joqWYyc b3a2u1fphNufHIS++SUK2rto5bw3RxyDCwWkHblNMWoHzbx2SGs6LL+GWqE3qioZANg7 fhfD0T8KC7bawySX6KVflHNbZQcHXUu2WfosMkpIY85VJOWmjQYe7Z4UQDsVSSejwase w7nijO9NAwDLCrasvsPbjCKUOEffaIm1SHzxeoPkt5E9GlAvfSYsRsgq/8lBYaXz91l2 0rwTBcXFfWyME1ZqmVjNYAPl7KKsQ5odxQ2MjKZN2kWaSmYiIpyJgwO0Y8vn26SCK3nW l1Zg==

X-Gm-Message-State: AKS2vOzZr7h9POpZTorJvtgZkDFfa9o6Pqsnu2B1PWIv8s6FR1P9vX+q fmqandVNCaCj36gPurrRrfMBdE+wqFit0e8=

X-Received: by 10.28.139.145 with SMTP id n139mr8543487wmd.53.1498666863666; Wed, 28 Jun 2017 09:21:03 -0700 (PDT)

MIME-Version: 1.0

In-Reply-To: <CAPXRkNEx44KFypaqj+hjrF+r8Es-xSmBTCcT2PED7XSrAchGNw@mail.gmail.com>

References: <CAPXRkNEx44KFypaqj+hjrF+r8Es-xSmBTCcT2PED7XSrAchGNw AT mail DOT gmail DOT com>

From: Erik Soderquist <ErikSoderquist AT gmail DOT com>

Date: Wed, 28 Jun 2017 12:21:03 -0400

Message-ID: <CACoZoo13PwvqZ6p6kuUAggTfBW0sF3absub0i7rFBXz50vLk5A@mail.gmail.com>

Subject: Re: XLanuch.exe is a Trojan-It allows remote control of my pc without my knowledge or permission

To: cygwin <cygwin AT cygwin DOT com>

X-IsSubscribed: yes

On Wed, Jun 28, 2017 at 12:07 PM, Sagar Kapadia  wrote:
> HI,
> I wish to report that Cygwin.XLaunch.exe is a Trojan and it allows
> remote control of a pc without the users knowledge or permission. I
> installed the cygwin package and the Xwindows server too. However,
> today, I found somebody controlling my pc remotely. I know because the
> mouse behaved erratically and then the XLanuch configuration screen
> came up. I tried to kill it using the Task Manager but it would
> restart. I had to reboot and turn off networking and then delete the
> cygwin folder.

Where did you get this copy of cygwin from?  Did you use the official
installer package from the cygwin site?
https://www.cygwin.com/setup-x86_64.exe or
https://www.cygwin.com/setup-x86.exe

XLaunch itself is a wizard to configure X server sessions, and if
someone remote controllig your PC is happening with the legitimate
XLaunch executable, I would suspect there is something else unwanted
on your machine that is using XLaunch as a tool.

However, if the cygwin source you downloaded from was either
compromised or was not a legitimate mirror to start with, that is not
a direct fault of cygwin, but rather a fault of the source of your
download.

> I dont know if you are aware of this issue or not, but I found it
> serious enough to report.

This is the first I've heard

-- Erik

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:in-reply-to:references:from:date
	:message-id:subject:to:content-type; q=dns; s=default; b=wDygBVg
	DWD3RayZjAftjfgw85rZ72Wmgpmp/eg5o0Pz8+cOAlXgh+l2xB/EKh37jPrwnhUw
	676koytd1vh2iLkHOTTcILQohmNOMJT4Efn9DPXsnq14Ayjr8SogHvwDbYH5Jbjh
	k9qRbXKIcw0hD81l+WKdTe2X5wj8ixtkP0L8=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:in-reply-to:references:from:date
	:message-id:subject:to:content-type; s=default; bh=8DXS+q7lDCn6B
	NwXOy9bS0UPlWM=; b=Okb2e6pgqBRjLIKDGlrUfm81cVIGz/4Y/h6DhmQFoUY7B
	PmXZh0abR7P3+iqvSYEjzpwWwgpIa4yG8zGnQyS8SDclmreHBUU0SCowDiJjQTr8
	ufno/gOwrq+bpVSDQaIdfYWYbmdRrmXMgLfsmUVIujWdIuPoidxhNTAfsvoPF8=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=0.8 required=5.0 tests=AWL,BAYES_00,EXECUTABLE_URI,FREEMAIL_FROM,KAM_EXEURI,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM,SPF_PASS autolearn=no version=3.3.2 spammy=compromised, heard, Manager, site
X-HELO:	mail-wm0-f49.google.com
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to; bh=p3ZiGr5jPsm8+YbAHjEk3AzZ/XrhQpj2G9N48xJLIAQ=; b=ExcUQZzwTqE95XIqcySndKWtqGybZMj63HsjRP14n0ZwiDN7gZiIfTdx0m4joqWYyc b3a2u1fphNufHIS++SUK2rto5bw3RxyDCwWkHblNMWoHzbx2SGs6LL+GWqE3qioZANg7 fhfD0T8KC7bawySX6KVflHNbZQcHXUu2WfosMkpIY85VJOWmjQYe7Z4UQDsVSSejwase w7nijO9NAwDLCrasvsPbjCKUOEffaIm1SHzxeoPkt5E9GlAvfSYsRsgq/8lBYaXz91l2 0rwTBcXFfWyME1ZqmVjNYAPl7KKsQ5odxQ2MjKZN2kWaSmYiIpyJgwO0Y8vn26SCK3nW l1Zg==
X-Gm-Message-State:	AKS2vOzZr7h9POpZTorJvtgZkDFfa9o6Pqsnu2B1PWIv8s6FR1P9vX+q fmqandVNCaCj36gPurrRrfMBdE+wqFit0e8=
X-Received:	by 10.28.139.145 with SMTP id n139mr8543487wmd.53.1498666863666; Wed, 28 Jun 2017 09:21:03 -0700 (PDT)
MIME-Version:	1.0
In-Reply-To:	<CAPXRkNEx44KFypaqj+hjrF+r8Es-xSmBTCcT2PED7XSrAchGNw@mail.gmail.com>
References:	<CAPXRkNEx44KFypaqj+hjrF+r8Es-xSmBTCcT2PED7XSrAchGNw AT mail DOT gmail DOT com>
From:	Erik Soderquist <ErikSoderquist AT gmail DOT com>
Date:	Wed, 28 Jun 2017 12:21:03 -0400
Message-ID:	<CACoZoo13PwvqZ6p6kuUAggTfBW0sF3absub0i7rFBXz50vLk5A@mail.gmail.com>
Subject:	Re: XLanuch.exe is a Trojan-It allows remote control of my pc without my knowledge or permission
To:	cygwin <cygwin AT cygwin DOT com>
X-IsSubscribed:	yes