X-Recipient: archive-cygwin@delorie.com
X-Spam-Check-By: sourceware.org
Message-ID: <48CF70E1.90008@sellers.com>
Date: Tue, 16 Sep 2008 01:40:01 -0700
From: John Sellers <jks_nospam@sellers.com>
User-Agent: Thunderbird 2.0.0.16 (Windows/20080708)
MIME-Version: 1.0
To: John Sellers <jks_nospam@sellers.com>
CC: cygwin@cygwin.com
Subject: Re: Why is regedit referenced?
References: <48C4B480.5030003@sellers.com>
In-Reply-To: <48C4B480.5030003@sellers.com>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

I don't know if it is related, but today I ran a scan with Kaspersky 
Internet Security 2009, and it reported that a couple of files in the 
cygwin directories were infected by Net_Worm.win32.sassor.be.

These were:

   coreutils-6.7-1.tar.bzz
   coreutils-6.7-2.tar.bzz

and more specifically:

   coreutils-6.7-2//user/bin/gkill.exe

I'll post a new thread on this.


John Sellers wrote:
> <div class="moz-text-flowed">When I run Cygwin on my WindowsXP 
> machine, my firewall informs me of regedit activity, searching, and 
> text manipulation.  I have not located the source of this activity.
>
> The install is a clean one without any significant Internet activity 
> that might lead to any third-party detection or downloads to my machine.
>
> Is this behavior expected or have I picked up something nasty from setup?
> </div>
>


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/