X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:in-reply-to:references:from:date
	:message-id:subject:to:content-type; q=dns; s=default; b=lswJN9F
	8qqudyqX8W4/eoIbQL0tl9dbto807g6lLjWqUn5D66BarTI7edB1jZNuvq0tpr3l
	6ekM3qRJfNEe2UFZI7/yDVSVmlwdW/2my60y26sGBytQhcJAJ+g8Gd5GrL3+k3bS
	KTC7kXNmCSiqd76P0mQ9y7XgpNE2+hbNKxz8=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:in-reply-to:references:from:date
	:message-id:subject:to:content-type; s=default; bh=DKzNQeQtG0csu
	hymE69QX1P+sP0=; b=h60cKnSK1Y06ODVCPchKdDF4davSubnLS0Nkk+NxmIrSx
	bOoln/z3Kmtetpz13DNqdWPNFAHP43qQ9bmkMvFZFitM80bhYbhV+0OwEV/JqCjP
	KQLiSYmJVtOADPfuvBQTnxweVAVJRsUsFpjgd2zbpnWmHIh6ICoskGr05NsANA=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.4 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM,SPF_PASS autolearn=no version=3.3.2 spammy=firewall, malware, knowledgeable, person
X-HELO: mail-wm0-f54.google.com
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=1e100.net; s=20161025;        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from         :date:message-id:subject:to;        bh=+vjbaFs3N+9GI+45owSJ3YHU17Q8pDUz/5aHFzRHXMQ=;        b=KCal6TyziL6om6Rq8F5QjcoI0SzaJnHCl1hT4Imid8Ar71r2OcmaRRcbZqcI44PYGB         nIoo3EVwJuEV+wYzTKFVY3Apv5UF+0208UR2R2mTFh/bQnxCVbUYGvLUioNRdPzGUIoS         9wg8qQvI2m5iPiL1qTe0wfOA3v9hyi1NCqiE3S8Y0yJA9tmFqDbwdWEVwvuYzddm0dAR         6q302WveUDFF5jGK1+izKINFIg9gSmDAGlBvKSE2XBNb08+zRBvij1iILjezHolvNwot         WuhWgzIPPbCeaNujVIezxrk42JiYMYOAu+MykfKkuxd/yWJ2CcxTJSZe47mLCrqiVpfh         us7w==
X-Gm-Message-State: AKS2vOyuOWbuyRXwjskNe7E72vwF23cmvcrvqypvTnL00jNn9Vccg6CW	guY2rcZLzyfYDDbtLRgZ6ZCiSbzyp/WGITw=
X-Received: by 10.28.32.70 with SMTP id g67mr8022512wmg.101.1498669865730; Wed, 28 Jun 2017 10:11:05 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <CACoZoo05K+qt9M9okTEFmHtnMPni_k6AtQPHmwtL7oQGn3xj5w@mail.gmail.com>
References: <CAPXRkNH7QPGrSVtiwLvZ9ZF3rmEGy=Q4R3VxwY=JU0SBZVZH+A@mail.gmail.com> <CACoZoo12-507_9K7cFQm8DsCOKNF1dzWesMFF=+c1j=JrANY0g@mail.gmail.com> <CAPXRkNFK=2b8Gjmb4ckCOXPGh_DFn6r2jRbxHMi3pNLn4cBSFg@mail.gmail.com> <CACoZoo1zYx-k0jpObPnqSs=f0Wnqgr=di+j8oZ4Ni2Z=KE_obg@mail.gmail.com> <CAPXRkNH5LLu7AhNPPwoKrNQfNuQdEJ-gx-QGhG4Vxh97oD3rzw@mail.gmail.com> <CACoZoo05K+qt9M9okTEFmHtnMPni_k6AtQPHmwtL7oQGn3xj5w@mail.gmail.com>
From: Erik Soderquist <ErikSoderquist@gmail.com>
Date: Wed, 28 Jun 2017 13:11:05 -0400
Message-ID: <CACoZoo0=O8e2gkcureBfp6HwageObe3ziH3cDkhAmuf-ibtejg@mail.gmail.com>
Subject: Re: XLanuch.exe is a Trojan-It allows remote control of my pc without my knowledge or permission [Reference Link]
To: cygwin <cygwin@cygwin.com>
Content-Type: text/plain; charset="UTF-8"
X-IsSubscribed: yes

On Wed, Jun 28, 2017 at 1:02 PM, Sagar Kapadia  wrote:
> Thanks for the detailed reply.
> However, one thing still puzzles me. Even if a another trojan/virus
> were to start XLaunch, it would still require another user to connect
> to my pc remotely over xlaunch to be any use. I have a static ip. by
> the way.

A static IP effectively means your computer will always be found at
the same address, so anyone on the network can reliably find your
computer when it is on and connected.

> Does that imply any vulnerability in xlaunch.

No, just that the remote controlling person wanted to use it for
something, no different from a remote controlling person using Windows
Explorer to copy files does not imply any vulnerability Windows
Explorer.  The vulnerability lies in how/where the remote controlling
person gained access to do the remote controlling in the first place.
That part is still a mystery.

> With my limited background, it seems that even though something
> launched xlaunch, there was somebody controlling it actively.
> And the connection did not ask for my permission.

I would check that your firewall is enabled and active, and if you are
not knowledgeable enough yourself, find someone who is to examine the
firewall rules for openings that should not be present as well as scan
the entire computer with an updated malware scanner.


-- Erik

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple