Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <000801c2a38b$8815b1e0$6501a8c0@columbus.rr.com>
From: "Jack Rose" <jrose22 AT columbus DOT rr DOT com>
To: "Max Bowsher" <maxb AT ukf DOT net>, <cygwin AT cygwin DOT com>
References: <001d01c2a31a$2c55e8a0$6501a8c0 AT columbus DOT rr DOT com> <003801c2a350$d2995310$2a83883e AT pomello>
Subject: Re: SPAM - Re: How did I get it?
Date: Sat, 14 Dec 2002 11:11:53 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

Thanks for the response Max.

I tried running regedit. It pops up and then immediately closes itself, the
same thing happens when I attempt to run msconfig.

I found cygwin1.dll in the \windows directory. I also found a new exe -
shiver.exe. A search of the web indicates that this is a trojan.


----- Original Message -----
From: Max Bowsher
To: Jack Rose ; cygwin AT cygwin DOT com
Sent: Saturday, December 14, 2002 4:11 AM
Subject: SPAM - Re: How did I get it?


Jack Rose <jrose22 AT columbus DOT rr DOT com> wrote:

> Could some tell me how the CYGWIN1.DLL ended up on my computer. It
> seems to have just appeared at 3:09am yesterday and I know I wasn't
> working at that time.
>
> Could this have been uploaded to my machine for malicious purposes?
> If so, what else should I be looking for, besides a better firewall
> and virus detector?
>
> Any information would be appreciated...

Well, someone (apparently not you) installed Cygwin, or a program which uses
a cut down Cygwin install to function.

What is the full path to Cygwin1.dll? If it is in Windows/System(32) or the
equivalent, look in the registry at:

HKLM\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/
(NB: the value name is a single forward slash.),
and the corresponding path in HKCU.

The value of that will provide a hint.

Max.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/