X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=4.4 required=5.0	tests=AWL,BAYES_20,SPF_HELO_PASS,T_RP_MATCHES_RCVD,WEBMAIL_BODY
X-Spam-Check-By: sourceware.org
From: "Monika Pietrzyk" <mpiet AT if DOT pw DOT edu DOT pl>
To: cygwin AT cygwin DOT com
Subject: trojans in cygwin
Date: Wed, 3 Nov 2010 15:16:54 +0100
Message-Id: <20101103141620.M88811@poczta.if.pw.edu.pl>
X-OriginatingIP: 77.185.210.31 (mpiet)
MIME-Version: 1.0
Content-Type: text/plain;	charset=iso-8859-2
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com


Hi, 

Half a year ago I've downloaded a new version of cygwin. Since then I had a 
big problem on my laptop (there was a trojan which was slowing down my 
computer so that I could not work on it and destroying the sound driver). I 
was trying to localize the source of the problem for several months without 
success (I was checking all software I had on my laptop but not cygwin, I 
thought it is safe). Only last days I understood that the trojan must sit in 
cygwin. And I was right. The trojan ATRAPS!IK was sitting in csih package! 

So, I've downloaded the newest version of cygwin (v. 1.7.5-1) hoping to get 
clean software. But it is even worse: there are already two trojans in 
cygwin!!! They were found by Amsisoft Anti-Malware. Below there are results 
of the scan: 

C:\Documents and Settings\toshiba\Desktop\CYGWIN 1.7.5-1\ftp%3a%2f%2fftp.uni- 
kl.de%2fpub%2fwindows%2fcygwin%2f\release\arj\arj-3.10.22-1.tar.bz2/usr\bin 
\arj.exe     detected: Trojan-Dropper!IK 
C:\Documents and Settings\toshiba\Desktop\CYGWIN 1.7.5-1\ftp%3a%2f%2fftp.uni- 
kl.de%2fpub%2fwindows%2fcygwin%2f\release\arj\arj-3.10.22-1.tar.bz2/ 
rearj.1     detected: Trojan-Dropper!IK 
C:\Documents and Settings\toshiba\Desktop\CYGWIN 1.7.5-1\ftp%3a%2f%2fftp.uni- 
kl.de%2fpub%2fwindows%2fcygwin%2f\release\csih\csih-0.9.1-1.tar.bz2/usr\lib 
\csih\getAccountName     detected: Trojan.ATRAPS!IK 
C:\Documents and Settings\toshiba\Desktop\CYGWIN 1.7.5-1\ftp%3a%2f%2fftp.uni- 
kl.de%2fpub%2fwindows%2fcygwin%2f\release\csih\csih-0.9.1-1.tar.bz2/usr\share 
\doc\Cygwin\csih.README     detected: Trojan.ATRAPS!IK 


Can you advice to me where I can download clean cygwin without trojans? 

Greetings, 

Monika
--
Open WebMail Project (http://openwebmail.org)


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple