X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; q=dns; s=default; b=lswJN9F 8qqudyqX8W4/eoIbQL0tl9dbto807g6lLjWqUn5D66BarTI7edB1jZNuvq0tpr3l 6ekM3qRJfNEe2UFZI7/yDVSVmlwdW/2my60y26sGBytQhcJAJ+g8Gd5GrL3+k3bS KTC7kXNmCSiqd76P0mQ9y7XgpNE2+hbNKxz8= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; s=default; bh=DKzNQeQtG0csu hymE69QX1P+sP0=; b=h60cKnSK1Y06ODVCPchKdDF4davSubnLS0Nkk+NxmIrSx bOoln/z3Kmtetpz13DNqdWPNFAHP43qQ9bmkMvFZFitM80bhYbhV+0OwEV/JqCjP KQLiSYmJVtOADPfuvBQTnxweVAVJRsUsFpjgd2zbpnWmHIh6ICoskGr05NsANA= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.4 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM,SPF_PASS autolearn=no version=3.3.2 spammy=firewall, malware, knowledgeable, person X-HELO: mail-wm0-f54.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to; bh=+vjbaFs3N+9GI+45owSJ3YHU17Q8pDUz/5aHFzRHXMQ=; b=KCal6TyziL6om6Rq8F5QjcoI0SzaJnHCl1hT4Imid8Ar71r2OcmaRRcbZqcI44PYGB nIoo3EVwJuEV+wYzTKFVY3Apv5UF+0208UR2R2mTFh/bQnxCVbUYGvLUioNRdPzGUIoS 9wg8qQvI2m5iPiL1qTe0wfOA3v9hyi1NCqiE3S8Y0yJA9tmFqDbwdWEVwvuYzddm0dAR 6q302WveUDFF5jGK1+izKINFIg9gSmDAGlBvKSE2XBNb08+zRBvij1iILjezHolvNwot WuhWgzIPPbCeaNujVIezxrk42JiYMYOAu+MykfKkuxd/yWJ2CcxTJSZe47mLCrqiVpfh us7w== X-Gm-Message-State: AKS2vOyuOWbuyRXwjskNe7E72vwF23cmvcrvqypvTnL00jNn9Vccg6CW guY2rcZLzyfYDDbtLRgZ6ZCiSbzyp/WGITw= X-Received: by 10.28.32.70 with SMTP id g67mr8022512wmg.101.1498669865730; Wed, 28 Jun 2017 10:11:05 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: From: Erik Soderquist Date: Wed, 28 Jun 2017 13:11:05 -0400 Message-ID: Subject: Re: XLanuch.exe is a Trojan-It allows remote control of my pc without my knowledge or permission [Reference Link] To: cygwin Content-Type: text/plain; charset="UTF-8" X-IsSubscribed: yes On Wed, Jun 28, 2017 at 1:02 PM, Sagar Kapadia wrote: > Thanks for the detailed reply. > However, one thing still puzzles me. Even if a another trojan/virus > were to start XLaunch, it would still require another user to connect > to my pc remotely over xlaunch to be any use. I have a static ip. by > the way. A static IP effectively means your computer will always be found at the same address, so anyone on the network can reliably find your computer when it is on and connected. > Does that imply any vulnerability in xlaunch. No, just that the remote controlling person wanted to use it for something, no different from a remote controlling person using Windows Explorer to copy files does not imply any vulnerability Windows Explorer. The vulnerability lies in how/where the remote controlling person gained access to do the remote controlling in the first place. That part is still a mystery. > With my limited background, it seems that even though something > launched xlaunch, there was somebody controlling it actively. > And the connection did not ask for my permission. I would check that your firewall is enabled and active, and if you are not knowledgeable enough yourself, find someone who is to examine the firewall rules for openings that should not be present as well as scan the entire computer with an updated malware scanner. -- Erik -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple