This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: XLanuch.exe is a Trojan-It allows remote control of my pc without my knowledge or permission

On 2017-06-28 10:21, Erik Soderquist wrote:
> On Wed, Jun 28, 2017 at 12:07 PM, Sagar Kapadia  wrote:
>> HI,
>> I wish to report that Cygwin.XLaunch.exe is a Trojan and it allows
>> remote control of a pc without the users knowledge or permission. I
>> installed the cygwin package and the Xwindows server too. However,
>> today, I found somebody controlling my pc remotely. I know because the
>> mouse behaved erratically and then the XLanuch configuration screen
>> came up. I tried to kill it using the Task Manager but it would
>> restart. I had to reboot and turn off networking and then delete the
>> cygwin folder.

I've had mice behave like that when they needed a new battery or before they
died; also intermittent responsiveness which can have weird results, while
Windows Update is failing to apply patches and backing them out in the background.
Replace your mouse battery and check Windows Update History for that timeframe.

> Where did you get this copy of cygwin from?  Did you use the official
> installer package from the cygwin site?
> or
> XLaunch itself is a wizard to configure X server sessions, and if
> someone remote controllig your PC is happening with the legitimate
> XLaunch executable, I would suspect there is something else unwanted
> on your machine that is using XLaunch as a tool.
> However, if the cygwin source you downloaded from was either
> compromised or was not a legitimate mirror to start with, that is not
> a direct fault of cygwin, but rather a fault of the source of your
> download.
>> I dont know if you are aware of this issue or not, but I found it
>> serious enough to report.

Do you have Remote Access or Remote Assistance enabled on your system?
Have you opened up your firewall to allow remote access?
Did you run a malware scan to identify if there is something on your system?

Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]