This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: SPAM - Re: How did I get it?


Thanks for the response Max.

I tried running regedit. It pops up and then immediately closes itself, the
same thing happens when I attempt to run msconfig.

I found cygwin1.dll in the \windows directory. I also found a new exe -
shiver.exe. A search of the web indicates that this is a trojan.


----- Original Message -----
From: Max Bowsher
To: Jack Rose ; cygwin@cygwin.com
Sent: Saturday, December 14, 2002 4:11 AM
Subject: SPAM - Re: How did I get it?


Jack Rose <jrose22@columbus.rr.com> wrote:

> Could some tell me how the CYGWIN1.DLL ended up on my computer. It
> seems to have just appeared at 3:09am yesterday and I know I wasn't
> working at that time.
>
> Could this have been uploaded to my machine for malicious purposes?
> If so, what else should I be looking for, besides a better firewall
> and virus detector?
>
> Any information would be appreciated...

Well, someone (apparently not you) installed Cygwin, or a program which uses
a cut down Cygwin install to function.

What is the full path to Cygwin1.dll? If it is in Windows/System(32) or the
equivalent, look in the registry at:

HKLM\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/
(NB: the value name is a single forward slash.),
and the corresponding path in HKCU.

The value of that will provide a hint.

Max.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]