This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
Re: SPAM - Re: How did I get it?
Thanks for the response Max.
I tried running regedit. It pops up and then immediately closes itself, the
same thing happens when I attempt to run msconfig.
I found cygwin1.dll in the \windows directory. I also found a new exe -
shiver.exe. A search of the web indicates that this is a trojan.
----- Original Message -----
From: Max Bowsher
To: Jack Rose ; cygwin@cygwin.com
Sent: Saturday, December 14, 2002 4:11 AM
Subject: SPAM - Re: How did I get it?
Jack Rose <jrose22@columbus.rr.com> wrote:
> Could some tell me how the CYGWIN1.DLL ended up on my computer. It
> seems to have just appeared at 3:09am yesterday and I know I wasn't
> working at that time.
>
> Could this have been uploaded to my machine for malicious purposes?
> If so, what else should I be looking for, besides a better firewall
> and virus detector?
>
> Any information would be appreciated...
Well, someone (apparently not you) installed Cygwin, or a program which uses
a cut down Cygwin install to function.
What is the full path to Cygwin1.dll? If it is in Windows/System(32) or the
equivalent, look in the registry at:
HKLM\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/
(NB: the value name is a single forward slash.),
and the corresponding path in HKCU.
The value of that will provide a hint.
Max.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/