This is the mail archive of the
mailing list for the Cygwin project.
Re: XLanuch.exe is a Trojan-It allows remote control of my pc without my knowledge or permission [Reference Link]
- From: Erik Soderquist <ErikSoderquist at gmail dot com>
- To: cygwin <cygwin at cygwin dot com>
- Date: Wed, 28 Jun 2017 13:11:05 -0400
- Subject: Re: XLanuch.exe is a Trojan-It allows remote control of my pc without my knowledge or permission [Reference Link]
- Authentication-results: sourceware.org; auth=none
- References: <CAPXRkNH7QPGrSVtiwLvZ9ZF3rmEGy=Q4R3VxwY=JU0SBZVZH+A@mail.gmail.com> <CACoZoo12-507_9K7cFQm8DsCOKNF1dzWesMFF=+c1j=JrANY0g@mail.gmail.com> <CAPXRkNFK=2b8Gjmb4ckCOXPGh_DFn6r2jRbxHMi3pNLn4cBSFg@mail.gmail.com> <CACoZoo1zYx-k0jpObPnqSs=f0Wnqgr=di+j8oZ4Ni2Z=KE_obg@mail.gmail.com> <CAPXRkNH5LLu7AhNPPwoKrNQfNuQdEJ-gx-QGhG4Vxh97oD3rzw@mail.gmail.com> <CACoZoo05K+qt9M9okTEFmHtnMPni_k6AtQPHmwtL7oQGn3xj5w@mail.gmail.com>
On Wed, Jun 28, 2017 at 1:02 PM, Sagar Kapadia wrote:
> Thanks for the detailed reply.
> However, one thing still puzzles me. Even if a another trojan/virus
> were to start XLaunch, it would still require another user to connect
> to my pc remotely over xlaunch to be any use. I have a static ip. by
> the way.
A static IP effectively means your computer will always be found at
the same address, so anyone on the network can reliably find your
computer when it is on and connected.
> Does that imply any vulnerability in xlaunch.
No, just that the remote controlling person wanted to use it for
something, no different from a remote controlling person using Windows
Explorer to copy files does not imply any vulnerability Windows
Explorer. The vulnerability lies in how/where the remote controlling
person gained access to do the remote controlling in the first place.
That part is still a mystery.
> With my limited background, it seems that even though something
> launched xlaunch, there was somebody controlling it actively.
> And the connection did not ask for my permission.
I would check that your firewall is enabled and active, and if you are
not knowledgeable enough yourself, find someone who is to examine the
firewall rules for openings that should not be present as well as scan
the entire computer with an updated malware scanner.
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple