Go Back   Tech Support Forum > Security Center > General Computer Security

rundll32.exe Malware?

This is a discussion on rundll32.exe Malware? within the General Computer Security forums, part of the Tech Support Forum category. My Task Manger lists two rundll32.exe. Is this a sign of malware and if so, how do I fix it.


Closed Thread
 
Thread Tools Search this Thread
Old 03-25-2007, 07:13 AM   #1
Registered Member
 
mel4him's Avatar
 
Join Date: Mar 2007
Posts: 8
OS: Windows XP



My Task Manger lists two rundll32.exe. Is this a sign of malware and if so, how do I fix it. :)

__________________
mel4him is offline  
Old 03-25-2007, 07:19 AM   #2
Enthusiastic TSFer~Joseph
 
Joefireline's Avatar
 
Join Date: Apr 2006
Location: Portishead (Bristol) England
Posts: 5,318
OS: Windows 7 64bit(Desktop) / XP Home SP2(laptop)

My System

Send a message via MSN to Joefireline

Hello and welcome to TSF,
Well, rundll32.exe is a legitiment process, but with 2, I'm not so sure...
Run through these steps: http://www.techsupportforum.com/secu...sting-log.html
And post a HJT log here: http://www.techsupportforum.com/secu...this-log-help/

__________________
Joefireline is offline  
Old 03-25-2007, 07:28 AM   #3
Team Manager, Articles
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 38,449
OS: Win XP Pro SP3 / Win 7 Pro

My System


Hi and welcome to TSF.

Have a search on your computer and check the location of rundll32.exe. It should be in the c:\Windows\system32 folder. Anywhere else and it's likely malware. It is used to load various library files (.dll) requested by Windows. How much memory is each instance using and what other apps did you have open at the time?
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Photographers Corner
Glaswegian is offline  
Old 03-25-2007, 07:55 AM   #4
Registered Member
 
mel4him's Avatar
 
Join Date: Mar 2007
Posts: 8
OS: Windows XP



This is what I get when I run a search for rundll32.exe:

RUNDLL32.EXE-44D2B0C6.pf C:\WINDOWS\prefetch
RUNDLL32.EXE-4DED6A50.pf C:\WINDOWS\prefetch
RUNDLL32.EXE-4EE39BB6.pf C:\WINDOWS\prefetch
RUNDLL32.EXE-5469015F.pf C:\WINDOWS\prefetch
RUNDLL32.EXE-62B8DA1A.pf C:\WINDOWS\prefetch
RUNDLL32.EXE-73C8210F.pf C:\WINDOWS\prefetch
RUNDLL32 C:\I386
rundll32 C:\WINDOWS\$NtServicePackUninstall$
rundll32 C:\WINDOWS\SYSTEM32
rundll32 C:\WINDOWS\ServicePackFiles\i386

And the only program that I have running is my AOL Browser at least that is the only one I opened.

The first rundll32.exe is using 2,728k and the other is using 1,808k
__________________
mel4him is offline  
Old 03-25-2007, 08:10 AM   #5
Team Manager, Articles
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 38,449
OS: Win XP Pro SP3 / Win 7 Pro

My System


Locations are OK - backup copies of system files are held in i386 and memory usage is OK.

Have you run any AV scans recently? Are you having any problems such as pop ups or browser redirects or anything unusual?
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Photographers Corner
Glaswegian is offline  
Old 03-25-2007, 09:26 AM   #6
Registered Member
 
mel4him's Avatar
 
Join Date: Mar 2007
Posts: 8
OS: Windows XP



Sorry it took me so long. I was having internet connection issues. Anyhow. I after rebooting my computer I checked the Task Manager and the rundll32.exe was there twice before I opened my AOL Brower. In regard to things that have been happening on my system, well first, I seem to be losing my internet connection alot more lately. I had to power cycle my modem just last Sunday in order to reset my IP address because I was losing my connection every 5 minutes. Same thing happened today. So I power cycled my modem again and it seems to be working fine now. Second, I keep getting the not responding message when I open a few of my Microsoft programs. Yesterday it was Microsoft Word and Picture It 7.0. As for Antivirus programs. I just ran SuperAntiSpyware and I have also run in the past week or so, when this all began, Ad-Adware SE, Spywareblaster, Spybot Search and Destroy, CW Shredder. The only thing I came up with was tracking cookies except for Spybot S&D. It gave me a Window Security Issue or something like that. I would have to run it again to find out. I removed it but it came back.
__________________
mel4him is offline  
Old 03-25-2007, 09:34 AM   #7
Team Manager, Articles
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 38,449
OS: Win XP Pro SP3 / Win 7 Pro

My System


Is Windows patched up to date?
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Photographers Corner
Glaswegian is offline  
Old 03-25-2007, 09:44 AM   #8
Registered Member
 
mel4him's Avatar
 
Join Date: Mar 2007
Posts: 8
OS: Windows XP



yes, and I keep losing my internet connection. I just ran Spybot S&D and it was clean so thats good. I have to leave for a bit. I am going to have to continue a bit later if that is okay. Let me know if there is anything else I can do so that I can give you any more info you may need to help me. And thanks for your help. I look forward to working with you in regards to this problem.
__________________
mel4him is offline  
Old 03-25-2007, 10:14 AM   #9
Team Manager, Articles
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 38,449
OS: Win XP Pro SP3 / Win 7 Pro

My System


OK - I think we need to have a proper look at your system. Please follow these instructions carefully.

Download Deckard's System Scanner (DSS) to your Desktop . Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - minimised > extra.txt and maximised > main.txt.
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in a new thread
    in the HJT Forum (do not attach it or post it here).
  5. Please attach extra.txt to your post.


To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.


Also provide a link to this thread for reference.

Please note that the HJT forum is constantly busy, so I would ask that you be patient while waiting for a reply.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Photographers Corner
Glaswegian is offline  
Old 12-04-2008, 02:53 PM   #10
Registered Member
 
Join Date: Dec 2008
Posts: 2
OS: win xp home



I have the same search results as him but no unusual internet issues. I have a question though. Is it ok if my rundll32.exe is being run by a user (me) and not the system?
__________________
Meatgull is offline  
Old 12-04-2008, 03:15 PM   #11
Team Manager, Articles
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 38,449
OS: Win XP Pro SP3 / Win 7 Pro

My System


Hi and welcome.

Yes, that's normal.

You can view more details on the .dll files being loaded by using Process Explorer

http://technet.microsoft.com/en-us/s.../bb896653.aspx
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Photographers Corner
Glaswegian is offline  
Old 12-05-2008, 04:28 AM   #12
Registered Member
 
Join Date: Dec 2008
Posts: 2
OS: win xp home



Thanks I was a little worried. It just showed up on day and i thought it was malware

__________________
Meatgull is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
APP32_16.EXE malware
ThComboScan v20070221.16 run by Ken Cowden on 2007-02-26 at 17:41:10 Computer is in Normal Mode. -------------------------------------------------------------------------------- Successfully created restore point. Performed disk cleanup. -- HijackThis (run as Ken Cowden.exe)...
bolero Resolved HJT Threads 6 03-18-2007 09:20 PM
Task Manager/Registry Editing Disabled (Malware? Trojan?)
Hey guys... I'm a newcomer here and I've never had a problem with my laptop (I make sure to run consistent malware/spyware/virus checks on it) until now. Recently everytime I try to access the task manager or use regedit (or edit a registry in any form) Windows tells me that it has been disabled by...
Peppero01 Inactive Malware Help Topics 3 02-18-2007 08:24 PM
popups everywhere
Hi, I've been trying to get rid of this issue for a week now, but no luck. Fresh popup every 40 seconds or so, and now text is starting to turn into links on websites I manage to get to. What seems really unusual to me is the tabs and popups in firefox(three as I've been typing this). Thank...
barometer Inactive Malware Help Topics 9 02-11-2006 09:41 PM
Help Hijack this logfile inside
Please help trojans and dialers infected. Ad-Aware run. Thanks Logfile of HijackThis v1.99.1 Scan saved at 10:49:26 PM, on 18/02/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL
dolfan13 Resolved HJT Threads 20 02-26-2005 04:24 AM
Need help with badurl viruse/this is what hijack found
Logfile of HijackThis v1.98.2 Scan saved at 5:57:37 AM, on 8/16/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe...
tonyhernandez Inactive Malware Help Topics 8 08-21-2004 05:43 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 08:30 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts