Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rundll32.exe Gone Berserk!


  • Please log in to reply
3 replies to this topic

#1 heavyjavadrinker

heavyjavadrinker

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:06:38 PM

Posted 19 August 2008 - 09:24 AM

My inspiron 1200 laptop has windows xp home edition installed. About 2 weeks ago,
I noticed the little light for the hard drive coming on continuously and the os slowing down.
I looked in the Task Manager and noticed RUNDLL32.exe in the list. The odd thing is that
it doesn't stay in the list very long. It will pop in the list for a few seconds and then disappear.
It will then reappear in the list somewhere else. It doesn't stay still long enough to end it.

I tried using Killbox to delete rundll32.exe, and now
when I try to access icons in the control panel I get the messege:

"Windows cannot find C:\WINDOWS\system32\rundll32.exe"


also, I scanned the entire computer with Avast! Spybot, and Ad-Aware prior
to using Killbox, and it did list rundll32.exe as a virus or threat.

Anyone know what the problem is?

BC AdBot (Login to Remove)

 


#2 samuel3

samuel3

  • Members
  • 2,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 PM

Posted 19 August 2008 - 09:28 AM

I had this problem, i just reinstalled windows, and fixed it.

#3 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:06:38 PM

Posted 19 August 2008 - 09:34 AM

Rundll32.exe is a legitimate application AND a virus. It all depends on where it's located. Most likely the one that you deleted was a good one.

Also, malware will use the legitimate rundll32.exe to launch their dll files. That'll show up in Task Manager like you've seen.

I'm going to move this one over to the Am I Infected forum for some more expert help.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#4 Guest_BlackBurst_*

Guest_BlackBurst_*

  • Guests
  • OFFLINE
  •  

Posted 19 August 2008 - 09:43 AM

These days viruses and malware are disguising themselves as or replace normal system files. It's fairly common.

"Windows cannot find C:\WINDOWS\system32\rundll32.exe" seems like it might be an indicator of this problem, as well as your system slowing down.
One subtlety is that some viruses will name themselves something that looks like RunDLL32.exe but is actually RunD||32.exe (vertical bars) or RunD1132.exe (number ones) Notice no LL's.
As it turns out there a lot of different combinations which all look similar enough to fool us at a glance. Other infections will actually replace or rename the original RunDLL32.exe.

I would reinstall windows also (to get rid of the virus or malware). When you make backups, be aware that if you backup your programs they might be
infected which means if you run them again, you'll reinfect your system again. It's probably best to not backup programs and just reinstall them later. Of course you can
backup your photos and sounds and text documents and pdf's and stuff like that. And you could export your browser favorites/bookmarks and save those too.

If you have a backup data image of your main partition (like with Acronis True Image or something), then you could restore to that instead of reinstalling windows.

Good Luck.

P.S.- when you reinstall Windows, make sure that it does a disk format and a fresh install otherwise it probably won't erase the infection.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users