Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Tendancies for rundll32/ reports in general?

  • Please log in to reply
2 replies to this topic

#1 bryguy894


  • Members
  • 9 posts
  • Local time:08:06 AM

Posted 05 April 2009 - 07:04 PM

Hey all, this is actually my first post (I'll head over to the introduction board soon)

..I'm trying to teach myself how to analyze hijackthis reports, and was wondering if, in, general, stuff like this:

O4 - HKLM\..\Run: [54f1df67] rundll32.exe "C:\WINDOWS\system32\kkqoqpvo.dll",b

could be legitimate, since dll's are crazy and confusing...or if the extremely random string of characters was a pretty good giveaway of shenanigans

thanks for any advice

also, i read in this site's tutorial that "fix this" doesn't really fix it, that you might have to delete the problems from the registry/ cache memory/ whatever it may be. can someone explain to me or direct me to where i can figure out exactly how you fix things when "fix this" isn't enough?

Edit: Moved topic from HijackThis Logs and Virus/Trojan/Spyware/Malware Removal to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)


#2 Romeo29


    Learning To Bleep

  • Members
  • 3,194 posts
  • Gender:Not Telling
  • Location:
  • Local time:10:06 AM

Posted 05 April 2009 - 11:07 PM

You need to enroll in HJT Classes, I guess.

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,089 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:06 AM

Posted 06 April 2009 - 10:58 AM

HijackThis is an advanced enumerator (similar in some respects to a registry editor) that is used to display certain areas of the Windows registry where the majority of malware reside. HijackThis will scan these areas of your system and then create a log to help diagnose the presence of undetected malware in known hiding places. Most of the log entries are required to run a computer and removing essential ones can potentially cause serious damage such as loss of Internet connectivity or problems with your operating system which could preventing it from starting. Using HijackThis requires advanced knowledge about the Windows Operating System and relies on trained experts to interpret the log entries and investigate them in order to determine what needs to be fixed.

And just because you "fixed" something with HJT, that does not mean you have a clean system. There are specific files and folders which must be deleted afterwards. Futher, removing entries in HJT before the problem is properly identified can make the malware undetectable to other detection and removal tools. Full system scanning tools like SUPERAntispywre, Malwarebytes' Anti-Malware, Spybot S&D and SpySweeper will remove the registry entries as well as the related files which results in a more complete removal process. HJT this should only be used to clean up the entries left behind, after you have properly removed the malware.

Since HijackThis is a powerful tool that requires advanced knowledge about the Operating System and can cause system damage if incorrect instructions are given, only designated trained experts are allowed to help people with using HijackThis. If you do not have advanced knowledge about computers or training in the use of this tool, you should NOT fix anything using HijackThis without consulting a expert as to what to fix.

With that said, there are tutorials available for advanced users which will help you understand more clearly about the use of HijackThis and what it does.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users