Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rundll32


  • Please log in to reply
6 replies to this topic

#1 Sarcastikus

Sarcastikus

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 19 August 2005 - 02:45 PM

Hello,

I use Windows 98SE....

In addition to it being constantly present in currently running processes (Ctrl+Alt+Del) I also occasionally get notified that Rundll32 is trying to access the internet, which I don't allow it.

I remember reading somehwere that Rundll32 shouldn't be running constantly, that it doesn't need to access the internet, and that there are a number of spyware, adware, etc. applications that "disguise" themselves as Rundll32. However, since Rundll is a part of Windows I'd guess that simply deleting Rundll files/programs wouldn't be a good idea.

Is there a particular way to tell the difference between the legitimate Rundll and the imposters so that the imposters can be eliminated?

Thanks!
I'd be more apathetic if I wasn't so lethargic.

BC AdBot (Login to Remove)

 


#2 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:09:48 PM

Posted 19 August 2005 - 05:15 PM

Rundll32 is a legitimate Windows file that is used to manage many processes (the shut down process is one of them). If you do have malware it is most likely using this file as part of its routine.

What are you using for anti-spyware/anti-virus programs?

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#3 Sarcastikus

Sarcastikus
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 19 August 2005 - 09:41 PM

Leurgy,

Thanks for the reply!

I'm using Zone Alarm, AVG, Privacy Crusader, and Pop-Up Free PC. They all do fairly well imho, but I've lately been putting up with another bout of pop-up bombardment! Argh!
I'd be more apathetic if I wasn't so lethargic.

#4 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:09:48 PM

Posted 19 August 2005 - 10:05 PM

I'm not familiar with Privacy Crusader, and Pop-Up Free PC. Where did you get those?

Get Ad-Aware SE Personal 1.06 and SpyBot-Search & Destroy 1.4. Run those and see what you find.

Your best option is to post a log in The HiJack forum. See: HOW TO SUBMIT A HiJack This log. You will need to run those two programs as part of the process. Let us know what you find.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#5 Sarcastikus

Sarcastikus
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 20 August 2005 - 06:41 PM

Leurgy,

Privacy Crusader and Pop-Up Free PC are available at http://egeosoftware.com/

I already ran Spybot Search and Destroy and eliminated one problem.

I'll do an Ad-Aware scan tonight and post whatever I find there along with a HJT log in the HJT Forum tomorrow.

I just ran a XoftSpy 4.16 scan and it found some things that Spybot didn't find and which didn't show up when I did the most recent HJT scan, so I'm going to try to determine whether they are false-positives, which I've encountered using various malware scanners.

I'm wondering, though, does Rundll32 ever need to access the internet?

Thanks!

Edited by Sarcastikus, 20 August 2005 - 06:42 PM.

I'd be more apathetic if I wasn't so lethargic.

#6 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:09:48 PM

Posted 20 August 2005 - 06:49 PM

Not for any reason that I'm aware of.

If you go to the Start button, click Run then type in msconfig, look under the Startup tab for any entries you don't recognize.

You can compare your Startup entries (the checked ones) with our Startup Database at the top of this page. If you put in rundll32 there you get a few pages of virus entries.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#7 Sarcastikus

Sarcastikus
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 21 August 2005 - 08:18 PM

There's nothing unusual in msconfig, at least nothing that's checked.

I did a scan using Ad-Aware and eliminated a few things. It's been several days now since Rundll32 has requested internet access, so perhaps the problem has been solved.

I also did a HJT scan and didn't see anything that looked suspicious.

Thanks for your advice, etc.
I'd be more apathetic if I wasn't so lethargic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users