Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Host Process rundll32 in Startup


  • Please log in to reply
12 replies to this topic

#1 Draclvr

Draclvr

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 30 June 2013 - 05:21 PM

An elderly friend is having slowdown issues on her computer.  It is a custom built machine with plenty of processor, RAM etc.  She is running 64-bit Windows 8 - and loving it, by the way.  She sent me a list of what is in her startup programs and I see the Windows Host Process listed at startup.  I do not have this in my startup...  it indicated that it is a "medium" user of resources.  She is extremely vigilant about her anti-virus scans (using the default Windows Defender and Malwarebytes Pro).

 

The myriad of hits on Googling this question has only raised more questions for me.  Any thoughts on this being in her startup programs?  Can it safely be disabled?  I'm usually ruthless about disabling stuff in startup, but she lives halfway across the country and I don't want to hose her computer.


Edited by Draclvr, 30 June 2013 - 05:23 PM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,536 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:05 AM

Posted 01 July 2013 - 01:25 PM

It could be anything. If you run process explorer and double-click on the rundll32.exe process, under the Image tab you can see the full command line for the program and the DLL that is being launched. If you can provide that info, I can tell you if its legit or not. C:\Windows\System32\rundll32.exe is a legitimate programs, but what it is launching may not be.

#3 Draclvr

Draclvr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 01 July 2013 - 04:28 PM

Thanks...  I'll have her do that and see what we find.



#4 Draclvr

Draclvr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 02 July 2013 - 01:51 PM

In Windows 8, there was no option to expand the Windows Host Process in the process explorer.  However, when I had her click on the Details tab, the process was only listed as rundll32 with the detail on the right listed as Windows Host Process.  I'm thinking it is a legitimate process, but I still don't like seeing in in the Startup programs.  This is a screenshot of her Process Details.

 

info.PNG



#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,536 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:05 AM

Posted 02 July 2013 - 03:17 PM

Right cliock on that particular rundll32 process and go into properties. It should give more information.

#6 Draclvr

Draclvr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 02 July 2013 - 07:26 PM

Unless you see something here I don't, I'm going to assume this is really running a Windows process, not some malware and she can safely disable it in the Startup programs.  Or should I have her look in the System 32 file?  This individual is 89 years old and dearly loves her computers, especially her Windows 8 PC.

 

general%20tab.PNG  details%20tab.PNG


Edited by Draclvr, 02 July 2013 - 07:27 PM.


#7 slgrieb

slgrieb

  • Members
  • 270 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas Panhandle
  • Local time:10:05 PM

Posted 02 July 2013 - 08:51 PM

One of the biggest problems about diagnosing slow computer performance is simply defining it. Part of the issue is perception. A new computer seems much faster than the machine it replaced, but as the user gets used to the new platform, it seems to slow down.

 

A common cause of complaints about performance is response on the Internet. The Yahoo Toolbar is a perfect example of software that will dramatically slow down your browser at start up. Takes a long time to retrieve those user settings and buttons. You could also suggest some online Internet connection test tools like speedtest.net and pingtest.net. Your biggest challenge, I think, is going to narrowing down her performance issues to a point where you clearly understand them and can get a handle on the problem.


Yes, Mr. Death... I'll play you a game! But not CHESS !!! BAH... FOOEY! My game is... 
WIFFLEBALL!

 


#8 Draclvr

Draclvr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 02 July 2013 - 10:25 PM

I have done just that and her performance issues are definitely related to her internet.  She is ruthless about not allowing toolbars of any kind and keeping her computer cleaned up.  I just worked on a laptop for a family member which I was told had a virus and was barely running.  I removed no fewer than 9 toolbars, almost all of which were nothing more than adware.  No viruses, just adware and spyware.  The young man was schooled on never downloading another toolbar and to be vigilant for foistware offered in any downloads.  After removing over 9 GB of temp files and other junk, it ran like it was brand new.


Edited by Draclvr, 02 July 2013 - 10:26 PM.


#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,536 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:05 AM

Posted 03 July 2013 - 07:27 AM

My guess is the rundll32 process and what its starting is indeed legitimate but still not 100% sure. Not sure why its not showing the command line for the argument. May be easier to see using rundll32.exe. Regardless, it does not appear to be using enough memory or cpu power to affect the computer to much so may not be worth focusing on it.

If the performance is an internet issue, you need to determine what exactly is considered the performance problem. Is it delays in visiting web pages, opening browser, or just that pages take too long to download? Some things to try are to load the browser in IE Safe Mode (iexplore –extoff”), run a speed test, etc.

#10 Draclvr

Draclvr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 03 July 2013 - 07:45 AM

Thanks, Grinler.  The slowness issues are all of the above as far as the internet is concerned.  She's using Firefox as her default browser, but gets the same behavior in IE.  I'm having her boot up her Windows 7 laptop to see if she gets the same behavior.  I really think the issue is with her ISP and she can't really afford a higher speed package.  Ah, well thanks for the backup on the rundll32 issue.



#11 stardreamer

stardreamer

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 23 September 2013 - 09:51 AM

When leaving my laptop idol for any period of time I will find it running hot and always see that rundll32 process is the reason.  When I end that process the laptop immediately cools down.  I read through this thread and ran the process explorer on it and the command line comes up with 

 

 

"C:\Windows\SysWOW64\rundll32.exe" C:\Users\Donna\AppData\Roaming\BABSOL~1\Shared\BUSOLU~1.DLL,EPUpdate Ret#SCH

 

Does this look authentic to you?



#12 Draclvr

Draclvr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 PM

Posted 23 September 2013 - 10:04 AM

stardreamer, from what I found in a couple of searches is that this may have something to do with Babylon, one of the most aggravating and annoying things out there.  If you see BabMaint in your running processes, that is probably it.  Look for anything related to it in your add/remove programs and run your anti-virus and your anti-malware software.  They may or may not find anything, but some scans sound like a good thing to do.  Do a search on BabMaint or Babylon to find out how to get rid of it.  Be careful because my WOT (Web of Trust browser add-on) flagged a couple of search results as bad sites.  Or better yet, ask the good folks here at Bleeping Computer to give you a hand.  They are the best.



#13 stardreamer

stardreamer

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 23 September 2013 - 10:33 AM

Draclvr, thank you very much.  I suspect you are correct in your assessment because I remember seeing Babylon in some of my files somewhere.  Will do a search now.  Again, thank you.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users