Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Two rundll32s - paranoid?


  • Please log in to reply
5 replies to this topic

#1 RaveBlack

RaveBlack

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 20 August 2015 - 10:13 AM

After the last big Windows 7 update, off and on (sometimes it's there, sometimes not) I started seeing two rundll32.exes in my Task Manager where there was once one. I already knew where the first one came from (an unrelated and safe program), but the second one was new to me. I pulled it up in Process Explorer and checked the command line, got "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding". Furthermore, the rundll32.exe icon has changed to a webpage icon, which I've heard can either be a bad thing or not. ESET and MBAM didn't pick up anything wrong, so should I really worry or is this a legit thing and I'm just being paranoid?


Edited by RaveBlack, 20 August 2015 - 10:29 AM.


BC AdBot (Login to Remove)

 


m

#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,469 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:10 PM

Posted 20 August 2015 - 04:03 PM

Most likely legit:

http://www.sevenforums.com/performance-maintenance/218109-rundll32-exe-running-all-time.html

http://www.howtogeek.com/forum/topic/shell-hardware-mixed-content-handle


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 RaveBlack

RaveBlack
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 21 August 2015 - 09:07 AM

That's exactly what this seems like, right down to it being under my username. I'm not sure why it'd be showing up just after booting up when I'm not trying to run anything, but it just sits there when it does and doesn't take up excess CPU or memory, so I should be able to just leave it alone, right?


Edited by RaveBlack, 21 August 2015 - 09:09 AM.


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,469 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:10 PM

Posted 21 August 2015 - 02:53 PM

Yes.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 RaveBlack

RaveBlack
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 23 August 2015 - 07:21 AM

OK. Thank you very much!



#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,469 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:10 PM

Posted 23 August 2015 - 03:55 PM

You're very welcome p22002759.gif


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users