Hi, quick warning, I'm highly experienced but not very knowledgeable when it comes to computers; I'm almost entirely self-taught and don't know a lot of terminology or how to do many things, but I do have significantly more experience than the average newbie, so I've probably approached things in weird ways and missed things that probably seem obvious to people who learned about computers in more conventional ways.
Anyway. The problem.
I noticed my computer was using way more memory than it usually did. I opened Task Manager and checked Processes, sorting by Memory Usage, and "regsvr32.exe" was using ~200 Megabytes of memory. I killed the process, but it started up again and creeped back up to ~200 MB of memory usage over the course of about 10 seconds. I Googled "regsvr32.exe high memory usage", found few results and most of them were confusing. So (and yes I realize this was stupid and dangerous) I went to the file, changed ownership to Me and gave myself editing permissions, then renamed it to "regsvr321.exe". Then I killed the process again, it didn't restart this time, and my computer still ran fine so I figured I was in the clear.
However, the next day my computer was running slowly again, so I opened Task manager again and this time "rundll32.exe" was using ~200 MB of memory. I looked closer, and realized I had two copies of rundll32.exe running, one of them at reasonable levels and the other one at ridiculous levels. But when I right clicked and hit "show file location", they both went to the same file. I Googled that, got nothing useful, renamed it and killed it the same way I had before, then downloaded and ran Norton Security at various levels of scanning; it found nothing useful.
Today, the same problem happened again, this time with "explorer.exe" which I can't just rename and hope for the best, so now I'm coming to you guys for help, since my previous Googlings led me here a couple times but nobody seemed to be having this problem, or else were given solutions that I didn't understand.
Clearly something else is hiding behind these programs to do things. Also, Norton caught an attack coming through explorer.exe from "scoring24.com Fiesta Exploit Kit Website" and managed to prevent it, but it still can't find the real source of the problem.
Note: I'm using an hp laptop running Windows 7 Home Premium 32bit. Also, I have renamed regsvr32.exe and rundll32.exe back to their original names, and regsvr32.exe is the current culprit facade.
Edited by CallMeCal, 28 August 2015 - 03:52 PM.
Moved from MRL to Am I Infected - Hamluis.