Suspected rundll32.exe infected

By phonb
Mar 19, 2008
  1. The windows app rundll32.exe has been running constant in task manager for a couple days now. Memory usage ranges 48k - 6000k. Seems to affect performance of cpu taxing applications and games. Size of the file in my windows/system32 directory is 32kb. I read somewhere that the rundll32.exe should be smaller than this. Scanned comp for spyware/malware/virus and cleaned a few files. I think anitvirus skips over this file because its a windows exe. Although the rundll32 process still begins at startup and does not disappear. I'll force close it and have no problems running my system. Is there a way to replace this file safely?
  2. phonb

    phonb TS Rookie Topic Starter Posts: 45

    after further examination of task manager. winlogon.exe is also open. I dont recall this process being constantly open in the past...
  3. kritius

    kritius TS Guru Posts: 2,084

    winlogon.exe is a process belonging to the Windows login manager. It handles the login and logout procedures on your system. This program is important for the stable and secure running of your computer and should not be terminated.
  4. acidosmosis

    acidosmosis TechSpot Chancellor Posts: 1,350

    You can close any process that you wish and it won't physically harm anything. It may close applications that you are using by doing so, but the worst case scenario is having to restart.

    Did you scan with AV software? You didn't mention anything further about an infection.

    If you suspect that there is a problem with RUNDLL32.EXE, open a command prompt (type "CMD" in Run) and type "SFC /SCANNOW". I'm not entirely sure if RUNDLL32.EXE is one of the files that it checks, but I would assume so. If it finds a problem with the file, you will need your Windows CD.

    Either way, go ahead and perform a virus scan. It can't hurt and since you think something is wrong, it's one of the first steps. If you don't have AV software installed and are having trouble installing anything at this point, try an online scan.

    I hate Symantec AV, but it's only an online scan and you're not having to install that piece of crap. :p

    By the way, I know everyone has a slightly different opinion about their favorite anti-virus software, but personally I like Avast because of it's boot-time scan feature. Viruses are tricky to get rid of while the OS is running and the boot-time scan gets around that. So, if you need one, that is what I recommend.
  5. phonb

    phonb TS Rookie Topic Starter Posts: 45

    Thx acidosmosis. I scanned with my Comodo Firewall, and AVG Free Edition and came up clean. I also ran a scan with Spybot SD and successfully deleted two trojans.

    I did the suggested check of scanning my windows files in CMD and it did come up asking for my Windows XP SP2 disc. However, the task does not recognize it as the correct cdrom (of which I am positive it is). Now before I go to reinstall windows I want to be sure none of my files/settings/themes/etc will be affected. Also upon further exploration of the windows cd I found the file RUNDLL32.EX_ . Is it safe to rename this file to replace the suspected corrupt one in the system32 folder?
  6. acidosmosis

    acidosmosis TechSpot Chancellor Posts: 1,350

    Not sure. I doubt it's that simple though. I can't remember what purpose those .EX_ files serve. Then there is always a chance that it may be corrupted too. I doubt it's infected, but that's also possible (if there was an infection).

    When you say it doesn't recognize it as the correct CD-ROM, are you saying it doesn't think that the Windows XP CD is the correct CD? If you have SP2 installed, the Windows XP CD needs to be a Windows XP CD with SP2. If you have SP2 installed, are you sure that the CD you have is a SP2 CD? If it's not a SP2 CD then I'm not exactly sure how to get around that. I'm assuming you could download SP2, extract the files and burn them to a CD with the I386 folder in the same place that it is located on a Windows XP CD.

    It would be a lot easier if they would just let you point it to another location to find the files that it needs. That's one thing I hate about System File Checker. I wonder if they changed that in Vista.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...