Vigilante
Posts: 1,634 +0
Hey guys, what do you use to see what modules are loaded by rundll32 and svchost?
Because these 2 things are just containers for other things, I need the best way to see what the actual program running is.
For examples, let's say you have a plain old computer that, as far as you know, is not infected with anything and is clean. BUT, here is rundll32 in task manager, and when you close it, it comes right back. And if you wait long enough, you may get more then one copy running.
In my experience, I know various parts of Windows that use rundll32, and when I close the process, so closes the thing I'm running. But in this case, nothing closes, but rundll32 comes right back.
So what do you use to see what process is behind this? I've used a program called Prcvr but it is slightly cryptic.
Because these 2 things are just containers for other things, I need the best way to see what the actual program running is.
For examples, let's say you have a plain old computer that, as far as you know, is not infected with anything and is clean. BUT, here is rundll32 in task manager, and when you close it, it comes right back. And if you wait long enough, you may get more then one copy running.
In my experience, I know various parts of Windows that use rundll32, and when I close the process, so closes the thing I'm running. But in this case, nothing closes, but rundll32 comes right back.
So what do you use to see what process is behind this? I've used a program called Prcvr but it is slightly cryptic.