Rundll32.exe all over the place!

  Phrixos 18:02 15 Jun 2012

Hello, A system scan tells me that Windows Host Process Runddl32.exe is running on startup as an optional item. I thought Rundll32.exe is a necessary process. (Comments?) Beyond that, I searched my entire system for Rundll32.exe--expecting to find it only in the Windows System 32 folder. Anywhere else, it is supposed to be a virus--but now I'm wondering about that.

There is a copy of it (195Kb) in, of all places, Malewarebytes Chameleon Folder. What's it doing there? And if it doesn't belong there, why has Malewarebytes not found something suspicious within its own folders?)

There are two copies of Rundll32.exe.mui (3kb) in the Sys32 (en-us) file.

Then there are two more copies of it in what I can only describe as

x86_microsoft-windows-rundll32 (...blah,blah,blah...) C:\Windows\winsxs file.

Should any of THOSE there?

All observations welcome.

  rdave13 22:20 15 Jun 2012

Run your anti-virus in safe mode first as well as MBAM. See what comes up.

  Phrixos 10:30 16 Jun 2012

Hi rdave13 and thanks for the response and advice.

Odd thing. I have two hard disks, properly registering in my BIOS's booting sequence. On trying to boot into Safe Mode, F8 brings up the disk sequence and after choosing the correct (first) disk, it brings up a "BOOTMGR is missing" error message. But my computer boots just fine; so why do I get the error message only then.

  Phrixos 19:28 16 Jun 2012

Another case of problems upon problems, when trying to fix the boot manager (by running bootrec.exe) I am told to use the command, "/FixMbr"--only to be told then that "'/FixMbr' is not recognized as an internal or external command, operable program or batch file"

I don't get it.

  Marc Stephen 16:18 17 Jun 2012

Try This One

• Click start to open the menu. • Click run. • Type ‘msconfig’ in the input field. • Click ok. The System Configuration Utility should open. • Once the System Configuration Utility opens, choose the selective startup option by clicking in the small circle in front of it. Deselect all but one choice listed below it. It doesn’t matter which one, because you will need to do this until you have covered each one of the choices. • Click ok. • Reboot your computer. • Once this process identifies the item that is at the root of the rundll problem, you move to the next step. Select the tab at the top of the System Configuration Utility Window that corresponds to the item that has been identified. • Deselect all but one of the choices below the tab. • Reboot your computer. If the computer reboots without any problems, continue the process of elimination. Deselect different scenarios until you identify the problem. Reboot. • Once you identify the problematic item, you are finished with this procedure.

More info here:

  rdave13 16:40 17 Jun 2012

Not sure what is happening here. Trying a clean boot as royabriant suggests is a good idea but I'm not sure it will find anything. The boot manager error is puzzling as you can obviously boot-up. If,when you tap F8 on boot-up you get the temporary boot sequence pane up, then tapping F8 again will bring the advanced options menu pane so you can select safe mode etc. What is a bit worrying for me is, you might have a certain type of worm malware. I'm not saying you have but it is possible. I would suggest you go to a malware specialist forum, in case running your security software in safe mode brings disaster. I don't know. It might be an OS corruption only.


and here to name two forums that will read a log of your system. Which ever site you search for only use one as it is an on going process. If no rootkits or worms found then start a new thread here if is an OS corruption.

