Problem with virus/unkown folder

  gplatt2000 13:07 17 May 2003

I have found out that I have a virus. In PROCESSES it is called rundll32 and sometimes rundll16 - according to a list of proceesses on the internet, it is a virus. However, Nowrton Doesnt Detect it. I have deleted it from the Windows folder but it still runs. In progtram files there is a read-only file alled 'rb32'with an executable folder with the same nam - is this anything to do with the virus? Can I delete if i stop it being read-only or will it affect Windows (XP). Thanks a lot in advance, Gavin

  BigMoFoT 13:15 17 May 2003

rundll32 is not a virus mate - it is a windows process that registers various dll's (I think but not sure!) Anyway you can disable it in msconfig as I don't think it's critical..

  gplatt2000 13:18 17 May 2003

OK, Thanks a lot. What about that rb32 folder?

  VoG™ 13:20 17 May 2003

Homepage hijacker (?) click here

Has your homepage changed?

  gplatt2000 13:28 17 May 2003

No, still Google.
Found this:
X Rundll16 Rundll16.exe Added as a result of any number of VIRUSES!
X Rundll32 (1) Rundll32.exe Added as a result of the DVLDR VIRUS! Note - this is not the valid "Rundll32.exe" as it's in the Windows\Fonts directory

  bvw in bristol 13:29 17 May 2003

Windows NT/2000/XP
To end the Trojan process:
a. Press Ctrl+Alt+Delete once.
b. Click Task Manager.
c. Click the Processes tab.
d. Double-click the Image Name column header to alphabetically sort the processes.
e. Scroll through the list and look for the following:

NOTE: If the Trojan is running, you will see two explorer.exe entries in the list. To find which is the AT&T VNC server for each explorer.exe entry, look at the values for PID and Mem Usage. The AT&T VNC server disguised as explorer.exe will have a higher PID number and lower Mem Usage than the legitimate explorer.exe.


f. For each one that you find, click it, and then click End Process.
g. Exit the Task Manager.

click here for the full removal instructions.

  VoG™ 13:33 17 May 2003

Norton should detect it click here

  jazzypop 13:34 17 May 2003

According to click here ( a very respected source) rb32.exe is an adult content hijacker.

See click here for info about hijacking.

I recommend that you download and run AdAware, and Spywareblaster - Google will find them both for you.

  BigMoFoT 13:40 17 May 2003

Rundll32.exe is not a virus - but I suppose it could get corrupted?? Stiil it's not a virus

  gplatt2000 13:54 17 May 2003

OK, thanks everyone. I'll keep you informed on my progress.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

AMD Radeon Adrenalin release date, new features, compatible graphics cards

Artist Pete Oswald on creating relatable characters & his new book

New iMac Pro release date, UK price & specs rumours

Idées cadeaux pour geeks et tech addicts