Author Topic: rundll.exe (Read 310 times)

JB88 · « **on:** November 25, 2006, 07:42:55 AM »

okay, i think that i have read somewhere that this process should NOT be running on my system...i have been using the enditall program and i have been killing it, but i am wondering if there is a way to either exorcise it from my system entirely (is this a bad thing to do...do i need it for good things?) or is it possible to find out what is causing it to run?

help!

NHawk · « **Reply #1 on:** November 25, 2006, 09:30:18 AM »

Rundll.exe loads and runs 16-bit DLLs, and rundll32.exe loads and runs 32-bit DLLs.

There is nothing wrong with having them on your system so long as they are both the actual microsoft product.

If you have an XP system and you see plain rundll.exe, it usually means you have an old 16-bit program on your system that you run OR sometimes spyware. BIG sometimes, it's very unusual.

If it appears after re-boot without running anything I'd start checking my system. If it appears after running an old program it's pretty much normal.

Skuzzy · « **Reply #2 on:** November 25, 2006, 09:37:35 AM »

Actually it is not that unusual for it to be an indicator fo spyware/malware/virus activity. If your CPU usage is abnormal and rundll32.exe is in the list, then there is a good chance it is something running you do not want to be running.

It is one of the tools of the spyware/malware programmer so they can hide the actual program that is running.

Normally, rundll32.exe will run only when a program needs it. If it is permanent;y showing up, then there is something running in the background you probably do not want running.

JB88 · « **Reply #3 on:** November 25, 2006, 09:53:29 AM »

Quote

Originally posted by Skuzzy
Actually it is not that unusual for it to be an indicator fo spyware/malware/virus activity. If your CPU usage is abnormal and rundll32.exe is in the list, then there is a good chance it is something running you do not want to be running.

It is one of the tools of the spyware/malware programmer so they can hide the actual program that is running.

Normally, rundll32.exe will run only when a program needs it. If it is permanent;y showing up, then there is something running in the background you probably do not want running.

thanks skuzzy

is there a way to isolate the process which is executing it?

Skuzzy · « **Reply #4 on:** November 25, 2006, 10:21:17 AM »

You have to find the guy that is starting up. It will be in msconfig, services, or directly in the Windows registry (look for the word runas and/or runonce).

JB88 · « **Reply #5 on:** November 25, 2006, 11:46:26 AM »

shall do. thank you.

LTDMonte · « **Reply #6 on:** November 25, 2006, 05:58:09 PM »

i use startup mechanic to identify and permanently disable items...works great will useally tell you if it is an actual ms program or malware