Can rundll32.exe be virus'ed?

The question is this: Is my rundll32.exe (which doesn't - run, that is) a viral replacement, or just an innocent bystander? If it's hosed, can I copy one from one of the other WinXP Pro boxes?

I think it was okay until I ran Norton Removal Tool, preparatory to installing AVG. After NRT ran, rundll32.exe quit working (most of the icons don't load, almost no .exe's will load and run... bad juju).



Background:
I have a post in SOFTWARE, to which this is related (http://forums.majorgeeks.com/showthread.php?t=181258), but this is the right place for this particular question, as far as I can tell. IT may be that the whole thread needs to be moved, because it's looking more like real malware was involved, and not just adware as I had thought.

I thought I might as well see if I can download the other cleaners (SUPERAntiSpyware, etc) while I seek insight into the problem described in the other post. Not only does rundll32.exe not run, but clicking on an .exe file in file explorer doesn't work. They all do the same thing, that is, windows announces that it doesn't know how to handle an .exe and offers to go look on the 'net - which, somehow, I don't think is going to do any good. But it turns out that a few things do work. My Computer (regular ol' File Explorer, right?) runs, and the IE icon on the desktop runs (although trying to run iexplore.exe directly gives the same error message as rundll32.exe, that is "Windows cannot open this file."). Two pecular - and troubling - things happen when IE starts up. First it announces that it isn't the default and wants to know if it should check every time it gets run. Second, some "Windows installer" window pops up, and starts installing something. I kill it immediately, and another one pops up, which I also kill. One - or maybe both - say they're installing MS Small Business something if I let them go a few seconds. I recall having seen this associated with a virus a year or two ago, so unless this needs to be allowed I'm going to keep killing it... it occurred to me that maybe the Norton Removal Tool killed some required part of Windows, and this install will fix it, but somehow I doubt it.

In fact, every time IE opens a new window, and at some jumps between screens in the same window, ONE copy of the "Windows Installer - Preparing to Install" window pops up and starts running with no interaction. And I kill it most immediate.

I can't install the virus-cleaning downloads, because Windows announces it doesn't know what to do with pretty much every executable on the computer. "Windows cannot open this file: xxx.exe To open this file, Windows needs to know what program created it..."

So it looks like I'm stuck on this one, unless there's a way to get Windows stabilized to the point where it will actually follow links and run executables...

 

Still don't know for sure... it seems to be so widely used that it ought to be a good target for viralists but also a closely-watched file for anti-virus s/w.

It doesn't matter now. I gave up and re-installed (actually "repaired") Windows on the machine. Had a bout with video driveritis, got past that.

Still... if you have any insights about rundll32.exe that you think should be shared, I'd love to see them.

 

Yes, I am aware. Note that I stated the problem was "solved" and was only asking for any insight. Perhaps my question should have been "is it likely.." or "does it get targeted often..".

No, it didn't. Did you read what I wrote? I specifically stated that it was "solved", but that I'd still like to see any insights. IIRC, I stated on the other one that I had more information to add and didn't see a way to edit the original, and was not intentionally to bumping it.

I appreciate the fact that you responded. Thank you.

 

It's more of a generalization. While it's true that _in general_ "bumping" can end up causing messages to be passed over by potential helpers and delay possible answers, in the particular instance it didn't, for the simple reason that - as noted - I wasn't waiting for an answer. If there was a way to edit the message after the golden period, I didn't see it. If there is one, either I've got a bad setting somewhere or I just flat missed it. Is there one?

If there isn't, then is there some better way to add information, or correct oversights, after the fact? Sure, I understand the bad side of bumping, but if you can't edit your posts, should you post a separate message, or wait... or what?

You lost me there, two ways. First, I thought I WAS following the procedure, in the midst of which (getting a working A-V program installed) it commenced to get worse to the point that I couldn't go any further (since running NRT nailed it down), which was when I posted that first one; second, in any event, how would that have gotten an answer more quickly?


"In fact, two plus two is five, for sufficiently large values of two."

 

I'll take that as being "No, you can't edit later" and "no further message is acceptable".

As for the rest of it, I had thought my points were clear, namely, that I in fact was following the procedure (which should imply clearly that I did read the stickies), and that I was not intentionally bumping, but attempting to work around what appeared to be the lack of an edit possibility, to clarify the problem (in the first instance). You of all people should be acutely aware of the wild goose chases that occur when seeking to troubleshoot some problems, and it would seem to be a rational addition to attempt to short-circuit some paths that were almost certainly unprofitable. Not being able to execute ANY exe's pretty much derails virtually everything in the cleanup procedures past the point of erasing excess junk, which had already been done.

In future, if I pose a question based on a perceived problem, and it turns out that my perception was wrong (or not explained well), I'll just wait for someone to respond before I say "never mind, it was something else".

I'm not trying to be flippant here, but I was in the middle of what I believed were the suggested procedures - which I have I believe repeatedly stated I had read, believed I understood (including the WHY of them) and was following - when the whole thing went to sh!t... and my attempts to go forward from there seem to inspire you mainly toward repeating this RTFM mantra, complete with explanation of why. All I wanted to know with my last question was whether or not there is either an edit procedure which I had missed or a proposed workaround. I now understand that as I had thought, there are none, and I can proceed from there.

Thanks again.