Normal Windows process or trojan ?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by squiggles, Apr 11, 2006.

  1. squiggles

    squiggles Private E-2

    I noticed the process rundll32.exe in my Task Manager the other day,so I look it up at the processlibrary.com database and it said that rundll.exe is a normal Windows process, but that it is also registered as the W32.Miroot.Worm/Trojan.How do I know which one it is ? Thanks in advance.
     
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    if rundll32.exe is located in this C:\Windows\System32 location then its a legitimate windows file, in another then suspect a possible a virus, BUT DO NOT DELETE until confirmed otherwise windows will fail as this is a crucial system file.
     
  3. squiggles

    squiggles Private E-2

    Thanks for your reply to my thread Halo. Besides C:\Windows\System32, I also found rundll32.exe in C:\Windows\ServicePackFiles\i386, C:\Windows\$NtServicePackUninstall$, and C:\I386. What do you think I should do with these ? Thanks again.
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Nothing! They are all valid.
     
  5. squiggles

    squiggles Private E-2

    Chaslang, you da man! Thanks! ;)
     
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member


MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds