What is rÅndll32.exe

Discussion in 'Malware Help (A Specialist Will Reply)' started by renesisspeed, Oct 19, 2004.

  1. renesisspeed

    renesisspeed Private E-2

    what is it and how do I get rid of it? any help would be greatly appreciated. All i know is it is linked with internet explorer, when ever a new page is opened or ie launches the process starts. I ran multiple scans and couldn't find it. Again any help is much appreciated, thanks.
     
    renesisspeed, Oct 19, 2004
    #1
  2. Kodo

    Kodo SNATCHSQUATCH

    Kodo, Oct 19, 2004
    #2
  3. bhalverson

    bhalverson Private E-2

    rÅndll32.exe seems to impersonate rundll32.exe. It is not listed as a file anywhere on the hard drive, however, if you show hidden files and folders, you will find that you have a SECOND rundll32.exe in your System32 subdirectory, only this one is hidden, has a more recent date (like xx xx, 2005)and has a different icon than the original... Killing the rÅndll32.exe process and deleting this second, hidden one (or just moving it to a "suspicious files" subdirectory) will cause it to not be launched at startup.

    BTW, NONE of the conventional means of detecting this worked - anti-virus (several products), spybot, adaware, etc, etc.

    What it was hooked to, how it changes it's name, and why it is able to violate the rule of no two files having the same name occupying the same subdirectory, even what it does, I do not know... I only know it doesn't launch anymore...

    Now...what else is lurking in the newly super-clean computer?

    Brian
     
    bhalverson, Jan 27, 2005
    #3
  4. TheOldThug

    TheOldThug First Sergeant

    Hi

    Viruses often have strange names, and they can change them. That is why it is important to do the following as KODO said.
    This site has alot of good tools for cleaning up your computer. It's very important that the first thing you do is the following:

    First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal.
    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

    Try this... you may find it's all you need. If not post your results and I am sure one of the PROS can help you. These guys are quite busy, as you can see by the number of posts, so hang in there. Good Luck!! :)

    TheOldThug
     
    TheOldThug, Jan 27, 2005
    #4
  5. Kodo

    Kodo SNATCHSQUATCH

    ok, this is a way old thread.. we don't even know if the problem is active.
     
    Kodo, Jan 27, 2005
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds