Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How to tell if Windows host process (Rundll32) is malware or not?

27 Jan 2014   #1
SaraBrown93

Windows 7 Home Premium 64bit
 
 
How to tell if Windows host process (Rundll32) is malware or not?

Greetings,

I am in need of some assistance about the Windows host process (Rundll32). Just today as I was looking through my icons in my taskbar on my standard account, I noticed that there was a process labeled "Windows host process (Rundll32)" and I don't remember ever seeing it before (if not maybe once). But after doing some research, I did the following:

1.) I did a search in my Disk Drive and noticed that the only Rundll32 files on my computer were the ones that are with my amd processor, the default windows location files, and Malwarebytes Pro.

2.) I have done numerous full, quick, and flash scans with Malwarebytes Pro and Microsoft Security Essentials but nothing is detected.

3.) I have tried going into safemode, but it still appears in the list,

4. I logged on into the Administrator account, and noticed that the process labeled "Windows host process (Rundll32)" is not on the list anywhere (I only use the Administrator account for installing programs only, nothing else. I use a standard account for everything else).

5.) After reading some research, I noticed that it could be some of the programs I have installed on my computer that maybe using it. However; I can not determine which ones it could be. Here is the list of the programs I have installed and what the taskbar looks like.

6.) I viewed my running processes in task manger and it does not appear.

Although the icon has not appeared at all or gives me notifications, it still worries me. So is this a virus that's harmful to my computer? Please let me know.

Thank you so much for your assistance.




Attached Thumbnails
How to tell if Windows host process (Rundll32) is malware or not?-capture.jpg  
Attached Images
How to tell if Windows host process (Rundll32) is malware or not?-capture2.jpg How to tell if Windows host process (Rundll32) is malware or not?-capture3.jpg How to tell if Windows host process (Rundll32) is malware or not?-capture4.jpg How to tell if Windows host process (Rundll32) is malware or not?-capture5.jpg 
My System SpecsSystem Spec
.
27 Jan 2014   #2
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Determining If RunDll32.exe Is Legitimate or Malicious


Search all drives in Windows for any duplicates of RunDll32.exe. The legitimate copy of RunDll32.exe can be found in \Windows\System32\rundll32.exe. Any other copies should be deleted. The Windows Task Manager can also determine any malicious copies of the file; press ctrl-alt-del to run the task manager, click the "processes" tab and hover the mouse over all instances of RunDll32.exe. The true identity of all malicious copies will show up.
My System SpecsSystem Spec
27 Jan 2014   #3
SaraBrown93

Windows 7 Home Premium 64bit
 
 

I did a search on my computer and here are the results. It looks like the only Rundll32 files that appeared were the ones that were already installed on this computer (besides malwarebytes).

I also ran task manager and I did not see no Rundll32 processes running.

I don't know if this helps but I am using a Windows 7 64-bit operating system. Sorry for not mentioning it earlier. I hope somehow this helps.


Attached Images
How to tell if Windows host process (Rundll32) is malware or not?-capture.jpg 
My System SpecsSystem Spec
.

27 Jan 2014   #4
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

That looks fine to me. A good application to have on hand, is Process Explorer. Read about it here and download: Process Explorer
My System SpecsSystem Spec
27 Jan 2014   #5
SaraBrown93

Windows 7 Home Premium 64bit
 
 

Ok. Once downloaded what do I do?
My System SpecsSystem Spec
27 Jan 2014   #6
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Let's see what's going on ...
Download DDS from one of these links:
DDS.com

DDS.pif
  • Disable any script blocking protection (such as Norton Antivirus)
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt <--- will be minimized in the task tray
  • Save both reports to your desktop.
Include the contents of both logs in your next post.


You can copy and paste the logs, but you can also upload both logs (preferred) by following these instructions:Screenshots and Files - Upload and Post in Seven Forums
My System SpecsSystem Spec
29 Jan 2014   #7
SaraBrown93

Windows 7 Home Premium 64bit
 
 

Here are the logs you requested. Sorry for not responding back sooner.


Attached Files
File Type: txt attach.txt (14.2 KB, 2 views)
File Type: txt dds.txt (19.4 KB, 2 views)
My System SpecsSystem Spec
Reply

 How to tell if Windows host process (Rundll32) is malware or not?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
windows host process rundll32 has stopped working?
I keep on getting this error every once a while..I noticed it keeps un poping when I close apps like for ex. hypercam and some other apps.I did screenshot about the error and screenshot in event viewer: What could cause this and how to fix it?
General Discussion
host process for windows services
I have one svchost.exe that is using over a GB of memory. I have stopped those services that are non-essential for MY use. Why the heck is this single host using so much memory and how can I safely reduce it? PID is 346. I have 8 GB RAM but since this has increased in usage, my system just keeps...
General Discussion
Host process for windows services
I have W7 32 bit on my laptop and W7 64 bit on the desktop, both Home Premium. Every time I go online with the desktop it starts a download according to NetLimiter. The download appears as Host process for Windows services and it expands to process 720 and then to 92.122.126.243:80. I use 3G mobile...
General Discussion
Host Process Rundll32 has stopped working
Well I'm using Windows 7 for a week, and the first two days it was running without errors, but i start to install all my programs and drivers, for my mouse, keyboard, some games, and other programs. And now every single time i start my windows, pass like 5 minutes and pops up an error Host...
BSOD Help and Support
Host process for windows tasks
Hi all First post ;) I am using AVG firewall and get a connection attempt from a process called "host process for windows tasks", IP address 65.55.22.252 :80. I believe that is a Microsoft IP address but I could be wrong. I read that this process is a general process and could be any app,...
General Discussion
Host Process for Windows Tasks has stopped working
I get this error at irregular intervals. Anyone else having the same problem?
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:50.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App