How to tell if Windows host process (Rundll32) is malware or not?


  1. Posts : 62
    Windows 7 Home Premium 64bit
       #1

    How to tell if Windows host process (Rundll32) is malware or not?


    Greetings,

    I am in need of some assistance about the Windows host process (Rundll32). Just today as I was looking through my icons in my taskbar on my standard account, I noticed that there was a process labeled "Windows host process (Rundll32)" and I don't remember ever seeing it before (if not maybe once). But after doing some research, I did the following:

    1.) I did a search in my Disk Drive and noticed that the only Rundll32 files on my computer were the ones that are with my amd processor, the default windows location files, and Malwarebytes Pro.

    2.) I have done numerous full, quick, and flash scans with Malwarebytes Pro and Microsoft Security Essentials but nothing is detected.

    3.) I have tried going into safemode, but it still appears in the list,

    4. I logged on into the Administrator account, and noticed that the process labeled "Windows host process (Rundll32)" is not on the list anywhere (I only use the Administrator account for installing programs only, nothing else. I use a standard account for everything else).

    5.) After reading some research, I noticed that it could be some of the programs I have installed on my computer that maybe using it. However; I can not determine which ones it could be. Here is the list of the programs I have installed and what the taskbar looks like.

    6.) I viewed my running processes in task manger and it does not appear.

    Although the icon has not appeared at all or gives me notifications, it still worries me. So is this a virus that's harmful to my computer? Please let me know.

    Thank you so much for your assistance. :)
    Attached Thumbnails Attached Thumbnails How to tell if Windows host process (Rundll32) is malware or not?-capture.jpg   How to tell if Windows host process (Rundll32) is malware or not?-capture2.jpg   How to tell if Windows host process (Rundll32) is malware or not?-capture3.jpg   How to tell if Windows host process (Rundll32) is malware or not?-capture4.jpg   How to tell if Windows host process (Rundll32) is malware or not?-capture5.jpg  

      My Computer


  2. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #2

    Determining If RunDll32.exe Is Legitimate or Malicious


    Search all drives in Windows for any duplicates of RunDll32.exe. The legitimate copy of RunDll32.exe can be found in \Windows\System32\rundll32.exe. Any other copies should be deleted. The Windows Task Manager can also determine any malicious copies of the file; press ctrl-alt-del to run the task manager, click the "processes" tab and hover the mouse over all instances of RunDll32.exe. The true identity of all malicious copies will show up.
      My Computer


  3. Posts : 62
    Windows 7 Home Premium 64bit
    Thread Starter
       #3

    I did a search on my computer and here are the results. It looks like the only Rundll32 files that appeared were the ones that were already installed on this computer (besides malwarebytes).

    I also ran task manager and I did not see no Rundll32 processes running.

    I don't know if this helps but I am using a Windows 7 64-bit operating system. Sorry for not mentioning it earlier. I hope somehow this helps.
    Attached Thumbnails Attached Thumbnails How to tell if Windows host process (Rundll32) is malware or not?-capture.jpg  
      My Computer


  4. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #4

    That looks fine to me. A good application to have on hand, is Process Explorer. Read about it here and download: Process Explorer
      My Computer


  5. Posts : 62
    Windows 7 Home Premium 64bit
    Thread Starter
       #5

    Ok. Once downloaded what do I do?
      My Computer


  6. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #6

    Let's see what's going on ...
    Download DDS from one of these links:
    DDS.com

    DDS.pif
    • Disable any script blocking protection (such as Norton Antivirus)
    • Double click the dds icon to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt <--- will be minimized in the task tray
    • Save both reports to your desktop.
    Include the contents of both logs in your next post.


    You can copy and paste the logs, but you can also upload both logs (preferred) by following these instructions:Screenshots and Files - Upload and Post in Seven Forums
      My Computer


  7. Posts : 62
    Windows 7 Home Premium 64bit
    Thread Starter
       #7

    Here are the logs you requested. Sorry for not responding back sooner.
    How to tell if Windows host process (Rundll32) is malware or not? Attached Files
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 05:21.
Find Us