rundll32.exe processing srrstr.dll?

C

Carbonyl

New member
Power User
Local time
4:44 PM
Messages
76
Hi everyone. Just a quick question: Is anyone familiar with this phenomenon? I left my computer idle to work in the kitchen for about 25 min, and when I returned I found that rundll32.exe was running and processing something over and over again. I checked Process Explorer, and found it was running something called srrstr.dll - Which apparently came digitally signed from Microsoft (though I guess that's easy to forge). I'm not sure what it was doing, but it chugged away for an additional ten minutes before it closed itself. Very strange.

Can anyone please advise if this is a nasty? NOD32 and Malwarebytes didn't catch it, if it is. Thank you.
 

My Computer

Computer Manufacturer/Model Number
Custom
OS
Windows 7 RTM
CPU
i7 920
Motherboard
eVGA x58 SLi
Memory
6 GB Patriot
Graphics Card(s)
eVGA GeForce 275 GTX
Sound Card
Soundblaster X-Fi Gamer
Monitor(s) Displays
Acer 225Tw
Hard Drives
WD 1 TB
PSU
Corsair 750 W
Case
Antec Twelve Hundred
Cooling
Stock
Hi, Carbonyl.

srrstr.dll is part of the System Restore process. If a checkpoint was being created, that period of time is a bit lengthy. You may want to check to see if the time the last checkpoint was created approximately matches the time of your investigation.
 

My Computer

OS
Windows 7 & Windows Vista Ultimate
Carbonyl said:
Which apparently came digitally signed from Microsoft (though I guess that's easy to forge).
Click to expand...

Maybe Corrine can confirm, but I don't think it is "easily done"...perhaps not impossible, but very complex. A Guy
 

My Computer

Computer type
PC/Desktop
OS
Windows 10 Home x64
CPU
INTEL Core i5-750 Quad-Core 3.37GHz
Motherboard
ASUS P7P55D
Memory
HyperX Fury Black Series 8GB (2 x 4GB) 1866Mhz
Graphics Card(s)
EVGA GeForce GTX 750 Superclocked 1GB 128-Bit GDDR5
Monitor(s) Displays
LG 32MA68HY 32" IPS
Screen Resolution
1920 x 1080
Hard Drives
Samsung 840 Evo 120GB, SEAGATE 500GB Barracuda® 7200.12, SATA 3 Gb/s, 7200 RPM, 16MB cache
PSU
ANTEC TruePower New TP-550, 80 PLUS, 550W
Case
ANTEC Three Hundred Illusion
Cooling
COOLER MASTER Hyper 212 Plus, 4 x 120mm 1 x 140mm Noctua's
Internet Speed
85 + Mbps
Antivirus
Avast
Browser
Vivaldi
For background on Digital Certificates, see Microsoft KB Article 195724: Description of Digital Certificates

Note the affected software indicated in this Security Advisory is "none". Microsoft Security Advisory (961509): Research proves feasibility of collision attacks against MD5:

General Information

Overview

Purpose of Advisory: To assist customers in assessing the impact of this research announcement on their current certificate deployments.

Advisory Status: Issue Confirmed. No Security Update Planned.
Recommendation: Review the suggested actions and configure as appropriate.
References Identification:
Microsoft Knowledge Base Article 961509

This advisory discusses the following software.
Affected Software: None.
Click to expand...
 

My Computer

OS
Windows 7 & Windows Vista Ultimate
You must log in or register to reply here.
Back
Top