Sometimes. Viruses have been known to use rundll32.exe To check, run
malwarebytes
Having multiple instances of rundll32 running at the same time is not very suspicious by itself.
rundll32 is a part of Windows used to invoke functions in dll's that are explicitly meant to be called by them (meaning that you can run them from a command line/command line script, or from an executable without linking against the dll that the required function is contained in). For a mor in-depth explanation, see
the MS Knowledge Base.
Also look
here for a description of how you can adjust the table in your task manager to see the entire command line, and so which functions are actually being run by your rundll32. This will also tell you which rundll32.exe is being run (if one of them is in a strange folder, say C:\Program Files\whatever\rundll32.exe,
that would likely be a problem. Both instances should have the same path (this may be different on 64bit systems which may have a separate 32bit version, I'm not sure about that).
The article that you link to is not good advice imho. While a changing symbol for rundll32 is a sign that tells you something is wrong, it is by no means certain that a modification of it would show up in this way!
In terms of advice: First check the file paths of the running rundll32, then check which dll's/functions they are running. If you still have original recovery media (if not, you might be able to get some from your hardware vendor), recover your system from there instead of the hdd image if you're concerned about that.
