Hi All, I have got 2 DC bother running GC, DC, AD & DHCP services. I have same problem on both the servers, I have got multiple rundll32.exe in my task manager each consuming approx 1 MB memory and i have around 100 or more process instance running on both these servers. The total process numbers in task manager ranges all the time between 194 - 278 on both the servers!!!! Is this some virus / Trojan or something. I ran full antivirus scan and full spyware scan separately from Symantec by both of them gave "0" threats found result even when i ran in-depth scan I even tried with other antivirus software but still the same result. I know this definitely some loop hole or some Trojan which is not getting detected by my AV can any one please suggest me what to do? I even rebooted the servers one - by - one but after successful boot, after 20 minutes these processes again appear in my Task Manager... Thank you all...Apoorv Mehrotra

Hi, Whats the Operating System version? Please first make sure the system is up to date with the latest security updates and Service Pack. If the problem continues, I suggest you use Process Explorer to analyse the suspect process. Process Explorer v15.13 http://technet.microsoft.com/en-us/sysinternals/bb896653 Regards, Bruce

Hi Brude, OS=WIN2K8STD Latest system updates were applied on last Friday (we have a policy to follow to apply updates only on Friday). So we have latest windows updates Full antivirus scan shows nothing though i tried many tools. I am using process explorer and the string which comes in command line is "rundll32.exe eifjfr.lif,timcmyxj". I know this process is screwed with some trojan or something.. But no idea how to sort this one out Thanks...Apoorv Mehrotra

Hi All, Any help any one? 377 views and no help!!!Apoorv Mehrotra

try figuring out what's launching using Autoruns (the same SysInternals) try figuring out if this is somehow connected to printing. Maybe some *very special* printer driver is screwing around try preventing unwanted dll from being launched using Software Restriction Policies - http://blog.windowsnt.lv/2011/06/01/preventing-malware-with-srp-english/ MCITP: Enterprise Administrator; MCT; Microsoft Security Trusted Advisor; CCNA; CCSI