RUNDLL32.EXE
Hi All,
I have got 2 DC bother running GC, DC, AD & DHCP services.
I have same problem on both the servers, I have got multiple rundll32.exe in my task manager each consuming approx 1 MB memory and i have around 100 or more process instance running on both these servers. The total process numbers in task manager ranges
all the time between 194 - 278 on both the servers!!!!
Is this some virus / Trojan or something. I ran full antivirus scan and full spyware scan separately from Symantec by both of them gave "0" threats found result even when i ran in-depth scan
I even tried with other antivirus software but still the same result. I know this definitely some loop hole or some Trojan which is not getting detected by my AV can any one please suggest me what to do?
I even rebooted the servers one - by - one but after successful boot, after 20 minutes these processes again appear in my Task Manager...
Thank you all...Apoorv Mehrotra
April 3rd, 2012 3:13am
Hi,
Whats the Operating System version? Please first make sure the system is up to date with the latest security updates and Service Pack.
If the problem continues, I suggest you use Process Explorer to analyse the suspect process.
Process Explorer v15.13
http://technet.microsoft.com/en-us/sysinternals/bb896653
Regards,
Bruce
Free Windows Admin Tool Kit Click here and download it now
April 4th, 2012 1:14pm
Hi Brude,
OS=WIN2K8STD
Latest system updates were applied on last Friday (we have a policy to follow to apply updates only on Friday). So we have latest windows updates
Full antivirus scan shows nothing though i tried many tools.
I am using process explorer and the string which comes in command line is "rundll32.exe eifjfr.lif,timcmyxj". I know this process is screwed with some trojan or something.. But no idea how to sort this one out
Thanks...Apoorv Mehrotra
April 5th, 2012 1:32am
Hi All,
Any help any one?
377 views and no help!!!Apoorv Mehrotra
Free Windows Admin Tool Kit Click here and download it now
April 11th, 2012 5:03am
try figuring out what's launching using Autoruns (the same SysInternals)
try figuring out if this is somehow connected to printing. Maybe some *very special* printer driver is screwing around
try preventing unwanted dll from being launched using Software Restriction Policies -
http://blog.windowsnt.lv/2011/06/01/preventing-malware-with-srp-english/
MCITP: Enterprise Administrator; MCT; Microsoft Security Trusted Advisor; CCNA; CCSI
April 11th, 2012 2:08pm