• We are currently performing site maintenance, parts of civfanatics are currently offline, but will come back online in the coming days. For more updates please see here.

Virus question: rundll32

Drewcifer

Drewcifer

Agent of Karma
Joined
May 1, 2002
Messages
3,748
Location
Minneapolis
I seem to have a virus in a file called Windows/rundll32.exe. It is a Trojan Horse virus. Norton Anti-Virus can't seem to quarentine it. I have Windows XP home edition. Does anybody know what this is and how I can get rid of it?
 
rundll32 is a program that windows uses to run various dlls on your system. Things like your system properties, and others. I don't have the list at my fingertips, but it is used.

Have you tried going to Symantec and seeing if they have a virus removal tool?
 
Originally posted by Turner_727
rundll32 is a program that windows uses to run various dlls on your system. Things like your system properties, and others. I don't have the list at my fingertips, but it is used.

Have you tried going to Symantec and seeing if they have a virus removal tool?
Click to expand...
No I just found out I have the virus. I think I will unplug my computer and try that tomorrow.
 
Originally posted by kcwong
Try to find out the name of the virus... we cannot help if we do not know what it is.
Click to expand...
The virus is actually called Trojan Horse, it is not just the type.
 
rundll32.exe is an OS protected file. In Windows 2000 the file is in C:\WINNT\system32 and there is a backup of it kept in C:\WINNT\system32\dllcache. My suggestion would be to delete both files. Windows will give you an error in a few seconds to a few minutes and as you for the Windows CD so it can copy over that file. The problem should then be solved unless you are running a different program (ie game/app crack) that keeps infecting the rundll32.exe file. Good luck....and as always, use advice at your own risk. :D
 
No! Don't EVER delete system files unless you KNOW for sure what you are doing!!

I have seen similar virii that call themselves the same as a system file but in a different location. DLLHOST.EXE is a common example of this, but any system file name can be used.

It is very important NOT to delete the REAL system files with the same name or you could trash your system. You MUST use a removal tool (or you can try just killing the process from task manager and removing it from the filesystem).

In this example there will be a process running called rundll32.exe in your task manager. Kill it from there and then remove the file. You should also check the following locations and remove any references to the file:

Windows Startup folder (possible shortcut to rundll32.exe)
'Run' key in registry: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" (possible entry to start the file when windows starts).

Whatever you do, just remember NEVER to delete a system file unless you are happy to do a full reinstall!

p.s. Some virii/trojans exist where they prevent you from terminating a process - some also install themselves as services, and some stop you opening regedit.exe. All of these things can be countered without removal tools and anti-virus programs, but some of the removal processes can be extensive and painful.
 
You must log in or register to reply here.

Similar threads

K
Slow launch time
Replies
2
Views
262
Walter Hawkwood
Walter Hawkwood
CainStar
C2C gives error at launch, but normal Civ4 doesn't work either.
Replies
3
Views
165
JL1312
J
W
Settings don't save
Replies
0
Views
300
wesplaysciv
W
D
Game won't start
Replies
1
Views
331
Taccola
Taccola
Plymouth
Perhaps a silly question: what files are safe to edit?
Replies
2
Views
370
Plymouth
Plymouth
Back
Top Bottom