Here are the results of the scan:
Server response
Results of a file scan
This is the report of the scanning done over "rundll32.exe" file that
VirusTotal processed on 12/05/2004 at 02:27:29.
Antivirus Version Update Result
AntiVir 6.28.0.12 12.03.2004 -
BitDefender 7.0 12.04.2004 -
ClamWin devel-20041018 12.05.2004 -
DrWeb 4.32b 12.03.2004 -
eTrust-Iris 7.1.194.0 12.04.2004 -
eTrust-Vet 11.7.0.0 12.05.2004 -
F-Prot 3.15b 12.03.2004 -
Kaspersky 4.0.2.24 12.05.2004 -
NOD32v2 1.939 12.03.2004 -
Norman 5.70.10 12.03.2004 -
Panda 7.02.00 12.04.2004 -
Sybari 7.5.1314 12.05.2004 -
Symantec 8.0 12.04.2004 -
VirusTotal is a free service offered by Hispasec Sistemas. There are no
guarantees about abailability and continuity of this service. Even when
the detection rate given by the use of multiple antivirus engines is
far superior to the one offered by only one product, this results DO
NOT guarantee the harmlessness of a file. There is no such a solution
that can offer a 100% rate of efectiveness recognizing virus and
malware.
Perhaps it is legitimate.
I did a little more investigation and learned that it was:
C:\WINDOWS\system32\rundll32.exe
that wanted outbound access.
Jim
David H. Lipman wrote:
> DLL -- Dynamic Link Libraries
>
> They are non executable libraries of functions or routines.
> To get a function (or routine) to be executed you can use RUNDLL.EXE
> and RUNDLL32.EXE (depending on the Windows OS)
> For example..
>
> rundll32 MyLibrary.dll,Function_to_run
>
> The above will run run the DLL library routine called Function_to_run
> that is contained in MyLibrary.dll
>
> RUNDLL32.EXE is a MS utility and should be found in the Windows
> directory tree (and in i386)
>
> I would be dubious on the following ...
> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\rundll32.exe
> I don't think it belongs there.
>
> Please submit the "rundll32.exe" that you found in...
> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox
> to...
> http://www.virustotal.com/flash/index_en.html
>
> * * * Please report back your results * * *
>
> Dave
>
>
>
>
> "Jim Seavey" <> wrote in message
> news:...
> > HI,
> >
> > I'm a bit confuesed about the long thread with this title in it.
> >
> > I find four seperate instances of programs titled rundll32.exe on
> > my system.
> >
> > C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\rundll32.exe
> > C:\WINDOWS\ServicePackFiles\i386\rundll32.exe
> >
> > C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8e fd5a9b6f87fff395a2
> > eb98 9\rundll32.exe C:\WINDOWS\system32\rundll32.exe
> >
> > One of them has requested outbound access - this occurred while I
> > was working with Musicmatch Jukebox.
> >
> > Are these someting that I sould be concerneda about?
> >
> > Thanks,
> >
> > Jim
--
NorSea Odyssey
Around The World by BMW Motorcycle
http://www.norseaodyssey.com KF6PMT
"Yeah, I have a hair stylist. His name's helmet."
"If Bill Gates had a nickel for every time Windows crashed....Oh, wait,
he does!"
