Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > rundll32.exe

Reply
Thread Tools

rundll32.exe

 
 
Jim Seavey
Guest
Posts: n/a
 
      12-04-2004
HI,

I'm a bit confuesed about the long thread with this title in it.

I find four seperate instances of programs titled rundll32.exe on my
system.

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\rundll32.exe
C:\WINDOWS\ServicePackFiles\i386\rundll32.exe
C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8e fd5a9b6f87fff395a2eb98
9\rundll32.exe
C:\WINDOWS\system32\rundll32.exe

One of them has requested outbound access - this occurred while I was
working with Musicmatch Jukebox.

Are these someting that I sould be concerneda about?

Thanks,

Jim
 
Reply With Quote
 
 
 
 
David H. Lipman
Guest
Posts: n/a
 
      12-04-2004
DLL -- Dynamic Link Libraries

They are non executable libraries of functions or routines.
To get a function (or routine) to be executed you can use RUNDLL.EXE and RUNDLL32.EXE
(depending on the Windows OS)
For example..

rundll32 MyLibrary.dll,Function_to_run

The above will run run the DLL library routine called Function_to_run that is contained in
MyLibrary.dll

RUNDLL32.EXE is a MS utility and should be found in the Windows directory tree (and in
i386)

I would be dubious on the following ...
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\rundll32.exe
I don't think it belongs there.

Please submit the "rundll32.exe" that you found in...
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox
to...
http://www.virustotal.com/flash/index_en.html

* * * Please report back your results * * *

Dave




"Jim Seavey" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
| HI,
|
| I'm a bit confuesed about the long thread with this title in it.
|
| I find four seperate instances of programs titled rundll32.exe on my
| system.
|
| C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\rundll32.exe
| C:\WINDOWS\ServicePackFiles\i386\rundll32.exe
| C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8e fd5a9b6f87fff395a2eb98
| 9\rundll32.exe
| C:\WINDOWS\system32\rundll32.exe
|
| One of them has requested outbound access - this occurred while I was
| working with Musicmatch Jukebox.
|
| Are these someting that I sould be concerneda about?
|
| Thanks,
|
| Jim


 
Reply With Quote
 
 
 
 
Jim Seavey
Guest
Posts: n/a
 
      12-05-2004
Here are the results of the scan:

Server response
Results of a file scan
This is the report of the scanning done over "rundll32.exe" file that
VirusTotal processed on 12/05/2004 at 02:27:29.

Antivirus Version Update Result
AntiVir 6.28.0.12 12.03.2004 -
BitDefender 7.0 12.04.2004 -
ClamWin devel-20041018 12.05.2004 -
DrWeb 4.32b 12.03.2004 -
eTrust-Iris 7.1.194.0 12.04.2004 -
eTrust-Vet 11.7.0.0 12.05.2004 -
F-Prot 3.15b 12.03.2004 -
Kaspersky 4.0.2.24 12.05.2004 -
NOD32v2 1.939 12.03.2004 -
Norman 5.70.10 12.03.2004 -
Panda 7.02.00 12.04.2004 -
Sybari 7.5.1314 12.05.2004 -
Symantec 8.0 12.04.2004 -

VirusTotal is a free service offered by Hispasec Sistemas. There are no
guarantees about abailability and continuity of this service. Even when
the detection rate given by the use of multiple antivirus engines is
far superior to the one offered by only one product, this results DO
NOT guarantee the harmlessness of a file. There is no such a solution
that can offer a 100% rate of efectiveness recognizing virus and
malware.

Perhaps it is legitimate.

I did a little more investigation and learned that it was:

C:\WINDOWS\system32\rundll32.exe

that wanted outbound access.

Jim


David H. Lipman wrote:

> DLL -- Dynamic Link Libraries
>
> They are non executable libraries of functions or routines.
> To get a function (or routine) to be executed you can use RUNDLL.EXE
> and RUNDLL32.EXE (depending on the Windows OS)
> For example..
>
> rundll32 MyLibrary.dll,Function_to_run
>
> The above will run run the DLL library routine called Function_to_run
> that is contained in MyLibrary.dll
>
> RUNDLL32.EXE is a MS utility and should be found in the Windows
> directory tree (and in i386)
>
> I would be dubious on the following ...
> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\rundll32.exe
> I don't think it belongs there.
>
> Please submit the "rundll32.exe" that you found in...
> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox
> to...
> http://www.virustotal.com/flash/index_en.html
>
> * * * Please report back your results * * *
>
> Dave
>
>
>
>
> "Jim Seavey" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > HI,
> >
> > I'm a bit confuesed about the long thread with this title in it.
> >
> > I find four seperate instances of programs titled rundll32.exe on
> > my system.
> >
> > C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\rundll32.exe
> > C:\WINDOWS\ServicePackFiles\i386\rundll32.exe
> >
> > C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8e fd5a9b6f87fff395a2
> > eb98 9\rundll32.exe C:\WINDOWS\system32\rundll32.exe
> >
> > One of them has requested outbound access - this occurred while I
> > was working with Musicmatch Jukebox.
> >
> > Are these someting that I sould be concerneda about?
> >
> > Thanks,
> >
> > Jim




--
NorSea Odyssey
Around The World by BMW Motorcycle
http://www.norseaodyssey.com KF6PMT
"Yeah, I have a hair stylist. His name's helmet."
"If Bill Gates had a nickel for every time Windows crashed....Oh, wait,
he does!"
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Advertisments