rundll32.exe

Discussion in 'Computer Security' started by Jim Seavey, Dec 4, 2004.

  1. Jim Seavey

    Jim Seavey Guest

    HI,

    I'm a bit confuesed about the long thread with this title in it.

    I find four seperate instances of programs titled rundll32.exe on my
    system.

    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\rundll32.exe
    C:\WINDOWS\ServicePackFiles\i386\rundll32.exe
    C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb98
    9\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe

    One of them has requested outbound access - this occurred while I was
    working with Musicmatch Jukebox.

    Are these someting that I sould be concerneda about?

    Thanks,

    Jim
    Jim Seavey, Dec 4, 2004
    #1
    1. Advertising

  2. DLL -- Dynamic Link Libraries

    They are non executable libraries of functions or routines.
    To get a function (or routine) to be executed you can use RUNDLL.EXE and RUNDLL32.EXE
    (depending on the Windows OS)
    For example..

    rundll32 MyLibrary.dll,Function_to_run

    The above will run run the DLL library routine called Function_to_run that is contained in
    MyLibrary.dll

    RUNDLL32.EXE is a MS utility and should be found in the Windows directory tree (and in
    i386)

    I would be dubious on the following ...
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\rundll32.exe
    I don't think it belongs there.

    Please submit the "rundll32.exe" that you found in...
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox
    to...
    http://www.virustotal.com/flash/index_en.html

    * * * Please report back your results * * *

    Dave




    "Jim Seavey" <> wrote in message
    news:...
    | HI,
    |
    | I'm a bit confuesed about the long thread with this title in it.
    |
    | I find four seperate instances of programs titled rundll32.exe on my
    | system.
    |
    | C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\rundll32.exe
    | C:\WINDOWS\ServicePackFiles\i386\rundll32.exe
    | C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb98
    | 9\rundll32.exe
    | C:\WINDOWS\system32\rundll32.exe
    |
    | One of them has requested outbound access - this occurred while I was
    | working with Musicmatch Jukebox.
    |
    | Are these someting that I sould be concerneda about?
    |
    | Thanks,
    |
    | Jim
    David H. Lipman, Dec 4, 2004
    #2
    1. Advertising

  3. Jim Seavey

    Jim Seavey Guest

    Here are the results of the scan:

    Server response
    Results of a file scan
    This is the report of the scanning done over "rundll32.exe" file that
    VirusTotal processed on 12/05/2004 at 02:27:29.

    Antivirus Version Update Result
    AntiVir 6.28.0.12 12.03.2004 -
    BitDefender 7.0 12.04.2004 -
    ClamWin devel-20041018 12.05.2004 -
    DrWeb 4.32b 12.03.2004 -
    eTrust-Iris 7.1.194.0 12.04.2004 -
    eTrust-Vet 11.7.0.0 12.05.2004 -
    F-Prot 3.15b 12.03.2004 -
    Kaspersky 4.0.2.24 12.05.2004 -
    NOD32v2 1.939 12.03.2004 -
    Norman 5.70.10 12.03.2004 -
    Panda 7.02.00 12.04.2004 -
    Sybari 7.5.1314 12.05.2004 -
    Symantec 8.0 12.04.2004 -

    VirusTotal is a free service offered by Hispasec Sistemas. There are no
    guarantees about abailability and continuity of this service. Even when
    the detection rate given by the use of multiple antivirus engines is
    far superior to the one offered by only one product, this results DO
    NOT guarantee the harmlessness of a file. There is no such a solution
    that can offer a 100% rate of efectiveness recognizing virus and
    malware.

    Perhaps it is legitimate.

    I did a little more investigation and learned that it was:

    C:\WINDOWS\system32\rundll32.exe

    that wanted outbound access.

    Jim


    David H. Lipman wrote:

    > DLL -- Dynamic Link Libraries
    >
    > They are non executable libraries of functions or routines.
    > To get a function (or routine) to be executed you can use RUNDLL.EXE
    > and RUNDLL32.EXE (depending on the Windows OS)
    > For example..
    >
    > rundll32 MyLibrary.dll,Function_to_run
    >
    > The above will run run the DLL library routine called Function_to_run
    > that is contained in MyLibrary.dll
    >
    > RUNDLL32.EXE is a MS utility and should be found in the Windows
    > directory tree (and in i386)
    >
    > I would be dubious on the following ...
    > C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\rundll32.exe
    > I don't think it belongs there.
    >
    > Please submit the "rundll32.exe" that you found in...
    > C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox
    > to...
    > http://www.virustotal.com/flash/index_en.html
    >
    > * * * Please report back your results * * *
    >
    > Dave
    >
    >
    >
    >
    > "Jim Seavey" <> wrote in message
    > news:...
    > > HI,
    > >
    > > I'm a bit confuesed about the long thread with this title in it.
    > >
    > > I find four seperate instances of programs titled rundll32.exe on
    > > my system.
    > >
    > > C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\rundll32.exe
    > > C:\WINDOWS\ServicePackFiles\i386\rundll32.exe
    > >
    > > C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2
    > > eb98 9\rundll32.exe C:\WINDOWS\system32\rundll32.exe
    > >
    > > One of them has requested outbound access - this occurred while I
    > > was working with Musicmatch Jukebox.
    > >
    > > Are these someting that I sould be concerneda about?
    > >
    > > Thanks,
    > >
    > > Jim




    --
    NorSea Odyssey
    Around The World by BMW Motorcycle
    http://www.norseaodyssey.com KF6PMT
    "Yeah, I have a hair stylist. His name's helmet."
    "If Bill Gates had a nickel for every time Windows crashed....Oh, wait,
    he does!"
    Jim Seavey, Dec 5, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Timo aka Sul
    Replies:
    0
    Views:
    668
    Timo aka Sul
    Jul 31, 2003
  2. sabine

    rundll32.exe

    sabine, Sep 28, 2003, in forum: Computer Support
    Replies:
    8
    Views:
    2,713
  3. --tomcat--

    RUNDLL32.EXE

    --tomcat--, Jan 22, 2004, in forum: Computer Support
    Replies:
    7
    Views:
    780
    Juan PĂ©rez
    Apr 26, 2004
  4. John
    Replies:
    0
    Views:
    581
  5. John
    Replies:
    0
    Views:
    493
Loading...

Share This Page