Spyware, Viruses, & Security forum

General discussion

Two rundll32.exe in task manager?

by neforsis / March 18, 2007 5:42 AM PDT

Hey,

I'm new to the forum here, but I have a quick question:

Normally I only have 29 processes running in my task manager (with everything else unnessecary shut down), but now a have 30 processes running and a new suspicious rundll32.exe added to the list, just like the one that I have noted there always. Suspecious since I after an AVG scan had the result that the ntoskrnl.exe --> was changed, but not taken as a threat or infected. According to AVG's own forum this is not a problem though:

http://forum.grisoft.cz/freeforum/read.php?7,31941,32180

The problem is that on another site (don't have a link) other people state that in the worst case it can also be a clever virus that hides itself under the ntoskrnl.exe file. That got me worried.

Now, is two rundll32.exe normal in the task manager, and if not, could it have anything to do with what AVG has found?

Neforsis Happy

Post a reply
Discussion is locked
You are posting a reply to: Two rundll32.exe in task manager?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Two rundll32.exe in task manager?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Yes, is normal
by Marianna Schmudlach / March 18, 2007 5:58 AM PDT
Collapse -
rundll32.exe
by Donna Buenaventura / March 18, 2007 6:04 AM PDT

Please open Task Manager again then locate the rundll32.exe in the list of Processes. Tell us the "description" of the the 2 rundll32.exe that you are seeing.

Over here, I can see 1 rundll32.exe in my computer and the description is "Windows Host Process (Rundll32)"

BTW, are you using NVIDIA graphics card/driver/software. If yes, it adds 3 rundll32.exe in startup but not in processes tab.

Collapse -
Two rundll32.exe?
by neforsis / March 18, 2007 6:20 AM PDT
In reply to: rundll32.exe

Hmmm, description? Where do you find a description of rundll32.exe in the task manager? I can't find the "Windows Host Process (Rundll32)" information that you have found anywhere.... can't right click it or anything.

Neforsis Happy

Collapse -
Have a look here......
by Marianna Schmudlach / March 18, 2007 6:54 AM PDT
In reply to: Two rundll32.exe?
Collapse -
Process counter column headings
by Donna Buenaventura / March 18, 2007 12:29 PM PDT
In reply to: Two rundll32.exe?

On the Processes tab, you can monitor running processes using the following counters, which can be displayed as column headings. To display a process as a column heading, on the View menu, click Select Columns. Check "Image Name" so your rundll32.exe will show the location (path) then you locate it using Windows Explorer. Right-click it when found and tell us what you see in its description.

Sorry but I forgot that I'm using Vista right now Grin
In Vista, there's no need to do the above because the "Description" is already in the Task Manager.

In XP, you need to the above - locating the path of the rundll32.exe then bring up the properties to see who own it or what it is for (description).

Collapse -
hmmm
by neforsis / March 19, 2007 1:02 AM PDT

Hmmm.... I still don't see any location (path) in the task manager. 'Image Name' is already checked as a default, but where is that description of the location?

Neforsis

Collapse -
If no path then try the link that Marianna provided
by Donna Buenaventura / March 19, 2007 1:37 AM PDT
In reply to: hmmm
http://windowsxp.mvps.org/rundll32.htm

"Open a Command Prompt window and type the following command:

tasklist /m /fi "IMAGENAME eq rundll32.exe" >C:\rundll32.txt

Now, open the file C:\rundll32.txt file and identify the "odd" modules. (filter out the system files and dependencies used by Rundll32.exe. The odd one (in this example) is the timedate.cpl file. Yes. I had the Date/Time dialog open and this is what Rundll32.exe was executing."

But if you have XP home edition, the above will not work.
Collapse -
After the fact and FYI..
by Carol~ Forum moderator / March 19, 2007 5:19 AM PDT

Norforsis..

Welcome to the forum. If you installed update KB929338 this month, it's most likely how and why you got AVG's notification of the file change. Ntoskrnl.exe was replaced as part of the update. If you didn't install it .. your guess is as good as mine! Wink

In case you were curious..
Carol

Collapse -
hmmm
by neforsis / March 19, 2007 6:09 AM PDT

Is there any way I can check if I had this update installed? My windows updates are downloaded automatically, so I don't know if it has been installed or not....

Neffe Happy

Collapse -
hmmm... YES! :)
by Carol~ Forum moderator / March 19, 2007 6:21 AM PDT
In reply to: hmmm

Neffe..

You can do one of two things. You can go to Automatic Updates and look on the left-hand side of the page. It will give you the option to "Review your update history". (I use Microsoft Update, but I believe they offer the same option with WU.) Click on it and check this month's updates. You can also go to Start>Control Panel>Add/Remove. If you have "show updates" checked at the top of the page, you'll also see the updates listed there.

Any problems with it, post back.
Carol

Collapse -
hmmm
by neforsis / March 19, 2007 7:09 AM PDT
In reply to: hmmm... YES! :)

Looks like I downloaded this update this thursday (the 15th), so now I feel a bit better.... now to find out about those two rundll32.exe....

neffe Happy

Collapse -
rundll32.exe in task manager
by PArnold30 / February 20, 2008 10:26 PM PST

Just wanted to let people know that after installing Google Web Accelerator rundll32.exe would pop up in the task manager every 3 seconds and spike the CPU use an extra 26%. I am running Windows Vista. It's probably normal behavior for the program but it was annoying enough for me to uninstall the web accelerator. While the program was displaying how much time I was saving by having a faster internet speed I was watching as my speed moving around the desktop was decreasing thanks to the extra CPU usage. Be careful what you install.

Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

Tech explained

Do you know what an OLED TV is?

CNET explains how OLED technology differs from regular TVs, and what you need to know to make the right shopping decision.