Thanks for the extensive discussion on rundll32.exe. I have found malicious programs started by this utility. However, at any one time there may be several copies of rundll32 running at the same time. What I would like to know is there any way to tell what DLL the utility is currently running & where it came from? I generally use EVEREST home addition to examine what is currently running in memory. It is one of the best analysis programs I have found, but it doesn?t give you such insight.
Your favorite shows are back!
Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!