In terms of advice: First check the file paths of the running rundll32, then check which dll's/functions they are running. Having multiple instances of rundll32 running at the same time is not very suspicious by itself.ĭepending on the format used, factory images may be edited by malware, although I am by no means an expert on this and can't recall any such malware recently. While a changing symbol for rundll32 is a sign that tells you something is wrong, it is by no means certain that a modification of it would show up in this way! The article that you link to is not good advice imho. Both instances should have the same path (this may be different on 64bit systems which may have a separate 32bit version, I'm not sure about that). This will also tell you which rundll32.exe is being run (if one of them is in a strange folder, say C:\Program Files\whatever\rundll32.exe, that would likely be a problem. For a mor in-depth explanation, see the MS Knowledge Base.Īlso look here for a description of how you can adjust the table in your task manager to see the entire command line, and so which functions are actually being run by your rundll32. Rundll32 is a part of Windows used to invoke functions in dll's that are explicitly meant to be called by them (meaning that you can run them from a command line/command line script, or from an executable without linking against the dll that the required function is contained in).
0 kommentar(er)
