Rundll32.exe and spyware
Results 1 to 6 of 6

Thread: Rundll32.exe and spyware

  1. #1
    Junior Member
    Join Date
    Aug 2004
    Posts
    6

    Exclamation Rundll32.exe and spyware

    Okay, quick story. My client has a Dell with windows 98. He had it cleaned last week and bought Norton internet security 2005. Went home,connected to the broadband( before the AV was installed) and got infected. As he tried to istall Norton he got an error" Norton has failed to install, do you want to continue"
    At this stage he called me, on running Pestpatrol,spybot etc, found multiple spyware and adware on the unit and removed them. Ran Stinger and reported clean and ran Hirens with F-prot also clean.
    Then the fun part, on reboot and trying to install Norton Internet sercurity 2005, it fails again, this time saying that a failed instal or uninstall was found, please reboot and try again.
    Again tried this and also all the ideas from the Symantec website. No help.

    Also during this time it keeps trying to connect to the web and when the DSL is connected several webpages are displayed. Ctrl-Alt-DEL shows Rundll32.exe is running and when I stop this, the pages stop comming up (for a while) then later they appear again. I know there is something on the unit stopping me installing Norton but is not showing up in any of my Spyware or adware or AV programs.
    When I check out Rundll32.exe in the Windows folder it looks ok and is dated April 1999

    Spybot has just come back and found a load od "Coolwww" and a DSO exploit on the system. I just clean this lot last night.

    Any Ideas?

    Robert

  2. #2
    Junior Member
    Join Date
    Aug 2004
    Posts
    6
    Update the DSO expliot has come up in German with an error during check
    Ungultiger Datentyp Fur

    What does this mean?

  3. #3
    Junior Member
    Join Date
    Aug 2004
    Posts
    6
    Update: Google found and told me what the Z-demon is and I will try and remove it

  4. #4
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Slanite va,

    Kildare?........................the "lilly whites"?

    OK the "Curragh" is fine for the horses, but you are a large ball county........would you fancy the small ball against the "Banner County"



    Then, I will try to answer your real question
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  5. #5
    Junior Member
    Join Date
    Aug 2004
    Posts
    6
    Go on ya boy ya!

    Sure the hurl is better, but if your up for a game, why not. But do ya want to play golf or soccer? I mean the K club is only down the road from here!

    Rob

  6. #6
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    1. The DSO exploit is simply a bug in spybot. It's a false positive
    2. Run HijackThis! and look for anything out of place
    3. Rundll32.exe is probably not the culprit here. All sorts of programs use it to launch other crap. So, it's not necessarily Rundll32.exe that is infected.

    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides