Author Topic: "RUNDLL32.exe" a virus????  (Read 23773 times)

0 Members and 1 Guest are viewing this topic.

Lepanto

  • Guest
"RUNDLL32.exe" a virus????
« on: February 23, 2013, 03:28:01 AM »
i found a news in forum that tell a new virus who infected rundll32.exe which is infected windows OS. (it just their opinions)


that the rundll32, but it has ".exe" extensions (is it weird?).


sometimes it's happen when shutting down the computer

then, that's another one.
if the infected computer open task manager. there are proccess rundll32 run as the administrator.

avast not detect this thing as malware. and the another antivirus like kaspersky, norton, avira, even microsoft security essential patch program.

the victims say, this thing make a bad effect to computer
1. make computer run slow
2. steal a password and data that come from online session
3. the worst, can insert DDOS virus.

i want ask for your analysis. is that true???
it's weird if many antivirus not detect that thing as virus.


sorry if my english bad

note: the picture is take from the forum kaskus.co.id
http://www.kaskus.co.id/thread/50ae031f7d12437c6c00012d/hati-hati--lagi-marak-virus-rundll32exe-os-windows---gak-kedetect-anti-virus/
« Last Edit: February 26, 2013, 02:14:08 PM by Lepanto »

Offline mikaelrask

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1556
Re: RUNDLL32 a virus????
« Reply #1 on: February 24, 2013, 08:22:32 AM »
hey and welcome to the forum.

the file is a windows file that is needed for your operation system.

are you having trouble with it or?
Windows 8.1 amd a10-5700 64 bit
12 GB ram 1 tb hard drive. Avast 18, MBAM

Lepanto

  • Guest
Re: RUNDLL32 a virus????
« Reply #2 on: February 25, 2013, 12:26:43 PM »
hey and welcome to the forum.

the file is a windows file that is needed for your operation system.

are you having trouble with it or?

yeah, of course...  :( :( :(

people say there is a virus who infected it. and the problem, avast can't detect it as virus  :( :( :(

spywar

  • Guest
Re: RUNDLL32 a virus????
« Reply #3 on: February 25, 2013, 01:22:12 PM »
hey and welcome to the forum.

the file is a windows file that is needed for your operation system.

are you having trouble with it or?

yeah, of course...  :( :( :(

people say there is a virus who infected it. and the problem, avast can't detect it as virus  :( :( :(
It's not a "virus" just a safe file from the system ...

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: RUNDLL32 a virus????
« Reply #4 on: February 25, 2013, 02:32:40 PM »
Hi spywar,

That is only part of the story. In normal circumstances, yes. But most probably malware just uses rundll32.exe to load itself, and then malware is being detected.
I hope for the victim he can still use his Safe Mode...This should be an issue for a qualified malware removal specialist to look at. Let us wait for his comments,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37594
  • Not a avast user
Re: RUNDLL32 a virus????
« Reply #5 on: February 25, 2013, 02:37:09 PM »
upload suspicious file(s) to www.virustotal.com and test wih 40+ malware scanners (if tested before click new scan)
post link to scan result here for us to see...

Lepanto

  • Guest
Re: RUNDLL32 a virus????
« Reply #6 on: February 26, 2013, 02:01:23 PM »
hey and welcome to the forum.

the file is a windows file that is needed for your operation system.

are you having trouble with it or?

yeah, of course...  :( :( :(

people say there is a virus who infected it. and the problem, avast can't detect it as virus  :( :( :(
It's not a "virus" just a safe file from the system ...


ok, thank you. i know that.
there is a miss understanding here.
dont look the tittle.

i mean, there is a virus who infected the rundll32. then the avast not detect it as virus

Thank you

Lepanto

  • Guest
Re: RUNDLL32 a virus????
« Reply #7 on: February 26, 2013, 02:09:32 PM »
Quote
File already analysed
This file was already analysed by VirusTotal on 2013-02-25 23:23:13 .

Detection ratio: 0/46

You can take a look at the last analysis or analyse it again now.

ok, here it's..

the scan result from https://www.virustotal.com/en/

it said no virus??

i upload the rundll32.exe from my system32 folder.

but, are you see something wrong here?? (Look At My SREENSHOOT)

Quote
the uninfected file (rundll32)  doesn't have extension ".exe"
but the infected file (rundll32) has extension ".exe

are you agree with me??

« Last Edit: February 26, 2013, 02:11:46 PM by Lepanto »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37594
  • Not a avast user
Re: "RUNDLL32.exe" a virus????
« Reply #8 on: February 26, 2013, 02:28:55 PM »
the link posted does not go to the scan result..... and if scanned before click new scan
when done copy the url in your browser and post here

Lepanto

  • Guest
Re: "RUNDLL32.exe" a virus????
« Reply #9 on: February 27, 2013, 12:03:48 AM »
the link posted does not go to the scan result..... and if scanned before click new scan
when done copy the url in your browser and post here

sorry2, i don't know how to use it..

but, here it's

https://www.virustotal.com/en/file/dee53d6d332dadd40c0ce34a425a6c0781f611765dcd4299d869f2b1ee80ae66/analysis/1361919749/

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37594
  • Not a avast user
Re: "RUNDLL32.exe" a virus????
« Reply #10 on: February 27, 2013, 12:27:26 AM »
First seen by VirusTotal
 2008-05-21 02:27:09 UTC ( 4 years, 9 months ago )

file should be okay...

Lepanto

  • Guest
Re: "RUNDLL32.exe" a virus????
« Reply #11 on: February 27, 2013, 02:19:18 AM »
hm, okay. ty ty