"RUNDLL32.exe" a virus????

[Lepanto]

i found a news in forum that tell a new virus who infected rundll32.exe which is infected windows OS. (it just their opinions)


that the rundll32, but it has ".exe" extensions (is it weird?).


sometimes it's happen when shutting down the computer

then, that's another one.
if the infected computer open task manager. there are proccess rundll32 run as the administrator.

avast not detect this thing as malware. and the another antivirus like kaspersky, norton, avira, even microsoft security essential patch program.

the victims say, this thing make a bad effect to computer
1. make computer run slow
2. steal a password and data that come from online session
3. the worst, can insert DDOS virus.

i want ask for your analysis. is that true???
it's weird if many antivirus not detect that thing as virus.


sorry if my english bad

note: the picture is take from the forum kaskus.co.id
http://www.kaskus.co.id/thread/50ae031f7d12437c6c00012d/hati-hati--lagi-marak-virus-rundll32exe-os-windows---gak-kedetect-anti-virus/

[mikaelrask]

hey and welcome to the forum.

the file is a windows file that is needed for your operation system.

are you having trouble with it or?

[Lepanto]

hey and welcome to the forum.

the file is a windows file that is needed for your operation system.

are you having trouble with it or?

yeah, of course... 

people say there is a virus who infected it. and the problem, avast can't detect it as virus 

[spywar]

hey and welcome to the forum.

the file is a windows file that is needed for your operation system.

are you having trouble with it or?

yeah, of course... 

people say there is a virus who infected it. and the problem, avast can't detect it as virus 

It's not a "virus" just a safe file from the system ...

[polonus]

Hi spywar,

That is only part of the story. In normal circumstances, yes. But most probably malware just uses rundll32.exe to load itself, and then malware is being detected.
I hope for the victim he can still use his Safe Mode...This should be an issue for a qualified malware removal specialist to look at. Let us wait for his comments,

polonus

[Pondus]

upload suspicious file(s) to www.virustotal.com and test wih 40+ malware scanners (if tested before click new scan)
post link to scan result here for us to see...

[Lepanto]

hey and welcome to the forum.

the file is a windows file that is needed for your operation system.

are you having trouble with it or?

yeah, of course... 

people say there is a virus who infected it. and the problem, avast can't detect it as virus 

It's not a "virus" just a safe file from the system ...

ok, thank you. i know that.
there is a miss understanding here.
dont look the tittle.

i mean, there is a virus who infected the rundll32. then the avast not detect it as virus

Thank you

[Lepanto]

File already analysed
This file was already analysed by VirusTotal on 2013-02-25 23:23:13 .

Detection ratio: 0/46

You can take a look at the last analysis or analyse it again now.

ok, here it's..

the scan result from https://www.virustotal.com/en/

it said no virus??

i upload the rundll32.exe from my system32 folder.

but, are you see something wrong here?? (Look At My SREENSHOOT)

the uninfected file (rundll32)  doesn't have extension ".exe"
but the infected file (rundll32) has extension ".exe

are you agree with me??

[Pondus]

the link posted does not go to the scan result..... and if scanned before click new scan
when done copy the url in your browser and post here

[Lepanto]

the link posted does not go to the scan result..... and if scanned before click new scan
when done copy the url in your browser and post here

sorry2, i don't know how to use it..

but, here it's

https://www.virustotal.com/en/file/dee53d6d332dadd40c0ce34a425a6c0781f611765dcd4299d869f2b1ee80ae66/analysis/1361919749/

[Pondus]

First seen by VirusTotal
 2008-05-21 02:27:09 UTC ( 4 years, 9 months ago )

file should be okay...

[Lepanto]

hm, okay. ty ty