RUNDLL32 eating CPU time.. only when not online!

Hi all,

I noticed that (because of the installation of some software
I can't manage to track down anymore) RUNDLL32.EXE and
SERVICES.EXE eat all CPU time when the CPU would otherwise
be idle..
I noticed though that this happens only when I am offline
(Internet).. but they don't eat CPU time when online instead.

How could I track down what is causing the problem? I may
write a dummy RUNDLL32.EXE to see what command line params
it gets each time it was launched.. but, is there a simpler
way, and that offers more probabilities of success anyway?

Any hints?

Thank you!
John

if you want to know what the command line parameters for
rundll32 are, you can use process explorer, a free tool
you can download from www.sysinternals.com.
>-----Original Message-----
>
>Hi all,
>
>I noticed that (because of the installation of some
software
>I can't manage to track down anymore) RUNDLL32.EXE and
>SERVICES.EXE eat all CPU time when the CPU would otherwise
>be idle..
>I noticed though that this happens only when I am offline
>(Internet).. but they don't eat CPU time when online
instead.
>
>How could I track down what is causing the problem? I may
>write a dummy RUNDLL32.EXE to see what command line params
>it gets each time it was launched.. but, is there a
simpler
>way, and that offers more probabilities of success anyway?
>
>Any hints?
>
>Thank you!
>John
>
>.
>

I agree with TIA. While run32dll is a legit component, its
a powerful tool used every time you access resouces and
launch new processes. I've only seen the kind of behaviour
you describe when a virus is running.

>-----Original Message-----
>
>"John" <john@NOSPAM.com> wrote in message
>news:9BVNa.151705$lK4.4256796@twister1.libero.it...
>>
>> Hi all,
>>
>> I noticed that (because of the installation of some
software
>> I can't manage to track down anymore) RUNDLL32.EXE and
>> SERVICES.EXE eat all CPU time when the CPU would
otherwise
>> be idle..
>> I noticed though that this happens only when I am
offline
>> (Internet).. but they don't eat CPU time when online
instead.
>>
>> How could I track down what is causing the problem? I
may
>> write a dummy RUNDLL32.EXE to see what command line
params
>> it gets each time it was launched.. but, is there a
simpler
>> way, and that offers more probabilities of success
anyway?
>>
>> Any hints?
>>
>> Thank you!
>> John
>>
>
>
>Hi John
>Sounds like you have a trojan backdoor installed. Do a
virus scan.
>
>It is probably starting things from the
>
>HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
>
>registry key,
>but could be any of the following locations:
>
><generic startup list>
>HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
>HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\
>HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\
>HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
\
>HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
Once\
>HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
>HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\
>HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\
>HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
\
>HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Once\
>HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Userinit
>HKCU\Software\Microsoft\Windows
NT\CurrentVersion\Windows\Load
>HKCU\Software\Microsoft\Windows
NT\CurrentVersion\Windows\Run
>C:\Documents and Settings\All Users\Start
Menu\Programs\Startup
>C:\Documents and Settings\myname\Start
Menu\Programs\Startup
>C:\WINNT\win.ini
>Administrative Tools -> Computer Management -> Services
>
>
>
>
>
>
>
>
>
>.
>