johnny1045 said:
I too have an ibm laptop that was being consumed by rundll32.exe.
The solution for me was to run msconfig and turn off the one startup
item that
contained rundll32 in the command. For me this was the power monitor
utility
(pwrmonit). Since I did this two weeks ago, I have had no problems.
Of course, I don't have the power monitor, but this is a small price
to pay.
Note that this did not involve searching and destroying any spyware or
other
malicious software. I did not have to download any third party
software of
unknown origin. The responses to similar rundll32 questions on this
discussion group have tended to focus on malicious software. Some
responses by MS-MVPs have included statements that rundll32 is itself
spyware and should be removed when at the same time the MS
KnowledgeBase says that
rundll32 is a key Microsoft utility. I am puzzled.
Johnny1045
Rundll32.exe is a legitimate Windows file. However, it is often used by
malware and will not normally be running at startup. You will see it
when something like Control Panel is open, but it will not be a startup
process all by itself. Hence the suggestion to posters with this file
at startup to scan for malware. And here are malware removal
instructions. All tools used should be updated and all scans should be
done in Safe Mode:
1) Scan in Safe Mode with current version (not earlier than 2003)
antivirus using updated definitions.
2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.
Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).
HijackThis is an excellent tool to discover and disable hijackers, but
it requires expert skill. See below for HijackThis links. A combination
of HijackThis and About:Buster works well in removing the About:Blank
homepage hijacker. Again, this is an expert tool and novices should get
help with it.
3) If you are running Windows ME or XP, you should disable/enable System
Restore because malware will be in the Restore Points. With ME, you
must disable System Restore completely. With XP, you can delete all but
the most recent (presumably clean) System Restore point from the More
Options section of Disk Cleanup (Run>cleanmgr).
4) Make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update.
5) Run a firewall.
Links to help with malware:
Software/Methods:
http://www.safer-networking.org - Spybot Search & Destroy
http://www.lavasoftusa.com - Ad-aware
http://www.majorgeeks.com - good download site
http://www.intermute.com/spysubtract/cwshredder_download.html
http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
HijackThis:
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
Eshelman
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/
http://www.spywareinfo.com/forums/
General:
http://forum.aumha.org/ - look under "Security" for various forums
http://rgharper.mvps.org/cleanit.htm
http://mvps.org/winhelp2002/unwanted.htm
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Malke
