Rundll32.dll - Finding who the parent app is?

[jim]

On Win XP Rundll32 starts on my machine at various odd times and consumes
99% of my cpu. I try to end the task from Windows Task Manager (ahe
application list remains empty) but it either does not end (or restarts so
quickly I can't tell which). I must shut down to kill it. I reviewed the
various locations where programs are initiated at startup such as Start
Menu, registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

the Management Console's Services etc but have found no clues or did not
recognize the offending service.
Anyone know how I can find out the name of the application that kicked off
this dll so I can find the offender?

thanks.

 

[Rock]

On Win XP Rundll32 starts on my machine at various odd times and consumes
99% of my cpu. I try to end the task from Windows Task Manager (ahe
application list remains empty) but it either does not end (or restarts so
quickly I can't tell which). I must shut down to kill it. I reviewed the
various locations where programs are initiated at startup such as Start
Menu, registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

the Management Console's Services etc but have found no clues or did not
recognize the offending service.
Anyone know how I can find out the name of the application that kicked off
this dll so I can find the offender?

thanks.

Check your system for malware and viruses using Spybot, Adaware,
Cwshredder, Bazooka Spyware Scanner and HiJackThis. Run several of the
online virus scans. If your system is clean then do some clean boot
troubleshooting to identify the cuprit.

How to Troubleshoot By Using the Msconfig Utility in Windows XP
http://support.microsoft.com/?id=310560

How to perform advanced clean-boot troubleshooting in Windows XP
http://support.microsoft.com/?id=316434

Run these programs to check for spyware/malware. After installing
update them, then boot into safe mode and run them. You should update
and run them weekly.

Cwshredder
http://209.133.47.200/~merijn/files/CWShredder.exe

Ad-aware
http://www.lavasoftusa.com

Spybot Search and Destroy
http://www.safer-networking.org

Bazooka Adware and Spyware Scanner
http://download.com.com/3000-2144-10247783.html

After your system is clean use these programs to help keep it clean:

Spywareblaster
www.javacoolsoftware.com/sbdownload.html

Spywareguard
http://www.javacoolsoftware.com/sgdownload.html

IE-SPYAD
http://www.staff.uiuc.edu/~ehowes/resource.htm

For viruses:

Online and Downloadable Virus Scanning:

Bit Defender Online Virus Scan:
http://www.bitdefender.com/scan/license.php

Symantec Online Virus and Security Scan:
http://security.symantec.com/ssc/home.asp

TrendMicro:
http://housecall.trendmicro.com/housecall/start_corp.asp

McAfee Online Virus Scan:
http://www.mcafee.com/myapps/mfs/default.asp

Panda ActiveScan
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

RAV AntiVirus - Scan Online
http://www.ravantivirus.com/scan/

McAfee Stinger, Downloadable Virus Scanner:
http://us.mcafee.com/virusInfo/default.asp?id=stinger

 

[jim]

thanks for your detailed reply - however I have tried the obvious - updated
my virius and ran adaware etc. I was really looking for a utility that
could perhaps check process IDs and match them up to the services/dlls or
whatever the actual inner workings there is.

 

[Malke]

thanks for your detailed reply - however I have tried the obvious -
updated
my virius and ran adaware etc. I was really looking for a utility
that
could perhaps check process IDs and match them up to the services/dlls
or whatever the actual inner workings there is.

Perhaps Process Explorer would meet your needs?
http://www.systernals.com/

Malke

 

[Rock]

thanks for your detailed reply - however I have tried the obvious - updated
my virius and ran adaware etc. I was really looking for a utility that
could perhaps check process IDs and match them up to the services/dlls or
whatever the actual inner workings there is.

Process Explorer from sysinternals.com is the ticket.