rundll32.exe - virus?

[JOe]

Occasionally (every 20-30 minutes, sometimes much longer) my PC starts
running very slowly. In task manager, I see that there is a process called
"rundll32.exe" sucking up all the cpu, and I'm running at 100% contantly -
anything I'm running runs really slowly. Sometimes I'll see two instances,
or even three, of it. If I end it, everything seems to clear up, nothing
seems to break. But then it returns at it's own convenience.

There is a Startup item under msconfig called rundll32.exe, and under
command it says "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" and under
location it says "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" (as do a
lot of the items). It is NOT checked, and I'm running selective startup.

I'm running XP Home that I installed over ME. I installed it about a year
ago, and this started happening about 2-3 months ago.

Can anyone tell me, what is it, and what do I do about it?

Thanks

 

[David H. Lipman]

It's not a virus.

Dave

| Occasionally (every 20-30 minutes, sometimes much longer) my PC starts
| running very slowly. In task manager, I see that there is a process called
| "rundll32.exe" sucking up all the cpu, and I'm running at 100% contantly -
| anything I'm running runs really slowly. Sometimes I'll see two instances,
| or even three, of it. If I end it, everything seems to clear up, nothing
| seems to break. But then it returns at it's own convenience.
|
| There is a Startup item under msconfig called rundll32.exe, and under
| command it says "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" and under
| location it says "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" (as do a
| lot of the items). It is NOT checked, and I'm running selective startup.
|
| I'm running XP Home that I installed over ME. I installed it about a year
| ago, and this started happening about 2-3 months ago.
|
| Can anyone tell me, what is it, and what do I do about it?
|
| Thanks
|
|

 

[David]

There are quite a few possible processes that can run under rundll32. The
ones you show from your startup look like nVidia graphic card utilities. It
also runs some other tasks like tweakui and certain aspects of active
desktop, etc., etc. The most frequent problems I have seen with this file
were due to active desktop and the synchronization manager. More
specifically due to file corruption on a hard drive. If you have the active
desktop feature enabled try disabling it and also try doing some error
checking on your hard drives with the built in GUI or via chkdsk.

 

[Bill]

Can anyone tell me, what is it, and what do I do about it?

It's a Windows runtime dll. If you're concerned about viruses, use a
scanner.

 

[Torti Schlumpf]

In task manager, I see that there is a process called
"rundll32.exe" sucking up all the cpu, and I'm running at 100% contantly -

Where is this process located? Please post a complete process list.
Install Spybot Search and Destroy from http://security.kolla.de and
start it in "Advanced Mode". Then follow >Tools >Process list and export
the list to a txt-file; post it here.

 

[David H. Lipman]

It's not spyware either !

It's loaded from HKLM\software\microsoft\windows\current version\run

Dave

| JOe wrote:
|
| > In task manager, I see that there is a process called
| > "rundll32.exe" sucking up all the cpu, and I'm running at 100% contantly -
|
| Where is this process located? Please post a complete process list.
| Install Spybot Search and Destroy from http://security.kolla.de and
| start it in "Advanced Mode". Then follow >Tools >Process list and export
| the list to a txt-file; post it here.
|
| --
| Regards, Torti
|

 

[JOe]

Thanks everyone for the replies. I guess I now know it's not a virus, but I
still don't know what to do about it.

In response to this note in particular, I wanted to mention (should have
mentioned in my first post) that I have McAfee running and fully updated,
and I did a complete scan of all my files and it found nothing. I also have
the McAfee firewall running.


So ... if it's not a virus, how do I keep from having it suck up all my cpu
time? It literally keeps the cpu at 100% (system idle at 0%) the whole
time. I'll run chkdsk (I've done so before, within the last few months, but
I'll do it again). I'll also try turning off active desktop, but I've had
it on since I installed XP and this problem just cropped up in the last
couple of months. I can't really imagine these stopping the various
instances of the rundll32.exe that I occasionally see (but then I am not a
deep techie), but it can't hurt.

Any other suggestions?


Joe

 

[David H. Lipman]

How much RAM is in the platform ?

For WinXP, you should have a minimum of 256MB.

Dave

| Thanks everyone for the replies. I guess I now know it's not a virus, but I
| still don't know what to do about it.
|
| In response to this note in particular, I wanted to mention (should have
| mentioned in my first post) that I have McAfee running and fully updated,
| and I did a complete scan of all my files and it found nothing. I also have
| the McAfee firewall running.
|
|
| So ... if it's not a virus, how do I keep from having it suck up all my cpu
| time? It literally keeps the cpu at 100% (system idle at 0%) the whole
| time. I'll run chkdsk (I've done so before, within the last few months, but
| I'll do it again). I'll also try turning off active desktop, but I've had
| it on since I installed XP and this problem just cropped up in the last
| couple of months. I can't really imagine these stopping the various
| instances of the rundll32.exe that I occasionally see (but then I am not a
| deep techie), but it can't hurt.
|
| Any other suggestions?
|
|
| Joe
|
| | >
| >
| > >Can anyone tell me, what is it, and what do I do about it?
| >
| >
| > It's a Windows runtime dll. If you're concerned about viruses, use a
| > scanner.
| >
|
|

 

[JOe]

I've got 512Mb of memory. It's only when rundll32.exe kicks off that I see
a slowdown. Otherwise it works great, even if I have 6-8 program running at
the same time. Right now, with outlook, outlook express, AIM, Netscape
running, I am running great.

 

[Gabriele Neukam]

On that special day, David H. Lipman, ([email protected])
said...

It's not spyware either !

It's loaded from HKLM\software\microsoft\windows\current version\run

Are there any parameters *after* the mentioning of rundll32.exe, and
which ones? Is there a path information given, in front of the word
rundll32.exe?


Gabriele Neukam

(e-mail address removed)

 

[JOe]

Not under processes. There is a Startup item under msconfig called
rundll32.exe,
and under command it says "RUNDLL32.EXE NvQTwk,NvCplDaemon
initialize" and under location it says
"SOFTWARE\Microsoft\Windows\CurrentVersion\Run" (as do a lot of the
items). It is NOT checked, and I'm running selective startup.

 

[David H. Lipman]

I've seen the command only executed from the Registry HKLM Run location.

When and from where does the command "kick off" ?

Dave

| I've got 512Mb of memory. It's only when rundll32.exe kicks off that I see
| a slowdown. Otherwise it works great, even if I have 6-8 program running at
| the same time. Right now, with outlook, outlook express, AIM, Netscape
| running, I am running great.
|
|
| | > How much RAM is in the platform ?
| >
| > For WinXP, you should have a minimum of 256MB.
| >
| > Dave
| >
| | > | Thanks everyone for the replies. I guess I now know it's not a virus,
| but I
| > | still don't know what to do about it.
| > |
| > | In response to this note in particular, I wanted to mention (should have
| > | mentioned in my first post) that I have McAfee running and fully
| updated,
| > | and I did a complete scan of all my files and it found nothing. I also
| have
| > | the McAfee firewall running.
| > |
| > |
| > | So ... if it's not a virus, how do I keep from having it suck up all my
| cpu
| > | time? It literally keeps the cpu at 100% (system idle at 0%) the whole
| > | time. I'll run chkdsk (I've done so before, within the last few months,
| but
| > | I'll do it again). I'll also try turning off active desktop, but I've
| had
| > | it on since I installed XP and this problem just cropped up in the last
| > | couple of months. I can't really imagine these stopping the various
| > | instances of the rundll32.exe that I occasionally see (but then I am not
| a
| > | deep techie), but it can't hurt.
| > |
| > | Any other suggestions?
| > |
| > |
| > | Joe
| > |
| > | | > | >
| > | >
| > | > >Can anyone tell me, what is it, and what do I do about it?
| > | >
| > | >
| > | > It's a Windows runtime dll. If you're concerned about viruses, use a
| > | > scanner.
| > | >
| > |
| > |
| >
| >
|
|

 

[Roy]

RUNDLL32.EXE NvQTwk,NvCplDaemon

Sounds as though you have an Nvidia GeForce2 video card. If so, that
entry is perfectly normal, it's in my start-up list too.

Google will tell you all about it.

Cheers,

Roy

 

[FromTheRafters]

On that special day, David H. Lipman, ([email protected])
said...


Are there any parameters *after* the mentioning of rundll32.exe, and
which ones? Is there a path information given, in front of the word
rundll32.exe?

I don't know about WinXP (I have Win98), but on my system I
know that I'm supposed to have only one copy of rundll32.exe
in my c:\windows directory. If I have one in my c:\windows\system
directory - it is aliasing the legitimate one in c:\windows.

Replacing the illegitimate rundll32.exe (the one in the system directory)
with a copy of notepad.exe renamed to rundll32.exe always seemed to
show me that legitimate programs were calling it (the arguments/parameters
passed to the file (now actually being "notepad" showed up as notepad
being unable to locate the file "LoadPowerProfile" or some such when it
tried to open it in notepad.

 

[Spalls Hurgenson]

Occasionally (every 20-30 minutes, sometimes much longer) my PC starts
running very slowly. In task manager, I see that there is a process called
"rundll32.exe" sucking up all the cpu, and I'm running at 100% contantly -
anything I'm running runs really slowly. Sometimes I'll see two instances,
or even three, of it. If I end it, everything seems to clear up, nothing
seems to break. But then it returns at it's own convenience.

There is a Startup item under msconfig called rundll32.exe, and under
command it says "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" and under
location it says "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" (as do a
lot of the items). It is NOT checked, and I'm running selective startup.

If it's not checked, then that entry isn't what is causing RUNDLL to
start. However, there are other programs that use RUNDLL that don't
specifically mention RUNDLL (for example, the "QuickRes" applet that
lets you change display resolutions from the system tray).

RunDLL is a legitimate program; as I understand it, some applications
are contained entirely within DLL files; they use RunDLL to start
themselves up. However, if I remember correctly, there *are* some
virues/worms/trojans that replace the legitimate windows RunDLL with a
compromised version of their own; a good virus scanner is your friend
here.

However, the best thing to do is selectively disable any startup
applications (including those that don't mention RunDLL specifically)
using MSConfig until you can pinpoint which program is using it to
start itself up.

 

[JOe]

I have no idea. It just starts sometimes. Sometimes I'll be in a program
working away (it's happened with IE or Netscape, Outlook, Word, some games,
scanner software, and others) for a while and all of a sudden I'll notice it
slow way down. I'll check, and it'll be the rundll32 thing. Sometimes
it'll happen right when I start up a program. It happened two days ago
right when I started up a McAfee scan (ironic), so after it was done I ran a
McAfee scan again and the rundll32 didn't start up. Just this evening, I
left my PC for a while, checked before I left if it was running and it
wasn't ,and when I got back an hour later it was. If you think it was my
screen saver, I don't think so - it comes on all the time and the rundll32
does not most of the time; also, the rundll32 comes on a lot without the
screen saver. And just in case you're wondering, I generally use Seti@Home
as my screensaver.

I'm perplexed.

I appreciate your wondering about it.

 

[Fanchon]

Is there a way to track which program/application/process starts
another such as rundll32 or svchost?

This would help a lot in deciding whether or not to grant Internet
access.

Thanks,

Fanchon

 

[mitundergrad]

I've got 512Mb of memory. It's only when rundll32.exe kicks off that I see
a slowdown. Otherwise it works great, even if I have 6-8 program running at
the same time. Right now, with outlook, outlook express, AIM, Netscape
running, I am running great.

Outlook and Outlook Express? Netscape and AIM? No wonder your system
slows down.

 

[David Qunt]

Occasionally (every 20-30 minutes, sometimes much longer) my PC starts
running very slowly. In task manager, I see that there is a process
called "rundll32.exe" sucking up all the cpu, and I'm running at 100%
contantly - anything I'm running runs really slowly. Sometimes I'll
see two instances, or even three, of it. If I end it, everything
seems to clear up, nothing seems to break. But then it returns at
it's own convenience.

There is a Startup item under msconfig called rundll32.exe, and under
command it says "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" and under
location it says "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" (as
do a lot of the items). It is NOT checked, and I'm running selective
startup.

I'm running XP Home that I installed over ME. I installed it about a
year ago, and this started happening about 2-3 months ago.

Can anyone tell me, what is it, and what do I do about it?

Thanks

Two things.

Have you installed or updated drivers for your NVidia graphics card since
you noticed this problem?

I think it is the NVidia driver helper service, which is widely reported
to serve no useful purpose (and can often increase shutdown times). It
seems to be of no value and can almost certainly be stopped without
detriment to your system. It has been on my system with no ill effects.

You can get it to **** off by going to the Start Menu, and choosing
Administrative Tools/Services. From there you can stop the NVidia driver
helper service and set it to disabled.

I would also download Mike Lin's Startup Control Panel (type that into
Google and you will find it) which tells you when something writes itself
into keys in the registry with the intention of starting when you start
Windows. That way when you next install a driver update from NVidia (or
anyone else) an alarm will go off to tell you that some annoying and
unneecssary shite is trying to rape your registry without your knowledge.
That way you can stop it becoming a problem before it does.

Let me know if that helps you.

 

[Dalt]

Oooooo Seti...that explains a lot....Seti can run in the background when
memory is available....have a look at your seti settings....
Seti in itself uses masses of system resources...
I'd suggest that you look there for starters..maybe uninstall it then see
what happens??

cheers Dalt