Help! "rundll.exe" crashes my system

[halnjoy]

I have WinXP Pro, running Norton AV and Internet Security (auto update). I
run Spybot and AdAware weekly. And I have blown out the temp internet
files/cookies.

Unfortunately, my system regularly grinds to a halt, programs crash, etc.
If I Ctrl+Alt+Del and view the processes tab, it's always "rundll.exe"
that's hogging 99% of the resources and it won't let go unless I reboot.
This process also pops up at times as still active when I'm doing a normal
shutdown.

I did a search on the Microsoft support page and Norton's, but nothing
specifically came up. As far as I can find out, this process is a pre-fetch
utility that holds data on hand that the system "thinks" you're going to
want... but it's just annoying and anti-productive.

Any ideas? Is this some unidentified trojan? Is there something that I can
toggle? All advice is appreciated.

 

[Wesley Vogel]

Make sure that you update Spybot S & D and Ad-Aware before every scan.

What's the suspicious Rundll32.exe process
http://www.mvps.org/sramesh2k/rundll32.htm

 

[Guest]

I have an ibm laptop running XP Pro that was being consumed by rundll32.exe.
The solution for me was to run msconfig and turn off the one startup item
that
contained rundll32 in the command. For me this was the power monitor utility
(pwrmonit). Since I did this two weeks ago, I have had no problems. Of
course, I don't have the power monitor, but this is a small price to pay.

Note that this did not involve searching and destroying any spyware or other
malicious software. I did not have to download any third party software of
unknown origin. The responses to similar rundll32 questions on this
discussion group have tended to focus on malicious software. Some responses
by MS-MVPs have included statements that rundll32 is itself spyware and
should be removed when at the same time the MS KnowledgeBase says that
rundll32 is a key Microsoft utility. I am puzzled by this focus on the
malicious and ignoring that there may just be some coding problems with
otherwise well-intentioned software.

Johnny1045

 

[Ramesh [MVP]]

Hi Johnny1045,

rundll32.exe is a legit file (present in c:\windows\system32 folder). Two things to consider here:

1. A malware may use the same name as rundll32.exe and copy itself to some other location except the System32 folder
2. A legit rundll32.exe process can execute the function of a malware DLL.

When monitoring processes, you should be careful to identify where the said executable resides. Also, see:

What's the suspicious Rundll32.exe process?:
http://windowsxp.mvps.org/rundll32.htm

--
Ramesh, Microsoft MVP
Windows XP Shell/User
http://windowsxp.mvps.org


I have an ibm laptop running XP Pro that was being consumed by rundll32.exe.
The solution for me was to run msconfig and turn off the one startup item
that
contained rundll32 in the command. For me this was the power monitor utility
(pwrmonit). Since I did this two weeks ago, I have had no problems. Of
course, I don't have the power monitor, but this is a small price to pay.

Note that this did not involve searching and destroying any spyware or other
malicious software. I did not have to download any third party software of
unknown origin. The responses to similar rundll32 questions on this
discussion group have tended to focus on malicious software. Some responses
by MS-MVPs have included statements that rundll32 is itself spyware and
should be removed when at the same time the MS KnowledgeBase says that
rundll32 is a key Microsoft utility. I am puzzled by this focus on the
malicious and ignoring that there may just be some coding problems with
otherwise well-intentioned software.

Johnny1045