Hi I've been having trouble with rundll32.exe and see that PG is in the log trying to write,terminate,set info, suspend access on heaps of programs including PG, iexplore, exporer, winlogon for example. I am disallowed from adding it to the list in PG. Searching the archive I don't see a clear answer as to how to treat this .exe TIA for some ideas.
Hi Suspish, Are you running the trial or the full licenced version as this can make a difference to our reply? I do not have rundll.32 in my protection list and get no logging whatsoever in the Process Guard log. This applies to one PC runing XP & one Widows2003 + a laptop running XP home. Pilli
Hmm, I am concerned about this as it could be a keylogger mascerading as a legitimate windows file, please follow this link for more info' http://vil.nai.com/vil/content/Print99125.htm Please report back if you find anything - Pilli
Thanks Pilli, I'll just nibble away at this... A search shows rundll32.exe in C:\Windows\system32 (31KB) and, an entry of zero KB in C:\Program Files\Common Files\Mapi\1033\NT. I'm sure I saw somewhere that a zero sized file being present was of some significance.
Hi, Zero byte files are mainly generated by a bug in windows. What OS are you using? Using right click file properties, my rundl32 is 31KB version 5.1.2600.0 and is located in the windows\system32\ folder My OS is XP Pro Sp1
Yeah, same same... XP Pro SP1a Rundll32.exe 31KB version 5.1.2600.0 in the windows\system32\ folder I use Kaspersky AV & Anti Hacker, TDS3, Wormguard and have also run HouseCall. As I said the PG log shows Rundll32.exe trying to gain access to a lot of important stuff including the AV, Firewall and PG.