got a PU from my FW than run32dll.exe was trying to access the net-???

Discussion in 'NOD32 version 2 Forum' started by jrx10, Apr 18, 2007.

Thread Status:
Not open for further replies.
  1. jrx10

    jrx10 Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    85
    I denied it and ran a complete nod32 in-depth scan and came up with nothing. I then ran a search for this file run32dll.exe and come up with nothing as well. all the usual anti-malware scans and hijack this come up with zip. Any suggestions?
    Is the the same thing located in the windows system32 folder? thx ​
    http://img263.imageshack.us/img263/8242/rundll32insystem32zs8.jpg
     
    Last edited: Apr 18, 2007
  2. prius04

    prius04 Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    1,238
    Location:
    USA
    Don't think so. Look more closely at the file names.

    The file in your System32 folder is RUNDLL32, not RUN32DLL.
     
  3. Teazle

    Teazle Registered Member

    Joined:
    Apr 7, 2007
    Posts:
    42
    rundll32.exe is a file from Microsoft and is not related to run32dll.exe (note the placement of "32".) This file enables dll-files (libraries) to run as an exe (executable), usually you don't see it running unless you open Add/Remove Programs, however it can occur.

    You could try using Ad-Aware or Spybot Search & Destroy to try to remove this problem. I don't know more about this particular threat... sorry.

    Guess I should ask, what are your "normal anti-malware scans"?
     
  4. jrx10

    jrx10 Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    85
    adaware, spybot, defender, hijackthis, I can load AVG anti-spyware when needed but I had to uninstall it (not just stop it) because of constant internet connection attempts, even when it was stopped (I update all these programs manually and if they get annoying --example mcafee's constant attempts to try and access the 'net every surfing moment with at least a half-a-dozen programs, I dump them. Unfortunately the KAV (AV only--and I really like KAVs proactive defense) trial did the same thing and I couldn't get their Web AV to open so I could configure it--it just completely locked everything up, but nod32 appears to be fairly quiet, unless I update it, and the updates go smoothly, when I allow the connection thru my FW).
    Right now, as the anti-spyware. nod32 scans (in-depth) have come up with zip, I'm trying to manually hunt down some signs of what could be this keylogger "Pal PC spy", one being %system%\ PAL\ CSS\ run32dll.exe, before I reload the OS from a clean image. ​
    . btw, when it says %system%\ PAL\ CSS\ run32dll.exe would you look for this in the system32 folder? thx
     
Thread Status:
Not open for further replies.