got a PU from my FW than run32dll.exe was trying to access the net-???

Discussion in 'NOD32 version 2 Forum' started by jrx10, Apr 18, 2007.

Thread Status:
Not open for further replies.
  1. jrx10

    jrx10 Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    85
    I denied it and ran a complete nod32 in-depth scan and came up with nothing. I then ran a search for this file run32dll.exe and come up with nothing as well. all the usual anti-malware scans and hijack this come up with zip. Any suggestions?
    Is the the same thing located in the windows system32 folder? thx ​
    http://img263.imageshack.us/img263/8242/rundll32insystem32zs8.jpg
     
    Last edited: Apr 18, 2007
    jrx10, Apr 18, 2007
    #1
  2. prius04

    prius04 Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    1,248
    Location:
    USA
    Don't think so. Look more closely at the file names.

    The file in your System32 folder is RUNDLL32, not RUN32DLL.
     
    prius04, Apr 19, 2007
    #2
  3. Teazle

    Teazle Registered Member

    Joined:
    Apr 7, 2007
    Posts:
    42
    rundll32.exe is a file from Microsoft and is not related to run32dll.exe (note the placement of "32".) This file enables dll-files (libraries) to run as an exe (executable), usually you don't see it running unless you open Add/Remove Programs, however it can occur.

    You could try using Ad-Aware or Spybot Search & Destroy to try to remove this problem. I don't know more about this particular threat... sorry.

    Guess I should ask, what are your "normal anti-malware scans"?
     
    Teazle, Apr 19, 2007
    #3
  4. jrx10

    jrx10 Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    85
    adaware, spybot, defender, hijackthis, I can load AVG anti-spyware when needed but I had to uninstall it (not just stop it) because of constant internet connection attempts, even when it was stopped (I update all these programs manually and if they get annoying --example mcafee's constant attempts to try and access the 'net every surfing moment with at least a half-a-dozen programs, I dump them. Unfortunately the KAV (AV only--and I really like KAVs proactive defense) trial did the same thing and I couldn't get their Web AV to open so I could configure it--it just completely locked everything up, but nod32 appears to be fairly quiet, unless I update it, and the updates go smoothly, when I allow the connection thru my FW).
    Right now, as the anti-spyware. nod32 scans (in-depth) have come up with zip, I'm trying to manually hunt down some signs of what could be this keylogger "Pal PC spy", one being %system%\ PAL\ CSS\ run32dll.exe, before I reload the OS from a clean image. ​
    . btw, when it says %system%\ PAL\ CSS\ run32dll.exe would you look for this in the system32 folder? thx
     
    jrx10, Apr 19, 2007
    #4
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...