Should I add that one to the list in PG? it seems to want a piece of everything at start-up. If I do add it, should I give it a "Write" "Allow"? Pete Example: [09:27:42] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] [09:27:42] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] [09:27:43] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] [09:27:43] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] [09:27:43] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] [09:27:43] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] [09:27:43] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] [09:27:43] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] [09:27:43] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] [09:27:43] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] [09:27:43] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] [09:27:43] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] [09:27:43] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] [09:27:43] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] [09:27:43] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] [09:27:43] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] [09:27:43] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] [09:27:43] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] [09:27:43] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] [09:27:43] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] [09:27:43] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] [09:27:43] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] [09:27:43] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] [09:27:43] - [P] - g:\windows\system32\rundll32.exe [1452] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on g:\windows\explorer.exe [1432] (Had to shorten it). Pete
Hi Pete, can you find out which dll it is loading/running there? Maybe with DCS's cmdline tool - if it stays acitve long enough. The problem is that rundll and rundll32, just like svchost, do function as a host for all sorts of program modules (here it's dlls, not services), and whether or not you should allow it, depends on what dll is being launched this way... Andreas
Can't get that one to stay open long enough to do anything with it when I click on it from the folder - when I try to run it using Run/cmd I get this:
ehm. That looks weird. Is cmdline.exe residing in that Pete Y. folder? If not, open a command prompt (cmd.exe) and navigate to where it is first. Or extract it to a directory in your path. Andreas
Send me that rundll.exe please and your ASViewer results (all SHOW options on) Use my after hours testing email (free to give this to anyone) submitviruses@yahoo.com.au
Gavin - Both items requested sent separately. Jooske - No zero byte files by that name found after running a full "Search". Pete