|
rundll32.exe (5.1.2600.0)
Contained in software |
|---|
| Name: | Windows XP Home Edition, Deutsch |
|---|
| License: | commercial |
|---|
| Information link: | http://www.microsoft.com/windowsxp/ |
|---|
File details |
|---|
| Filepath: | C:\WINDOWS\system32 \ rundll32.exe |
|---|
| Filedate: | 2002-08-29 14:00:00 |
|---|
| Version: | 5.1.2600.0 |
|---|
| Filesize: | 32.256 bytes |
|---|
Checksum and file hashes |
|---|
| CRC32: | 464A49B4 |
|---|
| MD5: | 3B97 EDB7 91FB 2090 17B8 864C 8E70 87F9 |
|---|
| SHA1: | 729F AF37 ED72 3D70 73B6 1727 6995 C40C 150E FCB9 |
|---|
Version resource information |
|---|
| CompanyName: | Microsoft Corporation |
|---|
| FileDescription: | Eine DLL-Datei als Anwendung ausführen |
|---|
| FileOS: | Windows NT, Windows 2000, Windows XP, Windows 2003 |
|---|
| FileType: | Application |
|---|
| FileVersion: | 5.1.2600.0 |
|---|
| InternalName: | rundll |
|---|
| LegalCopyright: | © Microsoft Corporation. Alle Rechte vorbehalten. |
|---|
| OriginalFilename: | RUNDLL.EXE |
|---|
| ProductName: | Betriebssystem Microsoft® Windows® |
|---|
| ProductVersion: | 5.1.2600.0 |
|---|
rundll32.exe was found in the following malware reports:
|
|
|---|
Backdoor.Lastdoor |
|---|
Technical details
...legitimate file, this Trojan uses the same icon as the legitimate Windows file named Rundll32.exe. When Backdoor.Lastdoor runs,...
...This overwrites the original Rundll32.exe file if it is in the %system% folder....
...NOTES: By default, Rundll32.exe resides in the %windir% folder in Windows 95/98/Me....
...Rundll32 %system%Rundll32.exe to the registry key...
Removal instructions
...detected as Backdoor.Lastdoor. If Rundll32.exe has been overwritten by the Trojan, replace the file from a clean backup or reinstall...
...Rundll32 %system%Rundll32.exe from the registry key...
...Backdoor.Lastdoor, click Delete. If Rundll32.exe has been overwritten by the Trojan, replace the file from a clean backup or reinstall...
...Rundll32 %system%Rundll32.exe Exit the Registry Editor....
Source: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lastdoor.html |
|---|
Zendown.Trojan |
|---|
About Zendown.Trojan
...Shutdown C:Windowsihateyou.exe Shutdown2 C:Windows
undll32.exe shell32,SHExitWindowsEx 1...
Removal instructions
...Shutdown C:Windowsihateyou.exe Shutdown2 C:Windows
undll32.exe shell32,SHExitWindowsEx 1...
Source: http://securityresponse.symantec.com/avcenter/venc/data/zendown.trojan.html |
|---|
W32.Pixo |
|---|
Technical details
...Then it adds the value: Rundll32.exe C:WindowsSystemPIX-61081.exe...
Removal instructions
...delete the following value: Rundll32.exe C:WindowsSystemPIX-61081.exe...
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.pixo.html |
|---|
W32.HLLW.Dormin.A@mm |
|---|
Technical details
...Adds the following values: Nimrod_Keyboard Rundll32.exe Keyboard,Disable Nimrod_Mouse Rundll32.exe...
Removal instructions
...following values if they exist: Nimrod_Keyboard Rundll32.exe Keyboard,Disable Nimrod_Mouse Rundll32.exe...
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.dormin.a@mm.html |
|---|
Adware.Bookedspace |
|---|
Technical details
..."<name of .dll file>"="RunDLL32.exe <path to .dll file>, DllRun"...
Removal instructions
..."<name of .dll file>"="RunDLL32.exe <path to .dll file>, DllRun"...
Source: http://securityresponse.symantec.com/avcenter/venc/data/adware.bookedspace.html |
|---|
W32.Sircam.Worm@mm |
|---|
Technical details
...Copy <Computer>WindowsRundll32.exe to <Computer>WindowsRun32.exe...
...Replace <Computer>Windows
undll32.exe with C:RecycledSirc32.exe...
Removal instructions
...network, the Run32.exe file will have been be overwritten with an infected copy of the Rundll32.exe. If you see more than one entry...
...Instead, you must delete the Run32.exe and the Rundll32.exe files and then extract an new copy of Rundll32.exe from a clean back up or from...
...If the file WindowsRun32.exe exists, rename it back to WindowsRundll32.exe See the sections that follow...
...this, the Run32.exe file will have been overwritten with an infected copy of the Rundll32.exe. As a result, you will not...
...network, the Run32.exe file will have been be overwritten with an infected copy of the Rundll32.exe If you saw more than one entry of "@win
ecycledsirc32.exe" when performing...
...Instead, you must delete the Run32.exe and the Rundll32.exe files and then extract an new copy of Rundll32.exe from a clean back up or from...
...Rename it to: rundll32.exe Press Enter....
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html |
|---|
W32.Miroot.Worm |
|---|
Technical details
...C:Cmd.exe %System%Rundll32.exe with hidden, system, and read-only...
...C:WindowsSystem32 (Windows XP). Creates the file, rundll32.exe.tmp (Windows 2000 only). May cause Windows to display...
..."LoadPowerProfile"="%System%Rundll32.exe" in the registry key:...
Removal instructions
...data field, then click OK: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme...
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.miroot.worm.html |
|---|
Spyware.XpcSpy |
|---|
Technical details
..."System Check" = "Rundll32.exe SysDll32.dll,SystemCheck"...
Removal instructions
..."System Check" = "Rundll32.exe SysDll32.dll,SystemCheck"...
Source: http://securityresponse.symantec.com/avcenter/venc/data/spyware.xpcspy.html |
|---|
Backdoor.LoxoScam |
|---|
Technical details
...It modifies the value from LoadPowerProfile Rundll32.exe powerprof.dll,LoadCurrentPwrScheme...
Removal instructions
...exists, modiify it to LoadPowerProfile Rundll32.exe powerprof.dll,LoadCurrentPwrScheme...
Source: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.loxoscam.html |
|---|
W32.Lovgate.R@mm |
|---|
Technical details
..."Protected Storage"="RUNDLL32.EXE MSSIGN30.DLL ondll_reg"...
..."VFW Encoder/Decoder Settings"="RUNDLL32.exe MSSIGN30.DLL ondll_reg"...
..."Windows Management Protocol v.0 (experimental)," which is mapped to "Rundll32.exe msjdbc11.dll ondll_server."...
...Creates the service, "_reg," which is mapped to "Rundll32.exe msjdbc11.dll ondll_server."...
Removal instructions
..."Protected Storage"="RUNDLL32.EXE MSSIGN30.DLL ondll_reg"...
..."VFW Encoder/Decoder Settings"="RUNDLL32.exe MSSIGN30.DLL ondll_reg"...
......
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.lovgate.r@mm.html |
|---|
|
|
![[filename.info logo]](/img/logo.png){kind=logo}
![[cn rundll32.exe]](/img/nix.gif){kind=small}
