Re: rundll32 & adware

From: David Postill (david_at_postill.org.uk)
Date: 12/04/04 

Date: Sat, 04 Dec 2004 10:11:56 GMT

In article <3ug1r09gojr4skgv1tmnd8m1gmm3vfhj5v@4ax.com>, on Fri, 03 Dec 2004 20:54:41 +0100, Jim
Watt <jimwatt@aol.no_way> wrote:

| I have a couple of machines that pop up IE with adverts from nowhere;
|
| There is nothing suspicious run from the registry etc, and spybot
| finds nothing.
|
| There is a process running with rundll32 shown, but no idea what
| DLL its running.
|
| Any suggestions on how to exorcise this ill ?
|
| OS is windows/98

Have you run process explorer?

<http://www.sysinternals.com/ntw2k/freeware/procexp.shtml>:

"Process Explorer shows you information about which handles and DLLs processes have opened or
loaded.

The Process Explorer display consists of two sub-windows. The top window always shows a list of the
currently active processes, including the names of their owning accounts, whereas the information
displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle
mode you’ll see the handles that the process selected in the top window has opened; if Process
Explorer is in DLL mode you’ll see the DLLs and memory-mapped files that the process has loaded.
Process Explorer also has a powerful search capability that will quickly show you which processes
have particular handles opened or DLLs loaded."

<davidp /> 

-- 
David Postill

Relevant Pages

  • Re: dllhost.exe
    ... Process Explorer shows you information about which handles and DLLs processes have opened or loaded. ... The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. ... Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded. ...
    (microsoft.public.windowsxp.general)
  • RE: Software to check for memory leak ?
    ... you may try Process Explorer. ... information about which handles and DLLs processes have opened or loaded. ... window depends on the mode that Process Explorer is in: ... This posting is provided "AS IS" with no warranties, ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Newbie question on MESSAGE_MAP
    ... What mechanism prevents two DLLs from sending the same message, ... You can "register" a callback any way you want to. ... the window belongs to the process. ... Or is there a way that I can register for callbacks from dlls directly? ...
    (microsoft.public.vc.mfc)
  • Re: I cant copy then paste into an application unless its already
    ... The process explorer is available from ... Locate the "View DLLs" command in the Toolbar (if you see View Handles ... Note it is best to rename the file extension rather than the file name. ... Microsoft Office MVP>> ...
    (microsoft.public.office.misc)
  • RE: List all registered DLL
    ... Process Explorer shows you information about which handles and DLLs ... Microsoft Online Partner Support ... | Subject: List all registered DLL ...
    (microsoft.public.windowsxp.setup_deployment)