Re: rundll32 & adware

From: David Postill (david_at_postill.org.uk)
Date: 12/04/04 

Date: Sat, 04 Dec 2004 10:11:56 GMT

In article <3ug1r09gojr4skgv1tmnd8m1gmm3vfhj5v@4ax.com>, on Fri, 03 Dec 2004 20:54:41 +0100, Jim
Watt <jimwatt@aol.no_way> wrote:

| I have a couple of machines that pop up IE with adverts from nowhere;
|
| There is nothing suspicious run from the registry etc, and spybot
| finds nothing.
|
| There is a process running with rundll32 shown, but no idea what
| DLL its running.
|
| Any suggestions on how to exorcise this ill ?
|
| OS is windows/98

Have you run process explorer?

<http://www.sysinternals.com/ntw2k/freeware/procexp.shtml>:

"Process Explorer shows you information about which handles and DLLs processes have opened or
loaded.

The Process Explorer display consists of two sub-windows. The top window always shows a list of the
currently active processes, including the names of their owning accounts, whereas the information
displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle
mode you’ll see the handles that the process selected in the top window has opened; if Process
Explorer is in DLL mode you’ll see the DLLs and memory-mapped files that the process has loaded.
Process Explorer also has a powerful search capability that will quickly show you which processes
have particular handles opened or DLLs loaded."

<davidp /> 

-- 
David Postill
Quantcast