Rundll32 - target unknown file - how to troubleshoot?
- From: dave xnet <davexnet02DEL@xxxxxxxxxxxx>
- Date: Fri, 05 Dec 2008 23:40:47 -0800
Hello,
recently had a virus that caught me by surprise. (on XP SP3)
It decided to "show" itsef at a time the computer was unattended.
(according to the logs Ireviewed) .
When I returned to the machne bad things had been happening for about
20 minutes. (Included screens and screens of gambling sites, and
the shell stopping and starting every 10 seconds after rebooting.
I was most surprised because Windows Defender and Avast
both had resident protection running.
With the help of avast, Spybot S&D, Windows Defender and Malwarebytes,
the machine is bootable and malware scans are not picking up anything
else.
However, I see something suspicious in the Task Manager, it's a
Rundll32 whose target I cannot find. There's two of them,
one is related to Nvidia - In process Explorer I see CMD line
"F:\WINDOWS\system32\RUNDLL32.EXE"
F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
I think that's OK.
But the other has this in the CMD line:
F:\WINDOWS\system32\rundll32.exe "F:\WINDOWS\system32\efcYPiJb.dll",d
What is efcYPiJb.dll ? A search of the HD fails to turn up this file.
I'm all the more suspicious, as I have just spent 2 or 3 days
cleaning up the xpre/xrun virus and possibly vundo.
Any thoughts on this?
TIA,
Dave
.
- Follow-Ups:
- Prev by Date: Hit or not?
- Next by Date: Re: Hit or not?
- Previous by thread: Hit or not?
- Next by thread: Re: Rundll32 - target unknown file - how to troubleshoot?
- Index(es):
