Guest Peter Posted July 17, 2008 Posted July 17, 2008 I have a very slow computer and I am investigating Rundll32.exe. I found it in the right places: C:\Windows\System32 and again in C:\Windows\Dllcache, both with 33,280 bytes; and then again in c:\I386 but here with 11,075 bytes. Should they not be all the same? If so, which is the right one? I have XP Home SP3 on a Toshiba laptop satellite 1900-303 Many thanks JB
Guest Elmo Posted July 17, 2008 Posted July 17, 2008 Re: Rundll32 Peter wrote: > I have a very slow computer and I am investigating Rundll32.exe. I found it > in the right places: C:\Windows\System32 and again in C:\Windows\Dllcache, > both with 33,280 bytes; and then again in c:\I386 but here with 11,075 > bytes. > > Should they not be all the same? If so, which is the right one? > > I have XP Home SP3 on a Toshiba laptop satellite 1900-303 > > Many thanks > > JB My file sizes are 11,853 compressed, and 33.280 for the other two. The \i386 version is Rundll32.ex_ and is compressed. Rundll32 executes the commands within a .dll file. The .dll's could be malicious, or not written well. -- Joe =o)
Guest Peter Posted July 17, 2008 Posted July 17, 2008 Re: Rundll32 Hello Joe, and thank you. Could you tell me a a bit more about the .dll file? How I could check if I have the right one (size, etc) or how I could replace it. Would sfc /scannow recognize a bad dll file? I ran it and nothing came up. Thank you JB "Elmo" <elmogeek@iglou.invalid> escreveu na mensagem news:eyfIXYE6IHA.1428@TK2MSFTNGP06.phx.gbl... > Peter wrote: >> I have a very slow computer and I am investigating Rundll32.exe. I found >> it >> in the right places: C:\Windows\System32 and again in >> C:\Windows\Dllcache, >> both with 33,280 bytes; and then again in c:\I386 but here with 11,075 >> bytes. >> >> Should they not be all the same? If so, which is the right one? >> >> I have XP Home SP3 on a Toshiba laptop satellite 1900-303 >> >> Many thanks >> >> JB > > My file sizes are 11,853 compressed, and 33.280 for the other two. The > \i386 version is Rundll32.ex_ and is compressed. Rundll32 executes the > commands within a .dll file. The .dll's could be malicious, or not > written well. > > -- > Joe =o)
Guest Elmo Posted July 18, 2008 Posted July 18, 2008 Re: Rundll32 Peter wrote: > Hello Joe, and thank you. > > Could you tell me a a bit more about the .dll file? How I could check if I > have the right one (size, etc) or how I could replace it. Would sfc > /scannow recognize a bad dll file? I ran it and nothing came up. > > Thank you > > > JB > > > "Elmo" <elmogeek@iglou.invalid> escreveu na mensagem > news:eyfIXYE6IHA.1428@TK2MSFTNGP06.phx.gbl... >> Peter wrote: >>> I have a very slow computer and I am investigating Rundll32.exe. I found >>> it >>> in the right places: C:\Windows\System32 and again in >>> C:\Windows\Dllcache, >>> both with 33,280 bytes; and then again in c:\I386 but here with 11,075 >>> bytes. >>> >>> Should they not be all the same? If so, which is the right one? >>> >>> I have XP Home SP3 on a Toshiba laptop satellite 1900-303 >>> >>> Many thanks >>> >>> JB >> My file sizes are 11,853 compressed, and 33.280 for the other two. The >> \i386 version is Rundll32.ex_ and is compressed. Rundll32 executes the >> commands within a .dll file. The .dll's could be malicious, or not >> written well. SFC checks system files, but I doubt it checks all .dll files, only those in system folders. If it found an extra .dll file, one that had malware, it might prompt you to insert your XP CD when the file wasn't found in the \i386 folder. I doubt SFC would ever identify a .dll as malicious; that's up to your a/v and other malware checkers. -- Joe =o)
Recommended Posts