Sign in with
Sign up | Sign in
Your question
Solved

Rundll32.exe Big Problems with this and need immediate help

Last response: in Windows 7
Share
June 16, 2012 2:02:07 AM

Please help me. Out of no where my computer is starting to have some big problems and I want to blame rundll32.exe.

Out of no where there are two rundll32's running at the same time once my computer starts up. It will take about 4 minutes for these two to open up once my computer boots up. Right at the minute they open up my Graphics Card fan Starts speeding up as my GPU will hit 60C-75C. As for my processor each core will hit up to 60c and slowly rise. My whole computer becomes a pool of heat.

These two rundll files are under my temp files user/username/AppData/Local/Temp and they will be under these two random named folders. An example of this folder name is B672.tmp

I can delete these folders and files but they just come back once I reboot my computer. When I open task manager this is what shows on the command line: rundll32.exe -o http//:bittorrents.mooo.com:80 -u 123 -p123 -I 1

There are two of them that run and each of them takes up like 26-40% of my cpu so that means my computer is running 99% every time these two things are open. Please help me solve this problem. I have tryed almost everything I can.

Also I started getting Blue Screen of Death while playing games like Skyrim and GTA 4. My two favorite games... I would get these BSOD after playing for about 1 hour.

My setup:
GTX 580
i5-2500k overclocked to 4ghz
8gb 4x2
1tb hdd


Please help me solve this issue.
a b 8 Security
a b $ Windows 7
June 16, 2012 2:15:55 AM

have you check your computer for virus and rootkits?

does it happen in Safe Mode?
m
0
l
a b 8 Security
a b $ Windows 7
June 16, 2012 2:30:48 AM

Those look like telltale cases of malware. rundll is an important system executable and lots of malware likes to pretend to be it to avoid drawing attention

If you look in task manager the rundll32.exe should always have an image path (if image path is not turned on, select it in View -> Select Columns) of "C:\Windows\System32\rundll32.exe" or "C:\Windows\SysWow64\rundll32.exe"

The only reason it would be hiding in your app data is if it was actually malware that wasn't able to write itself to the system drive due to security.
m
0
l
Related resources
Can't find your answer ? Ask !
June 16, 2012 2:40:41 AM

Pinhedd said:
Those look like telltale cases of malware. rundll is an important system executable and lots of malware likes to pretend to be it to avoid drawing attention

If you look in task manager the rundll32.exe should always have an image path (if image path is not turned on, select it in View -> Select Columns) of "C:\Windows\System32\rundll32.exe" or "C:\Windows\SysWow64\rundll32.exe"

The only reason it would be hiding in your app data is if it was actually malware that wasn't able to write itself to the system drive due to security.


Ok so what should I do because like you said there is a rundll32.exe under image path that is running under "C:\Windows\SysWow64\rundll32.exe"

I have Microsoft Security Essentials and it cant find a virus, also have advance system care which didn't find anything, and I recently tried RegCure Pro but that did nothing at all.

I really need help to get rid of this because before I was cool with this and thought it would go away but now I am getting sick of this.

Thanks for the reply.
m
0
l
June 16, 2012 2:44:36 AM

Emerald said:
have you check your computer for virus and rootkits?

does it happen in Safe Mode?


I tried 3 programs that I thought would help but it didn't fix this problem. When I run safe mode its perfectly fine.
Rootkits I am not to sure. I don't know where that is lol. I am still a noob when if comes to some PC things but Help to fix this would be nice.
m
0
l
a b 8 Security
a b $ Windows 7
June 16, 2012 2:55:01 AM

Ownallday said:
Ok so what should I do because like you said there is a rundll32.exe under image path that is running under "C:\Windows\SysWow64\rundll32.exe"

I have Microsoft Security Essentials and it cant find a virus, also have advance system care which didn't find anything, and I recently tried RegCure Pro but that did nothing at all.

I really need help to get rid of this because before I was cool with this and thought it would go away but now I am getting sick of this.

Thanks for the reply.


There's usually always at least one running from that path. That's normal. It's the ones that aren't running under that path that you need to worry about
m
0
l
June 16, 2012 3:01:38 AM

Pinhedd said:
There's usually always at least one running from that path. That's normal. It's the ones that aren't running under that path that you need to worry about


ok so then the one under system32 is not running. What does this mean and how can I fix this if this is the problem? If I re-install windows 7 will this problem go away or is there another way.
m
0
l
a b 8 Security
a b $ Windows 7
June 16, 2012 3:10:49 AM

Ownallday said:
ok so then the one under system32 is not running. What does this mean and how can I fix this if this is the problem? If I re-install windows 7 will this problem go away or is there another way.


The one under system32 will only be running if it has a 64 bit dll to run. The one in SysWow64 is for running 32 bit executables including dlls(damn microsoft and their bloody compatibility naming). Rundll is required to run dlls because dlls by definition do not have application entry points.
m
0
l
June 16, 2012 3:15:29 AM

Pinhedd said:
The one under system32 will only be running if it has a 64 bit dll to run. The one in SysWow64 is for running 32 bit executables including dlls(damn microsoft and their bloody compatibility naming). Rundll is required to run dlls because dlls by definition do not have application entry points.


I am not to sure what this means. I do have a windows 7 62 bit so then the one under system32 should be running or I need to find a rundll62? idk I mean I just really need a way to fix this because I know for a fact this is damaging my system which I spent 2k on.
m
0
l

Best solution

a b 8 Security
a b $ Windows 7
June 16, 2012 3:44:42 AM

Ownallday said:
I am not to sure what this means. I do have a windows 7 62 bit so then the one under system32 should be running or I need to find a rundll62? idk I mean I just really need a way to fix this because I know for a fact this is damaging my system which I spent 2k on.


It just means that you can safely ignore a rundll from either of those locations. I wouldn't worry about this damaging your system, it's merely an annoyance. If you don't mind doing so it might be easiest to just reinstall install Windows
Share
June 16, 2012 3:47:14 AM

Pinhedd said:
It just means that you can safely ignore a rundll from either of those locations. I wouldn't worry about this damaging your system, it's merely an annoyance. If you don't mind doing so it might be easiest to just reinstall install Windows


Ok then Thank you I will re install windows soon then
m
0
l
June 16, 2012 3:48:15 AM

Pinhedd said:
It just means that you can safely ignore a rundll from either of those locations. I wouldn't worry about this damaging your system, it's merely an annoyance. If you don't mind doing so it might be easiest to just reinstall install Windows

Ok then thank you very much for your help. I will re install windows soon.
m
0
l
June 26, 2012 12:18:56 AM

Best answer selected by ownallday.
m
0
l
April 4, 2014 4:57:22 PM

I know this is a very old post, but I have had this identical issue for two days and I did find the culprit. In the Windows/system32 folder I found a file called "winthemes_service.dll" which was proliferating rundll32.exe files. As time went on I would have a hundred or more on my win xp system. I opened windows in the safe mode and simply did a search for this file name and deleted it. Case closed... Hope this may help someone else...

Best regards,

Lin


Ownallday said:
Please help me. Out of no where my computer is starting to have some big problems and I want to blame rundll32.exe.

Out of no where there are two rundll32's running at the same time once my computer starts up. It will take about 4 minutes for these two to open up once my computer boots up. Right at the minute they open up my Graphics Card fan Starts speeding up as my GPU will hit 60C-75C. As for my processor each core will hit up to 60c and slowly rise. My whole computer becomes a pool of heat.

These two rundll files are under my temp files user/username/AppData/Local/Temp and they will be under these two random named folders. An example of this folder name is B672.tmp

I can delete these folders and files but they just come back once I reboot my computer. When I open task manager this is what shows on the command line: rundll32.exe -o http//:bittorrents.mooo.com:80 -u 123 -p123 -I 1

There are two of them that run and each of them takes up like 26-40% of my cpu so that means my computer is running 99% every time these two things are open. Please help me solve this problem. I have tryed almost everything I can.

Also I started getting Blue Screen of Death while playing games like Skyrim and GTA 4. My two favorite games... I would get these BSOD after playing for about 1 hour.

My setup:
GTX 580
i5-2500k overclocked to 4ghz
8gb 4x2
1tb hdd


Please help me solve this issue.


m
1
l
April 9, 2014 3:42:10 AM

13030698,0,1627503 said:
I know this is a very old post, but I have had this identical issue for two days and I did find the culprit. In the Windows/system32 folder I found a file called "winthemes_service.dll" which was proliferating rundll32.exe files. As time went on I would have a hundred or more on my win xp system. I opened windows in the safe mode and simply did a search for this file name and deleted it. Case closed... Hope this may help someone else...

Best regards,

Lin






I just wanted to say thank you sooo much, Lin. I had been looking on the internet for hours, trying to figure out what exactly was wrong. I kept hearing an error noise, and it never stopped. About every 2 seconds, it would make the sound. Finally, I came across your answer and decided to give it a shot, and it worked! I'm so glad you decided to share your answer, or else I would still be searching for one. But once again, thank you!!!!!!!!!!
m
0
l
April 19, 2014 6:23:07 PM

lineva said:
I know this is a very old post, but I have had this identical issue for two days and I did find the culprit. In the Windows/system32 folder I found a file called "winthemes_service.dll"


That's actually a different worm with different symptoms. In fact, the only thing I see that they have in common is rundll32 and unwanted processes.

In addition to deleting winthemes.dll, you should run 'sc delete winthemes' in a command window. This deletes the Windows service that was causing that program to run. With the file deleted, the service can't hurt you, but you shouldn't have junk in your registry. It's easy to confuse this service with the real Windows service "themes".

I had this one too, and the fact that Microsoft Security Essentials can't detect it is cause for concern. Microsoft published a description of this malware (Sefnit.BW) on April 8, 2014, and I have the current definitions and still had my winthemes.dll file, so I ran MSE on it and it said it was fine. I would say this probably means MSE is compromised.
m
0
l
!