Hi! I had a question as to what the best way to validate the security of the system is.
I managed to disable and remove the main gist of this guy using MSconfig and tracking down the exe, but one lasting point of concern for me is the rundll32.exe file.
That was what this particular virus was using to activate - it was passing a parameter to rundll32.exe in the following manner:
Now, I have triple scanned the infected computer with Avast, Avast Boot scan, and Malware bytes. At this point, they are all coming up negative for infected files, but again, that rundll32.exe file strikes me as off.
I arbitrarily tried passing it a similar .exe file path parameter to something harmless, to no avail, so I'm wondering if the file was compromised. I would like to get rid of this infection entirely, but I want to know if anyone has suggestions as to the best way to verify file integrity.
If it is compromised, any suggestions on how to replace it with a legitimate rundll32.exe? It's on a commercial laptop, but I do have a W7 OEM disk lying around.