Rundll32.exe Big Problems with this and need immediate help

Ownallday

Honorable
Jun 15, 2012
13
0
10,510
Please help me. Out of no where my computer is starting to have some big problems and I want to blame rundll32.exe.

Out of no where there are two rundll32's running at the same time once my computer starts up. It will take about 4 minutes for these two to open up once my computer boots up. Right at the minute they open up my Graphics Card fan Starts speeding up as my GPU will hit 60C-75C. As for my processor each core will hit up to 60c and slowly rise. My whole computer becomes a pool of heat.

These two rundll files are under my temp files user/username/AppData/Local/Temp and they will be under these two random named folders. An example of this folder name is B672.tmp

I can delete these folders and files but they just come back once I reboot my computer. When I open task manager this is what shows on the command line: rundll32.exe -o http//:bittorrents.mooo.com:80 -u 123 -p123 -I 1

There are two of them that run and each of them takes up like 26-40% of my cpu so that means my computer is running 99% every time these two things are open. Please help me solve this problem. I have tryed almost everything I can.

Also I started getting Blue Screen of Death while playing games like Skyrim and GTA 4. My two favorite games... I would get these BSOD after playing for about 1 hour.

My setup:
GTX 580
i5-2500k overclocked to 4ghz
8gb 4x2
1tb hdd


Please help me solve this issue.
 
Solution


It just means that you can safely ignore a rundll from either of those locations. I wouldn't worry about this damaging your system, it's merely an annoyance. If you don't mind doing so it might be easiest to just reinstall install Windows
Those look like telltale cases of malware. rundll is an important system executable and lots of malware likes to pretend to be it to avoid drawing attention

If you look in task manager the rundll32.exe should always have an image path (if image path is not turned on, select it in View -> Select Columns) of "C:\Windows\System32\rundll32.exe" or "C:\Windows\SysWow64\rundll32.exe"

The only reason it would be hiding in your app data is if it was actually malware that wasn't able to write itself to the system drive due to security.
 

Ownallday

Honorable
Jun 15, 2012
13
0
10,510


Ok so what should I do because like you said there is a rundll32.exe under image path that is running under "C:\Windows\SysWow64\rundll32.exe"

I have Microsoft Security Essentials and it cant find a virus, also have advance system care which didn't find anything, and I recently tried RegCure Pro but that did nothing at all.

I really need help to get rid of this because before I was cool with this and thought it would go away but now I am getting sick of this.

Thanks for the reply.
 

Ownallday

Honorable
Jun 15, 2012
13
0
10,510


I tried 3 programs that I thought would help but it didn't fix this problem. When I run safe mode its perfectly fine.
Rootkits I am not to sure. I don't know where that is lol. I am still a noob when if comes to some PC things but Help to fix this would be nice.
 


There's usually always at least one running from that path. That's normal. It's the ones that aren't running under that path that you need to worry about
 

Ownallday

Honorable
Jun 15, 2012
13
0
10,510


ok so then the one under system32 is not running. What does this mean and how can I fix this if this is the problem? If I re-install windows 7 will this problem go away or is there another way.
 


The one under system32 will only be running if it has a 64 bit dll to run. The one in SysWow64 is for running 32 bit executables including dlls(damn microsoft and their bloody compatibility naming). Rundll is required to run dlls because dlls by definition do not have application entry points.
 

Ownallday

Honorable
Jun 15, 2012
13
0
10,510


I am not to sure what this means. I do have a windows 7 62 bit so then the one under system32 should be running or I need to find a rundll62? idk I mean I just really need a way to fix this because I know for a fact this is damaging my system which I spent 2k on.
 


It just means that you can safely ignore a rundll from either of those locations. I wouldn't worry about this damaging your system, it's merely an annoyance. If you don't mind doing so it might be easiest to just reinstall install Windows
 
Solution

Ownallday

Honorable
Jun 15, 2012
13
0
10,510


Ok then Thank you I will re install windows soon then
 

Ownallday

Honorable
Jun 15, 2012
13
0
10,510

Ok then thank you very much for your help. I will re install windows soon.
 

lineva

Reputable
Apr 4, 2014
1
0
4,510
I know this is a very old post, but I have had this identical issue for two days and I did find the culprit. In the Windows/system32 folder I found a file called "winthemes_service.dll" which was proliferating rundll32.exe files. As time went on I would have a hundred or more on my win xp system. I opened windows in the safe mode and simply did a search for this file name and deleted it. Case closed... Hope this may help someone else...

Best regards,

Lin




 

Fennekin

Reputable
Apr 9, 2014
1
0
4,510
 

Bryan Henderson

Reputable
Apr 19, 2014
2
0
4,510


That's actually a different worm with different symptoms. In fact, the only thing I see that they have in common is rundll32 and unwanted processes.

In addition to deleting winthemes.dll, you should run 'sc delete winthemes' in a command window. This deletes the Windows service that was causing that program to run. With the file deleted, the service can't hurt you, but you shouldn't have junk in your registry. It's easy to confuse this service with the real Windows service "themes".

I had this one too, and the fact that Microsoft Security Essentials can't detect it is cause for concern. Microsoft published a description of this malware (Sefnit.BW) on April 8, 2014, and I have the current definitions and still had my winthemes.dll file, so I ran MSE on it and it said it was fine. I would say this probably means MSE is compromised.