Styx141

New Member
Joined
Aug 22, 2018
Messages
1
I have 2 (sometimes more) rundll32 processes shown in my taskmanager and one of them repeatedly opens and closes, while the loading icon is flickering next to my cursor. I've already tried restarting the system, Malwarebytes didn't find anything and I couldn't find anything helpful on the Internet either.
I'd be really glad, if someone could help me rather sooner then later, my CPU is running wild because of this and that can't be very healthy for my system.
 


Solution
RunDLL32 allows a user or program to call functions directly out of a DLL. This could be a legitimate process. You could capture the events with procmon and a filter set for 'Command Line' Contains "rundll32"

Should see something like this
1534944337578.webp
RunDLL32 allows a user or program to call functions directly out of a DLL. This could be a legitimate process. You could capture the events with procmon and a filter set for 'Command Line' Contains "rundll32"

Should see something like this
1534944337578.webp
 


Solution
I have 2 (sometimes more) rundll32 processes shown in my taskmanager and one of them repeatedly opens and closes,
This is basically the function of rundll - It is called from within a program to load the specified dll (dynamic link library which is a collection of executable routines), identifies the entry point for the required function and executes it. On completion of the function it unloads the DLL and exits. From this you can imagine that at any given point in time there may be several instances of rundll excuting perfectly legitimately and have no implications for efficency or relationship with malware. Yes, they will consume cpu time to execute the functions - but that is what rundll does.
 


Back
Top