Question:
Unsure if I have a virus.?
2011-12-14 16:02:01 UTC
Ok. From a previous question from

http://answers.yahoo.com/question/index?qid=20111211064742AA0aohm


I ran Rkill tdsskiller and Mbam




From Rkill, I have a log that says


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12/14/2011 at 17:26:06.
Operating System: Windows 7 Professional


Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\rundll32.exe


Rkill completed on 12/14/2011 at 17:27:05.




SysWOW?

Never heard of it.

I don't have the same problem as this guy, but SysWOW is a rather large folder, so I tried out what the second poster has.

http://www.techsupportforum.com/forums/f217/syswow-64-folder-is-bloated-and-keeps-growing-307651.html


I didn't do all his suggestions, but I checked up on rundll32 in sysWOW, and..




File description Windows host processes (Rundll32)
Type Application
File version 6.1.7600.16385
Product name Microsoft(R) Windows(R) Operating System

By the way, the copyright(R) circle is really flat and I had to zoom in to see it was actually an "R"
Product version 6.1.7600.16385
Copyright (C) Microsoft Corporation. All rights reserv...
Size zero bytes (Is that right..)
Date modified
Language English (United States)
Original filename RUNDLL32.EXE

That's the details tab,

and in general
it says
Size: 43.5 KB (44,544 bytes)
Size on disc: 44.0 KB (45.056 bytes)


So really, I'm not sure what to do.
Three answers:
2011-12-14 16:12:59 UTC
You run rkill first, then scan with MBAM, and tdsskiller.

Delete everything MBAM finds. If I am the one that told you to run rkill, I told you to READ THE DESCRIPTION. Don't know why mo one seems to be able to follow simple directions.
?
2016-08-25 07:37:14 UTC
2
2011-12-14 16:12:52 UTC
SysWOW stands for System Windows On Windows. If you're running a 64-bit OS you'll have this folder where many 32-Bit DLLs are held. This is what allows your 64-Bit OS to run 32-Bit applications without serious compatibility issues. Everyone has a Rundll32.exe file in their SysWOW folder.



RunDLL32 is exactly as it states, a program capable of using functionality contained in DLL files (since DLLs cannot be run on their own as they are merely shared code libraries). RunDLL32 is USUALLY not a threat, the import thing is which DLL it's executing (Check the command line option in the task manager). Please do not meddle with windows when you don't the intricacies of the operating system as it will assuredly lead to instability.



Also, while the data on that file exactly mirrors mine you should use Hashes to confirm a file is legitimate. I'd recommend HashTab: http://implbits.com/HashTab.aspx



The SHA-1 Hash for my RUNDLL32.exe is

8939CF35447B22DD2C6E6F443446ACC1BF986D58


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...