cancel
Showing results for 
Search instead for 
Did you mean: 

Vista says rundll32.exe is infected

penneck
Rising Star
Posts: 772
Thanks: 25
Registered: ‎03-08-2007

Vista says rundll32.exe is infected

My son's laptop has Vista and McAfee on it. I have never used either before, so I dont know how they differ from XP and AVG or Avast
The laptop is complaining about rundll32.exe being infected, and do I want to activate my antivirus software. During bootup, it complained about other things being infected, though those messages have stopped once bootup had completed. McAfee seems to be very slow compared to AVG or Avast.
Google comes up with some advert for an antivirus software that I have never heard of before, but if that is part of the problem, then doing anything might be just what the problem wants. Also it brings up the same sort of  message as the rundll.exe one, but this one has a long name involving google.
Any ideas what I should do about this, please?
Thanks inadvance
10 REPLIES
Steve
Seasoned Pro
Posts: 6,818
Thanks: 315
Registered: ‎13-07-2009

Re: Vista says rundll32.exe is infected

This Any use to you?   http://recherche21.wordpress.com/2008/07/13/how-to-remove-virus-affecting-rundll32exe/
If life gives you lemons, make lemonade.
Community Veteran
Posts: 4,915
Thanks: 139
Fixes: 25
Registered: ‎14-07-2009

Re: Vista says rundll32.exe is infected

The implication of the request to activate the McAfee Antivirus software is that this was never done.  Probably it was a time-limited copy supplied when the computer was new.  I think if McAfee was not activated then it does not install new virus definition updates so it has probably been overwhelmed by a new virus it cannot cope with.
If Google is misdirecting you then you probably have a DNS changing rootkit; once established these are very hard to detect and remove.  When I find (or suspect) one I take out the hard drive and scan it on another computer because they tend to be invisible when the computer is running.  The obvious symptom is that when you click on a link provided by a search engine (Google or otherwise) you end up at a different web site to the one the link was supposed to direct you to.
To fix this you need to either:

  • Call in a professional.

  • Back up your data (and use a working computer to run a virus scan on the back-up), restore your computer to factory settings, install a working antivirus program (after uninstalling McAfee if it was factory-supplied).


An inferior professional would probably follow the second option anyway.  If you go to The Tech Guys at PC World they are liable to follow the second option without first backing up your data.
Community Veteran
Posts: 4,915
Thanks: 139
Fixes: 25
Registered: ‎14-07-2009

Re: Vista says rundll32.exe is infected

Re-reading, it may be just scamware without the hard-to-remove rootkit or corrupt DNS.  In which case downloading, installing, updating and running Malwarebytes Antimalware (free version) http://www.malwarebytes.org/ should clear it.  If you cannot get to the web site or download it or it will not update then your problem is as bad as I first feared.
penneck
Rising Star
Posts: 772
Thanks: 25
Registered: ‎03-08-2007

Re: Vista says rundll32.exe is infected

I've made a bit of progress since I started this post. I managed to run McAfee, but it didn't find anything. However, now when I boot up, I no longer get any warnings about infected files, nor does Internet Explorer go to some advert for anti-virus software.
Before the McAfee run, if I tried to open Internet Option in Control Panel, it would appear and then disappear after less than a second, so I couldn't inspect it, leave alone edit it. After McAfee, Internet Option opened and stayed. I found that something had been added to the Home Page box. I removed that extra bit, leaving just "google.co.uk". I used Apply and OK.
Now when I use Internet Explorer, it says that google "is not set up to establish a connection on port WorldWideWeb service (HTTP) with this computer". It also talks about a Proxy.
Does this give a clue as to what is going on?
Thanks for your help so far
penneck
Rising Star
Posts: 772
Thanks: 25
Registered: ‎03-08-2007

Re: Vista says rundll32.exe is infected

I forgot to ask, what is that software that people recommend to take an image of a hard drive? Does it allow me to select what I recover from the image?
Thanks
Steve
Seasoned Pro
Posts: 6,818
Thanks: 315
Registered: ‎13-07-2009

Re: Vista says rundll32.exe is infected

Quote
Macrium Reflect Free Edition is a disk imaging solution for free. A complete disaster recovery solution for your home and office. Protect your personal documents, photos, music and e-mails. Upgrade your hard disk or try new operating systems in the safe knowledge that everything is securely saved in an easily recovered backup file. Macrium Reflect suports backup to local, network and USB drives as well as burning to all DVD formats.

More Here...http://www.macrium.com/reflectfree.asp
If life gives you lemons, make lemonade.
pnf
Grafter
Posts: 266
Registered: ‎07-11-2007

Re: Vista says rundll32.exe is infected

Avira provide a rescue system that may help clean things up - http://www.avira.com/en/support-download-avira-antivir-rescue-system
By downloading the 'iso' file and burning it to CD or DVD, you will be able to boot your laptop/pc using the CD/DVD and this can then be used to scan your entire system off-line.
Note that after the CD boots the default language is German, just click on the Union Jack to switch to English.
gadfly
Grafter
Posts: 39
Registered: ‎02-09-2010

Re: Vista says rundll32.exe is infected

If I were you I would get your son to uninstall McAfee via the Control Panel => Programs & features and then download and install the free Microsoft Security Essentials which gives as good protection as paid for and other free scanners but is far less demanding on the system.
Security Essentials - http://www.microsoft.com/security_essentials/
Community Veteran
Posts: 4,915
Thanks: 139
Fixes: 25
Registered: ‎14-07-2009

Re: Vista says rundll32.exe is infected

Quote from: penneck
I've made a bit of progress since I started this post. I managed to run McAfee, but it didn't find anything.

Are you quite sure about this?  How else do you account for the progress you made? 
Quote from: penneck
However, now when I boot up, I no longer get any warnings about infected files, nor does Internet Explorer go to some advert for anti-virus software.
Before the McAfee run, if I tried to open Internet Option in Control Panel, it would appear and then disappear after less than a second, so I couldn't inspect it, leave alone edit it.

Something has found and removed at least some of the malware.
Quote from: penneck
Now when I use Internet Explorer, it says that google "is not set up to establish a connection on port WorldWideWeb service (HTTP) with this computer". It also talks about a Proxy.
Does this give a clue as to what is going on?

Yes.  In Control Panel or Internet Explorer select Internet Options (in IE this is bottom of the list under Tools).  Click the Connections tab then the LAN Settings box.  Remove the tick from the box "Use a proxy server for your LAN...".  Close the Internet Options window and restart Internet Explorer for luck.  Hey presto!
penneck
Rising Star
Posts: 772
Thanks: 25
Registered: ‎03-08-2007

Re: Vista says rundll32.exe is infected

You are probably correct, bearing in mind my inexperience with McAfee, that it did find something, and (I guess) dealt with it.
You were definitely correct about the Proxy tick in the LAN Settings box. Now Internet Explorer is working correctly.
I have handed the pc back to my son, with the proviso that he lets me know if there are still problems. If he reports back that the pc is okay, I intend downloading AVG and Zone Alarm, and partitioning his hard disk so that he puts his data files on the other side of the partition. I will then take an image of his hard drive, just in case.
Many thanks for your help