Taking my own advice first I wracked my brain to try to remember what else I had done when I had some success ceasing the pop-up juggernaut. I isolated RUNDLL32.exe as my most likely culprit ended it and have had no problems since. I've found some less than clear information on what rundll32 is. My new favorite resource BleepingComputer.com explains that Rundll32 is a system process but that there are many cases where rundll32 is a cover for a malicious file. The illicit file is placed in the wrong folder, and the system file will still exist in the correct place:
The additional "rundll32.exe file is placed in the Windows System folder, where as the legitimate rundll32.exe is located in the C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP)"Based on this information I tried ending RUNDLL32 from my process tree. I'm not sure if the one I closed is a windows process so ending it indefinitely could lead to problems in the future. For now the only difference I've noticed is that opening a program no longer automatically makes it the focus. Not a big problem, you just click the window and off you get. It may be proof that RUNDLL32 was doing something. Moving forward I intend to remove the malicious file. Beyond that a few of my guild mates are computer techs and they've offered their services to try and help me, but I'm thinking I'll see someone more local maybe he'll do more good than harm (unlike yours truly). While my problems may not be solved and this may not be closure I'm sure sick of talking about it so no more updates until it's really fixed (if ever).
No comments:
Post a Comment