»
 

Go Back   ResellerRatings Store Ratings > ResellerRatings Forums > Tech Support
rundllw.exe rundllw.exe
Register FAQ Social Groups Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
Old 01-31-2004, 04:41 PM   #1 (permalink)
Registered User
 
Join Date: Jun 2003
Location: Inna Leakyboat
Posts: 162
excuzzzeme is on a distinguished road
Send a message via AIM to excuzzzeme Send a message via Yahoo to excuzzzeme
Outdoors rundllw.exe
Came accross a Dell machine that runs so slow, that christmas will be here again before it finishes loading. In able to execute taskmanager (et al), you must hit alt-ctl-del to get anything to execute. After serious searches, A/V scans (Command, Norton, Mcaffee, AVG), Adaware, Spybot, all return negative finds. This IS in-fact a SOFTWARE problem as in trojan or similiar.
After long searching have isolated it to a program called rundllw.exe. Upon examiniation of program I found it contains a key-logger among many other nasty traps. After modifying registry and trying to remove, have found it reappearing on its own. Cannot find the parent for this program. Have even modified program but yet it returns in it's true write. Having turned off almost all services (Windows XP) including installer, the program does not execute or slow the machine down and functions as built.
Wipe and re-install is not an option at this time as this is a financial system and it is unknown at present if loss of files is critical. Do not wish to save/delete files until source of problem can be identified.
Tested for Dumru and 2.exe with negative result.

Thank you to any brain surgeon out there that can help me solve this.

excuzzzeme is offline   Reply With Quote
Old 01-31-2004, 08:04 PM   #2 (permalink)
Registered User
 
rpertusio's Avatar
 
Join Date: Nov 2002
Location: Hershey, PA
Posts: 1,013
rpertusio is on a distinguished road
Send a message via AIM to rpertusio
F-Secure talks about this Dumaru.B worm here

I assume you've already looked at other websites for cleaning information. F-Secure has a bit more information on where it is stored. Double-check that it really is cleaned out from there!

Also, it was possibly passed along via Email, so you may want to keep any email programs from loading until you can isolate the worm.

- rp
rpertusio is offline   Reply With Quote
Old 01-31-2004, 09:09 PM   #3 (permalink)
Registered User
 
Join Date: Jun 2003
Location: Inna Leakyboat
Posts: 162
excuzzzeme is on a distinguished road
Send a message via AIM to excuzzzeme Send a message via Yahoo to excuzzzeme
Wow! That link had the best info on the problem. It identified several programs I had found, and finally seems to be pointing me in the right direction. I knew that there was another copy, but didn't know where to look. Thank you. I am disappointed that no other A/V I tested with found it.

Again, Thank You!
excuzzzeme is offline   Reply With Quote
Old 02-01-2004, 04:21 AM   #4 (permalink)
Registered User
 
Dj-Icer's Avatar
 
Join Date: May 2003
Location: Neo Japan
Posts: 1,175
Dj-Icer is on a distinguished road
I'm a phobia to *.dll file. I have face a lot of problem about it, such as Kernel, system32 and the like.

Do reinstalling OS again and that fix. Duh~.
__________________
|c3R
Dj-Icer is offline   Reply With Quote
Reply

« No HL2 until July. | media player 9 wont play online »


« No HL2 until July. | media player 9 wont play online »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Most Active Discussions

Recent Discussions

All times are GMT -6. The time now is 01:31 PM.

Contact Us - ResellerRatings - Archive - Privacy Statement - Top