I have rundll32.exe in my system32 directory. It has just a blank icon. Legit or possible virus. Any help greatly appreciated.

Ed

Hi angus,

You could upload the file to VirusTotal to check it for malicious code:

That file is usually a part of Windows:

http://windowsxp.mvps.org/rundll32.htm

It might also be malware:

http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/

The only way to determine whether your computer has malware is to check for it. Try working through the MRP:

http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Overview

John,
Just copy and then paste the file at virustotal?

No. Follow the directions above. You have to upload the file.

Copy and paste the results of the scan here.

Hope this helps.

Here are the results from Virustotal.

MD5: da285490bbd8a1d0ce6623577d5ba1ff
Date: 12.15.2007 03:28:31 (CET) [>22D]
Results: 1/32
Permalink: analisis/2d375b7def0914fffd9d35369281650f

That's the 'foot' of the log. There should be a list above it telling which Anti-Virus programs detected what.

Nothing else on the page. As a matter of fact, ever time I try to use the scroll bar on the page it jumps me back to your tab.

Just found it by clicking a link.

File rundll32.exe received on 12.15.2007 03:28:31 (CET)
Current status: finished

Result: 1/32 (3.12%)
Compact Print results
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - BlockReason.0
Additional information
MD5: da285490bbd8a1d0ce6623577d5ba1ff


ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Hi Ed,

The results showed that 1/32 Anti-Virus programs that scanned the file thought it is infected. The program isn't among the best known programs and so there's a low chance that it isn't infected.

There's a low chance it is infected, anyway, because I think I've never seen rundll32.exe getting infected. My rundll32.exe file also shows a 'blank page'.

If you want to check the file even more you can open 'My Computer'. Go to the right folder (SYSTEM32) and right-click on 'rundll32.exe'. Now choose for 'Properties' and check when it was last editted. Mine was in August 2004 (it depends on when you installed the OS). You can also check the filesize, mine is 33kb.

Greets, John.

Thanks John. The one hit on the list is probably a false positive.

My file is Microsoft v.5.1.2600.2180, 2/28/2006, 32.5Mb.