|  | 
| rundll.exeThe file rundll.exe is not yet in our database.
 rundll.exe was found in the following malware reports:
|  | 
|---|
 | Backdoor.LoxoScam | 
|---|
 | Technical details ...It attempts to replace %windir%Rundll.exe and C:Progra~1Micros~1OfficeFindfast.exe with the file Exec.hlp....
 ...It modifies the value from LoadPowerProfile Rundll32.exe powerprof.dll,LoadCurrentPwrScheme...
 ...to LoadPowerProfile Rundll.exe powerprof.dll,LoadCurrentPwrScheme...
 Removal instructions
 ...%windir%Sys.bat if they exist. Restore Rundll.exe and Findfast.exe. Reverse the changes that it...
 ...%windir%Sys.bat if they exist. To restore Rundll.exe and Findfast.exe: Using Windows Explorer, copy...
 ...If the vlaue LoadPowerProfile Rundll.exe powerprof.dll,LoadCurrentPwrScheme...
 ...exists, modiify it to LoadPowerProfile Rundll32.exe powerprof.dll,LoadCurrentPwrScheme...
 Source: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.loxoscam.html
 | 
|---|
 | Backdoor.SchoolBus.B | 
|---|
 | Technical details ...Copies code that is contained in the Trojan as %System%Rundll.exe. NOTES:...
 ...C:WindowsSystem32 (Windows XP). Rundll.exe itself is a Trojan. It attempts to do the following:...
 ...%System%Explorer.exe (This file is executed by Rundll.exe, and is used to send system information to a hacker.)...
 ...Adds the value: rundll    "c:windowssystem
undll.exe"...
 ...Adds the values: rundll    "c:windowssystem
undll.exe"...
 ...rundll32  "c:windowssystem
undll32.exe" to the registry key:...
 ...HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsActive Setup Installed ComponentsRundll Creates the WindowsVCM folder...
 Removal instructions
 ...right pane, delete the value: rundll    "c:windowssystem
undll.exe"...
 ...HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsActive Setup Installed ComponentsRundll In the right pane, delete...
 ...the value: rundll    "c:windowssystem
undll.exe"...
 ...rundll32  "c:windowssystem
undll32.exe" Exit the Registry Editor....
 Source: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.schoolbus.b.html
 | 
|---|
 | Backdoor.LittleWitch.B | 
|---|
 | About Backdoor.LittleWitch.B ...to a compromised computer. The presence of the file Rundll.exe is an indicator of a possible infection....
 Technical details
 ...It copies itself as %system%Rundll.exe. It creates the file %windir%Usr.dat....
 ...The Trojan creates the value Rundll    Rundll.exe in the registry key...
 Removal instructions
 ...Scroll through the list, and look for Rundll.exe. If you find the file, click...
 ...right pane, delete the value Rundll    Rundll.exe Exit the Registry Editor....
 Source: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.littlewitch.b.html
 | 
|---|
 | Backdoor.LittleWitch.C | 
|---|
 | About Backdoor.LittleWitch.C ...The presence of the file, Rundll.exe, in the %System% folder is an indicator of a possible infection....
 Technical details
 ...Copies itself as %System%Rundll.exe. Creates the file, %Windir%Usr.dat....
 ...Creates the value: Rundll    Rundll.exe in the registry key:...
 Removal instructions
 ...Scroll through the list and look for Rundll.exe. If you find the file, click...
 ...right pane, delete the value: Rundll    Rundll.exe Exit the Registry Editor....
 Source: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.littlewitch.c.html
 | 
|---|
 | W32.Bajar.Worm.Int | 
|---|
 | Technical details ...The .vbs script also deletes the file C:WindowsRundll.exe. Finally, after executing the...
 Removal instructions
 ...If the worm deleted Autoexec.bat, Rundll.exe (Windows 95/98/Me only), or Regedit.exe, you must restore them from a clean backup...
 Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.bajar.worm.int.html
 | 
|---|
 | VBS.Bajar.B@mm | 
|---|
 | Threat assessment ...deletes c:windowssystemWsock32.dll, c:windows
undll.exe, c:windows
undll32.exe, and overwrites other system files....
 Technical details
 ...C:WindowsSystemWsock32.dll C:WindowsRundll32.exe C:WindowsRundll.exe...
 Source: http://securityresponse.symantec.com/avcenter/venc/data/vbs.bajar.b@mm.html
 | 
|---|
 | W32.Bajar.B@mm | 
|---|
 | Threat assessment ...deletes c:windowssystemWsock32.dll, c:windows
undll.exe, c:windows
undll32.exe, and overwrites other system files....
 Technical details
 ...C:WindowsSystemWsock32.dll C:WindowsRundll32.exe C:WindowsRundll.exe...
 Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.bajar.b@mm.html
 | 
|---|
 | VBS.Over.Trojan | 
|---|
 | Technical details ...User.exe Rundll.exe Rundll32.exe...
 Source: http://securityresponse.symantec.com/avcenter/venc/data/vbs.over.trojan.html
 | 
|---|
 | Trojan.Zeraf | 
|---|
 | Technical details ...C:WindowsSystem.ini C:WindowsRundll.exe C:WindowsRundll32.exe...
 Source: http://securityresponse.symantec.com/avcenter/venc/data/trojan.zeraf.html
 | 
|---|
 | W97M.Mandir.A | 
|---|
 | Technical details ...SystemTrays     rundll.exe user,exitwindows to the registry key...
 Removal instructions
 ...SystemTrays     rundll.exe user,exitwindows Click Registry, and then click...
 ......
 Source: http://securityresponse.symantec.com/avcenter/venc/data/w97m.mandir.a.html
 | 
|---|
 |  |