Solved

rundll32.exe

Posted on 2004-03-25
16
7,869 Views
Last Modified: 2007-12-19
I'm using a Thinkpad 41p notebook running Windows XP Professional.  In task manager I'm showing two entries for rundll32.exe under the same user.  Is this a problem?  Also, the CPU usage for the 1st listing of rundll32.exe stays at zero, however, the CPU usage for the second listing often goes up to 99% and stays there, which slows down the computer substantially and over heats the CPU.  Is there a way to fix this?
0
Comment
Question by:artvogel
  • 2
  • 2
  • 2
  • +7
16 Comments
 
LVL 17

Expert Comment

by:RDAdams
ID: 10682435
Check for virus' and adware type programs.

AdWare and spybot S&D are good.  Virus scanning software if you don't have already you should.

http://www.spychecker.com/software/antispy.html
0
 
LVL 24

Expert Comment

by:SunBow
ID: 10682687
yeah, you need one, not two. Get a good copy of that dll from elsewhere, the A/V probably won't be able to clean it up.
0
 
LVL 3

Expert Comment

by:shanekc
ID: 10683497
The other issue you have is the CPU "overheating".  It should be thermally designed to withstand operating at 100% utilization for a certain length of time.  If it overheats quickly then there may be something wrong with the cooling fan or obstruction to the airflow through the notebook chassis, such as built-up dust.
0
 
LVL 1

Expert Comment

by:artmcclure
ID: 10683679
That's perfectly normal. There is nothing wrong with having two rundll32.exe running at the same time. All my computers have at least 2 running and they all function W2000 perfect. Do a search on Google, I saw an explanation once.
0
 
LVL 3

Expert Comment

by:shanekc
ID: 10684450
The run32.dll processes are active when something uses the system dynamic link libraries to execute its code.  In many cases they are perfectly normal but sometimes malicious processes can "hide" behind the run32 library.  So these are not necessarily okay.  In fact, if one of them is using up 99% of your CPU when the system should be at idle, I recommend running anti-virus and particularly anti-spyware as RDAdams mentions above.  But like I said - the overheating is a separate issue that you also need to address if you want the hardware to continue functioning reliably.
0
 
LVL 3

Expert Comment

by:zapthedingbat
ID: 10686132
This seems to be a common misconseption. rundll32.exe is an Exe, not a Dll (the clue is in the file extention)
rundll32.exe can be passed the name of a dll in the command line, rundll32.exe will then host that dll.

Seeing a instance of rundll32.exe in the process list dosnt tell you mutch at all. the process could be hosting any dll. hence such there is no "correct number" of rundll32.exe instances

I would guess that the process in question that is consuming your CPU cycles is an instance of rundll32.exe being used to host a malishous dll.

the command line that strats the process is probably defined in the registry, theeasyest way of configuring the commandlines that run on startup is by typeing "msconfig" in the run box on the start menu. goto the startup tab on the dialog that opens and disable any of the commands that you dont want to run.

Altertativly you can configure them using regedit but i wouldnt recomend his unless your a very compitant user
0
 
LVL 1

Expert Comment

by:bravado042997
ID: 10686244
rundll32.exe is no problem generally unless you see it listed way more times then that.....    

I suggest a software firewall program that keeps track of ALL INTERNET activity to the point where it asks you to give permission to a program to use the internet.

That will STOP trojans cold, been using this type of product for 4 years now.

If rundlll32.exe or joeblow.exe tries suddenly to go to an IP address, the software will alert you and you can permanently have it say NO, I usually then grab a boot disk, note where the file is and chance the extension to .exf and then reboot and if the PC works fine with out it, she's a goner.....

Bit Defender is a good one for this because it also includes a good antivirus and is easy to use:  free trial at:  www.bitdefender.com

I personally use a good firewall/security router ($250) and Fix It Utils Suite 5.0 with software firewall and antivirus, and that works quite well.  8)  

Bit Defender is a bit cheaper.  8)

If you want to go bananas:  Black Ice Defender is a pain in the neck now, I had a 2 year license and quit using it once they upgraded it to overkill mode, even I thought it was too far gone to want to use ever again.
Replaced it with the heavy duty overkill model hardware firewall/router anyhow when I bought a house. LOL!   Needed heavy duty model because it was living in the garage and temp in there in summer, 120 and high humidity.   [www.networkice.com in case you want to look, but NO trials]






0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Expert Comment

by:WilfredoPerez
ID: 10688473
Rundll32.exe is a trojan/virus in order to remove download ad-aware , update it then boot into safe mode to remove this culprit also go to
START | RUN | MSCONFIG
Click on the startup tab
Some if not all of the applications listed rely on RUNDLL32. You may have to work through each one until you find the application that isn't shutting down RUNDLL32 correctly. I am asuming that you have tried my "work around" without running any applications, just logging on, killing off runDLL32 and shutting down.
0
 
LVL 1

Expert Comment

by:bravado042997
ID: 10692737
Kill of rundll32.exe?   It's a major windows system program....   now if it's infected, beware of this:  

XP makes a dllcache directory inside \windows\system32 and if anything is deleted out of system32, it gets replaced by dllcache file immediately....   that dllcache is full of XP install files...

Of course a trojan can also place a file in their too and if you don't know about this directory, it will repop in if you had deleted the files out of system32, you have to toast both....
or clean both or replace it from your XP cab files manually with a utility that can view/extract files out of .cab's....

WinRAR will do the trick nicely.

 
0
 

Expert Comment

by:peter_s_magnusson
ID: 10892466
Ok, perhaps somebody should try and pick up on the "Thinkpad T41" part of the question, huh.  For example, it is a very new machine and the anti virus protection that comes installed on it is just fine.  So it is probably _not_ a trojan etc etc.

To the point, this same thing has happened to me and the fix that _seems_ to be working is to turn off the loading of the Bluetooth authentication agent on the T41 (run msconfig and click on the startup tab).  I don't use Bluetooth on this machine so I don't care.  I suspect IBM has done something wrong here, but I don't have time to spend hours with their support folks.  I would be very interested to hear if this works for you, too.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 10904592
PAQed - no points refunded (of 125)

Computer101
E-E Admin
0
 

Expert Comment

by:Crunchie69
ID: 11630975
I have had a similiar problem on a IBM T41P. I heard a noise like disc activity when no disc light activity. (Seems the noise was the fan active because of overheating -comment from IBM support). I was also having problems with rundll32.exe 'not responding' on shutdown. I ran virusupdate,  virus scan, checked active progams in Zone Alarm and could see no probable cause. Then when I checked Task Manager I found CPU usage at  98%-100% for rundll32.exe.

Came here from google search, found the solution offered by peter_s_magnusson above and applied it. Appears to me to work. rundll32.exe CPU usage is now 0 and shut down is working without 'no response' rundll32.exe.

Checked with IBM support and they were not aware of the problem or the fix. For the moment it does appear to be an issue with "Bluetooth Authentication".

 
0
 

Expert Comment

by:Crunchie69
ID: 11635726
Update:

Found the problem continued after disabling Bluetooth in start up menu. From futher google reseach and after discussions with IBM support it seem to me this is an issue with pwrmonit.  

So Start - Run - type msconfig - select Startup Tab - Untick pwrmonit and restart. That solves the problem for the moment. Will look for a IBM fix.

Crunchie69

0
 

Expert Comment

by:peter_s_magnusson
ID: 11654468
Yes, I forgot to follow up comment: pwrmonit *also* gives problems.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Finding a job can be stressful - searches, resume tweaks, and networking events can be super boring. Luckily we're here to help you land your dream job!
Surprisingly, there is a lot to Gym battles, and I thought it would be helpful to share knowledge about all the ins and outs of this feature!
Saved searches can save you time by quickly referencing commonly searched terms on any topic. Whether you are looking for questions you can answer or hoping to learn about a specific issue, a saved search can help you get the most out of your time o…
Where to go on the main page to find the job listings. How to apply to a job that you are interested in from the list that is featured on our Careers page.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now