I have an Exchange 2007 server that is running a large number of copies of rundll32. (See screen shot). There are about 100 of them with a strange command line.
I have scanned with Symantec Endpoint and malwarebytes and both report clean. The server is all up to date. It was noticed yesterday, so we restarted and monitored and they were not there after the restart, now this morning there are loads of them again!
Any ideas? Server is running ok.