The program you mention is almost certainly spyware. It is a key recorder and screen capture utility that monitors all that you do. First thing to do is to scan your pc with Ad-Aware or Spybot and get rid of it.
Per many posts in this forum you MUST have anti-virus protection, anti-spyware protecton and a firewall.
The file seems to be a favourite virus target, so much so it is difficult to determine what your version is involved with. You may have noticed this file is similarly named to rundll32.exe which is a genuine file. Presumably done this way to disguise it. I found a link for restoring the rundll32.exe, which in XP is in the Windows/System32 folder. Unfortunately the author mixed run32dll and rundll32 apparently in error (talks about run32dll but the install instruction is for rundll32).
"You might receive such an error if the run32dll.exe file is corrupt or if a virus (e.g., W32/SirCam@MM) is present on your machine. To correct the error, begin by ensuring that you have an up-to-date virus checker and perform a full scan of your system. Next, to restore run32dll.exe, insert your XP or Win2K installation CD, then go to a command prompt and type
to extract the version of the file to your system. After you extract the file, restart your machine."
I suggest:
1. Establish the location of run32dll.exe using Search in the Windows folder (and subfolders). 2. Search for rundll32.exe using Search in the Windows folder (and subfolders). 3. If rundll32.exe is missing try to restore using the above command line fix - it is a file you need. 4. Look to see if run32dll.exe is deleted. If not, change the extension to say .bak to sideline it. It may not be possible as it is posing as a system file. 5. Try working with a number of applications to see if they run. 6. If all is well, after a few more reboots to be safe, delete the .bak viral file. If your pc is infected and NAV is not detecting it, the file will almost certainly reappear. Usually there is a registry entry that reloads the viral file.
Description: A key recorder and screen capture utility that controls and monitors everything that happens on your computer and online.
I'd suggest downloading HijackThis, installing it, and submitting its log file to the experts. All that is described in the third step in the first link listed below.
Have same problem. Effects Roxio and Adobe Photo Deluxe. Can work around it by TaskManager / Processes / highlite Rundll32.exe / click End Process. Warning window / click yes.You have to do this each time you start the computer. It works and the computer is faster. In the reference command prompt to restore rundll32.exe, what are the symbols on each side of Systemroot? How can I duplicate them? I would like to give it a try with my Windows XP cd if it will solve the problem permanently. note: Norton Antivirus is not detecting a virus.
%System% is a variable. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
If NAV is not finding the file, use search to find occurrences of run32dll.exe and then scan the file or folder manually with NAV (Scan for Viruses/File alternatively Folder).
I have another question. Please note that I am a novice at the computer. In your suggestions item 4. How do I change the extension to say .bak to sideline it?
If you are a real novice, you should get some experienced help. These repairs are never easy and the unexpected usually occurs. This particular repair may need a safe mode reboot and that is way beyond novice level. If you run into trouble you need to know how to get out of it.
starman99
126 Posts
0
April 14th, 2004 17:00
The program you mention is almost certainly spyware. It is a key recorder and screen capture utility that monitors all that you do. First thing to do is to scan your pc with Ad-Aware or Spybot and get rid of it.
Per many posts in this forum you MUST have anti-virus protection, anti-spyware protecton and a firewall.
Basils57
7 Posts
0
April 14th, 2004 19:00
Thanks Starman
I Have run Spybot and 'fixed' the findings, and I also have Norton AV and Zone Alarm which are kept up to date - still have the problem though.
starman99
126 Posts
0
April 15th, 2004 01:00
The file seems to be a favourite virus target, so much so it is difficult to determine what your version is involved with. You may have noticed this file is similarly named to rundll32.exe which is a genuine file. Presumably done this way to disguise it. I found a link for restoring the rundll32.exe, which in XP is in the Windows/System32 folder. Unfortunately the author mixed run32dll and rundll32 apparently in error (talks about run32dll but the install instruction is for rundll32).
http://www.winnetmag.com/Windows/Article/ArticleID/38306/38306.html
"You might receive such an error if the run32dll.exe file is corrupt or if a virus (e.g., W32/SirCam@MM) is present on your machine. To correct the error, begin by ensuring that you have an up-to-date virus checker and perform a full scan of your system. Next, to restore run32dll.exe, insert your XP or Win2K installation CD, then go to a command prompt and type
to extract the version of the file to your system. After you extract the file, restart your machine."
I suggest:
1. Establish the location of run32dll.exe using Search in the Windows folder (and subfolders).
2. Search for rundll32.exe using Search in the Windows folder (and subfolders).
3. If rundll32.exe is missing try to restore using the above command line fix - it is a file you need.
4. Look to see if run32dll.exe is deleted. If not, change the extension to say .bak to sideline it. It may not be possible as it is posing as a system file.
5. Try working with a number of applications to see if they run.
6. If all is well, after a few more reboots to be safe, delete the .bak viral file. If your pc is infected and NAV is not detecting it, the file will almost certainly reappear. Usually there is a registry entry that reloads the viral file.
jwatt
4.4K Posts
0
April 15th, 2004 02:00
Yes. According to this link...
Description: A key recorder and screen capture utility that controls and monitors everything that happens on your computer and online.
I'd suggest downloading HijackThis, installing it, and submitting its log file to the experts. All that is described in the third step in the first link listed below.
Jim
ndragash
2 Posts
0
April 29th, 2004 17:00
Have same problem. Effects Roxio and Adobe Photo Deluxe. Can work around it by TaskManager / Processes / highlite Rundll32.exe / click End Process. Warning window / click yes.You have to do this each time you start the computer. It works and the computer is faster. In the reference command prompt to restore rundll32.exe, what are the symbols on each side of Systemroot? How can I duplicate them? I would like to give it a try with my Windows XP cd if it will solve the problem permanently. note: Norton Antivirus is not detecting a virus.
starman99
126 Posts
0
April 29th, 2004 18:00
%System% is a generic term, quoting Norton:
%System% is a variable. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
If NAV is not finding the file, use search to find occurrences of run32dll.exe and then scan the file or folder manually with NAV (Scan for Viruses/File alternatively Folder).
ndragash
2 Posts
0
April 29th, 2004 22:00
starman99
126 Posts
0
April 30th, 2004 00:00