|
rundll32.exe (5.1.2600.0)
Enthalten in den Programmen |
|---|
| Name: | Windows XP Home Edition, Deutsch |
|---|
| Lizenz: | kommerziell |
|---|
| Info-Link: | http://www.microsoft.com/windowsxp/ |
|---|
Dateidetails |
|---|
| Dateipfad: | C:\WINDOWS\system32 \ rundll32.exe |
|---|
| Dateidatum: | 2002-08-29 14:00:00 |
|---|
| Version: | 5.1.2600.0 |
|---|
| Dateigröße: | 32.256 Bytes |
|---|
Prüfsumme und Datei-Hashwerte |
|---|
| CRC32: | 464A49B4 |
|---|
| MD5: | 3B97 EDB7 91FB 2090 17B8 864C 8E70 87F9 |
|---|
| SHA1: | 729F AF37 ED72 3D70 73B6 1727 6995 C40C 150E FCB9 |
|---|
Versions-Informationen |
|---|
| Firmenname: | Microsoft Corporation |
|---|
| Datei-Beschreibung: | Eine DLL-Datei als Anwendung ausführen |
|---|
| Datei-Betriebssystem: | Windows NT, Windows 2000, Windows XP, Windows 2003 |
|---|
| Datei-Typ: | Application |
|---|
| Datei-Version: | 5.1.2600.0 |
|---|
| Interner Name: | rundll |
|---|
| Copyright: | © Microsoft Corporation. Alle Rechte vorbehalten. |
|---|
| Ursprünglicher Dateiname: | RUNDLL.EXE |
|---|
| Produktname: | Betriebssystem Microsoft® Windows® |
|---|
| Produktversion: | 5.1.2600.0 |
|---|
rundll32.exe wurde in den folgenden Reports gefunden:
|
|
|---|
Backdoor.Lastdoor |
|---|
Technische Details
...legitimate file, this Trojan uses the same icon as the legitimate Windows file named Rundll32.exe. When Backdoor.Lastdoor runs,...
...This overwrites the original Rundll32.exe file if it is in the %system% folder....
...NOTES: By default, Rundll32.exe resides in the %windir% folder in Windows 95/98/Me....
...Rundll32 %system%Rundll32.exe to the registry key...
Entfernungs-Anweisungen
...detected as Backdoor.Lastdoor. If Rundll32.exe has been overwritten by the Trojan, replace the file from a clean backup or reinstall...
...Rundll32 %system%Rundll32.exe from the registry key...
...Backdoor.Lastdoor, click Delete. If Rundll32.exe has been overwritten by the Trojan, replace the file from a clean backup or reinstall...
...Rundll32 %system%Rundll32.exe Exit the Registry Editor....
Quelle: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lastdoor.html |
|---|
Zendown.Trojan |
|---|
Über Zendown.Trojan
...Shutdown C:Windowsihateyou.exe Shutdown2 C:Windows
undll32.exe shell32,SHExitWindowsEx 1...
Entfernungs-Anweisungen
...Shutdown C:Windowsihateyou.exe Shutdown2 C:Windows
undll32.exe shell32,SHExitWindowsEx 1...
Quelle: http://securityresponse.symantec.com/avcenter/venc/data/zendown.trojan.html |
|---|
W32.Pixo |
|---|
Technische Details
...Then it adds the value: Rundll32.exe C:WindowsSystemPIX-61081.exe...
Entfernungs-Anweisungen
...delete the following value: Rundll32.exe C:WindowsSystemPIX-61081.exe...
Quelle: http://securityresponse.symantec.com/avcenter/venc/data/w32.pixo.html |
|---|
W32.HLLW.Dormin.A@mm |
|---|
Technische Details
...Adds the following values: Nimrod_Keyboard Rundll32.exe Keyboard,Disable Nimrod_Mouse Rundll32.exe...
Entfernungs-Anweisungen
...following values if they exist: Nimrod_Keyboard Rundll32.exe Keyboard,Disable Nimrod_Mouse Rundll32.exe...
Quelle: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.dormin.a@mm.html |
|---|
Adware.Bookedspace |
|---|
Technische Details
..."<name of .dll file>"="RunDLL32.exe <path to .dll file>, DllRun"...
Entfernungs-Anweisungen
..."<name of .dll file>"="RunDLL32.exe <path to .dll file>, DllRun"...
Quelle: http://securityresponse.symantec.com/avcenter/venc/data/adware.bookedspace.html |
|---|
W32.Sircam.Worm@mm |
|---|
Technische Details
...Copy <Computer>WindowsRundll32.exe to <Computer>WindowsRun32.exe...
...Replace <Computer>Windows
undll32.exe with C:RecycledSirc32.exe...
Entfernungs-Anweisungen
...network, the Run32.exe file will have been be overwritten with an infected copy of the Rundll32.exe. If you see more than one entry...
...Instead, you must delete the Run32.exe and the Rundll32.exe files and then extract an new copy of Rundll32.exe from a clean back up or from...
...If the file WindowsRun32.exe exists, rename it back to WindowsRundll32.exe See the sections that follow...
...this, the Run32.exe file will have been overwritten with an infected copy of the Rundll32.exe. As a result, you will not...
...network, the Run32.exe file will have been be overwritten with an infected copy of the Rundll32.exe If you saw more than one entry of "@win
ecycledsirc32.exe" when performing...
...Instead, you must delete the Run32.exe and the Rundll32.exe files and then extract an new copy of Rundll32.exe from a clean back up or from...
...Rename it to: rundll32.exe Press Enter....
Quelle: http://securityresponse.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html |
|---|
W32.Miroot.Worm |
|---|
Technische Details
...C:Cmd.exe %System%Rundll32.exe with hidden, system, and read-only...
...C:WindowsSystem32 (Windows XP). Creates the file, rundll32.exe.tmp (Windows 2000 only). May cause Windows to display...
..."LoadPowerProfile"="%System%Rundll32.exe" in the registry key:...
Entfernungs-Anweisungen
...data field, then click OK: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme...
Quelle: http://securityresponse.symantec.com/avcenter/venc/data/w32.miroot.worm.html |
|---|
Spyware.XpcSpy |
|---|
Technische Details
..."System Check" = "Rundll32.exe SysDll32.dll,SystemCheck"...
Entfernungs-Anweisungen
..."System Check" = "Rundll32.exe SysDll32.dll,SystemCheck"...
Quelle: http://securityresponse.symantec.com/avcenter/venc/data/spyware.xpcspy.html |
|---|
Backdoor.LoxoScam |
|---|
Technische Details
...It modifies the value from LoadPowerProfile Rundll32.exe powerprof.dll,LoadCurrentPwrScheme...
Entfernungs-Anweisungen
...exists, modiify it to LoadPowerProfile Rundll32.exe powerprof.dll,LoadCurrentPwrScheme...
Quelle: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.loxoscam.html |
|---|
W32.Lovgate.R@mm |
|---|
Technische Details
..."Protected Storage"="RUNDLL32.EXE MSSIGN30.DLL ondll_reg"...
..."VFW Encoder/Decoder Settings"="RUNDLL32.exe MSSIGN30.DLL ondll_reg"...
..."Windows Management Protocol v.0 (experimental)," which is mapped to "Rundll32.exe msjdbc11.dll ondll_server."...
...Creates the service, "_reg," which is mapped to "Rundll32.exe msjdbc11.dll ondll_server."...
Entfernungs-Anweisungen
..."Protected Storage"="RUNDLL32.EXE MSSIGN30.DLL ondll_reg"...
..."VFW Encoder/Decoder Settings"="RUNDLL32.exe MSSIGN30.DLL ondll_reg"...
......
Quelle: http://securityresponse.symantec.com/avcenter/venc/data/w32.lovgate.r@mm.html |
|---|
|
|
![[filename.info logo]](/img/logo.png){kind=logo}
![[cn rundll32.exe]](/img/nix.gif){kind=small}
