RUNDLL32.EXE – trojan Injector

July 26, 2011 by NightWatcher
Filed under: Malware 
: Solved!

Fix it immediately:

The file RUNDLL32.EXE is malware related.
You must delete the file RUNDLL32.EXE immediately!
Delete the file RUNDLL32.EXE without delay!
Kill the process RUNDLL32.EXE and remove RUNDLL32.EXE from the Windows startup.

Malware Analysis of “RUNDLL32.EXE”
Executed: bf8e3239.exe
Removed: rundll32.exe. Full path: %Appdata%\rundll32.exe

RUNDLL32.EXE is known as:

Win32.VBKrypt, Win32.Injector

RUNDLL32.EXE hash:

  • MD5: ec02cc57ffda873a66467e769465b2f5
  • SHA1: f2fdda1841aac30a517cd52fc9c8189d21d4ca1c
How to quickly detect RUNDLL32.EXE presence? 

Registry:
  • HKLM\Software\Windows\Microsoft\CurrentVersion\Run\rundll32.exe: “%Appdata%\rundll32.exe”
  • HKCU\Software\Windows\Microsoft\CurrentVersion\Run\rundll32.exe: “%Appdata%\rundll32.exe”
Files:
  • %Appdata%\rundll32.exe

Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Tags: Injector, rundll32.exe, Trojan

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.