RUNDLL132.EXE is Worm Mytob

September 21, 2012 by NightWatcher
Filed under: Worm 
: Solved!

Fix it immediately:

The file RUNDLL132.EXE is a computer worm.
The worm RUNDLL132.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the RUNDLL132.EXE problem as soon as possible!
Delete the file RUNDLL132.EXE from all infected computers in your network.
Set up your network firewall against RUNDLL132.EXE intervention.

Malware Analysis of RUNDLL132.EXE
Full path on a computer: %WinDir%\rundll132.exe

Detected by UnHackMe:

Item Name: Rro
Author: Unknown
Related File: %WinDir%\RUNDLL132.EXE
Type: Registry Run

Item Name: rundll132.exe
Author: Unknown
Related File: %WinDir%\RUNDLL132.EXE
Type: Running Processes

Removal Results: Success
Number of reboot: 1

RUNDLL132.EXE is known as:

Worm.Mytob

RUNDLL132.EXE hash:

  • MD5: 02ee79291d6cf227f9e16d61fb9b5216
How to quickly detect RUNDLL132.EXE presence?

Registry:
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Rro: “%WinDir%\rundll132.exe”
Files:
  • %SysDir%\rodll.dll
  • %WinDir%\rundll132.exe


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Tags: Mytob, RUNDLL132.EXE, Worm

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.