1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

simple question: rundll32.exe location question

Discussion in 'Virus & Other Malware Removal' started by labayou58, May 2, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. labayou58

    labayou58 Thread Starter

    Joined:
    Jul 9, 2007
    Messages:
    22
    If rundll32.exe is found in C:\WINDOWS\Prefetch is it a virus or variant?
    I have read that rundll32 found in C:\WINDOWS\system32 is critical to running windows, however if found in the prefetch folder does that mean its viral?
     
  2. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    Make sure you see the whole thing. Rundll32.exe should not be in the Prefetch folder, nor any other exe. If you see others, you are not seeing the .pf file ending. Right-click the file to see if it is a prefetch file.
     
  3. labayou58

    labayou58 Thread Starter

    Joined:
    Jul 9, 2007
    Messages:
    22
    SOLVED. Got it. Thank you. Laptop is infected with several different "things" and when I saw this in prefetch I figured it was wrong. rundll32.exe (typed exactly) belongs is sys32. Wanted to be sure before I start working on removal.
    thank you very much for the quick response
     
  4. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    If none of the files in Prefetch shows the .pf extension, then try Folder Options to show common file endings. I don't know how people function without seeing what file types they are working with, but they do. :D

    Everything in Prefetch should end with .pf except layout.ini.
     
  5. labayou58

    labayou58 Thread Starter

    Joined:
    Jul 9, 2007
    Messages:
    22
    All of the files in the prefetch are PF files except one that says Layout. Its a configuration setting notepad file, looks ok.
    Still not really sure whats wrong with it, I'm not expert but generally hang with it until I figure it out. Got a lot left to scour.
    thanks for your help
     
  6. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    If it just says "layout", then you have your file endings hidden. It is layout.ini.

    Especially when trying to solve problems, it helps to be able to see what file types you are dealing with.
     
  7. labayou58

    labayou58 Thread Starter

    Joined:
    Jul 9, 2007
    Messages:
    22
    I have "show hidden" checked and all of these files show .pf at the end except this one. i checked the file size against that of the Layout.ini on my desktop and it doesnt match; 3318k to 439k on the desktop.
    Not sure that matters, there are so many problems with this thing. Spyware toolbars and viruses yet they have antivirus/spyware working on the thing.
    The identities have been skewed and I'm working on that first.
    Thank you
     
  8. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    "Show hidden" only shows hidden files. You need to also show common file endings and show system files in order to see all your files.

    There are a lot of different latout.ini files that are unrelated to one another. It depends where they are located.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - simple question rundll32
  1. Closed100
    Replies:
    0
    Views:
    511
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/709284

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice