none
rundll32.exe is trying to execute different dll, exe files when PC is idle

    Question

  • On fresh a installation of 32-bit Windows 7 RC (downloaded from Microsoft TechNet site) I'm keep getting these Defense+ alerts (Comodo Internet Security) that rundll32.exe is trying to execute one or another dll / exe files ONLY when the PC is idle .

    I've ran Avira (installed), Kaspersky, F-secure (both online) and Malwarebytes' Anti-Malware, many times and they've found nothing so far.

    Here are some of the file names rundll32.exe tries to execute:
    Microsoft.stdformat.dll, QtCore4.dll, QtNetwork4.dll, jpeg62.dll, sqlceca30.dll, speedfan.exe (hard drive, temp etc monitoring program), CamMenuPlayer.exe, CamRecorder.exe (TechSmith Camtasia files) and many others I wasn't able to get name of.

    The screensaver is set at 40 min and turn display off is at 45 minutes but this rundll32.exe alerts I get anywhere between around 15/20 min. The alerts also pops up even when I turned off the screensaver & 'turn display off' settings.

    My main question/concern is the behavior of rundll32.exe, why it tries to execute any file in first place, even when no program is running (is this normal ?) and more importantly why only when the PC is idle ? (the alert never pops up when I'm using the PC)

    Many thanks in advance, any help is highly appreciated. - Jags


    Thursday, May 28, 2009 6:29 AM

All replies

  • I have the same issue here. My firewall / antivirus trigger a warning everytime the PC is idle, because rundll32 try to execute lots of files (exe´s, dll´s among others).
    I think its a normal behaviour, and Windows is just indexing files (my system is clean from malware, it even happens in a clean installation, not connected to external network, with a new hard drive).
    But I would like to have a official word from Microsoft about this.

    In fact, if it´s the indexer, I would like to say that sometimes the indexer try to index a file beeing downloaded by utorrent, and it makes the download fail. uTorrent give a error: "Cannot write the file beeing used by another process".
    And, it too happens only with the pc idle.
    Thursday, May 28, 2009 3:43 PM
  • Thanks for the reply, and yes I would like to get an official confirmation from Microsoft regarding unusual rundll32.exe behavior too.

    But I think SearchIndexer is different from rundll32.exe
    Thursday, May 28, 2009 4:43 PM
  • Just so you know that you are not alone, I have exactly the same behaviour:

    WIndows 7 RC build 7100, Comodo and rundll32.exe is trying to execute every exe and dll on my hard drive. Also only when idle.

    Nothing seems to happen if I block a request, but then nothing seems to happen if I allow one either...

    I have also done virus scans with Comodo and Kaspersky and found no malware.

    Microsoft? Is anybody monitoring this?
    Wednesday, June 03, 2009 2:46 AM
  • You do realize that Microsoft collects data (telemetry) on the Windows 7 RC system for development, improvement and testing purposes.
    Monday, June 08, 2009 8:26 PM
  • Yes, I do realize this. But rundll32 trying to execute random exe´s and dll´s across my drive don´t exactly remembers me of telemetry. There is no point (for microsoft) to "telemetry" a dozen files inside my system32 folder, if it was microsoft who put the files there in first place.

    For me, telemetry have much more to do with what is installed, unninstaled, user opening / closing programs and so on.
    So far, all I see is just random acess of lots of files, AND rundll32 don´t tried to connect to internet after it reads the random data. If it was telemetry, I suppose rundll32 would try to "delivery" the data to microsoft?
    Tuesday, June 09, 2009 12:38 PM
  • I have a brand new Toshiba laptop with Windows 7 64bit.  I also have comodo installed and am getting these same messages that rundll32 keeps trying to run all sorts of programs.    My first thought was definitely virus because all those programs shouldn't be running all the time.  So it is not just the RC system but the release that is also doing this.  Microsoft, why is it doing this??  How can I make it stop?
    Monday, January 11, 2010 11:39 AM
  • ladyhauwke,

    A wild guess ... do you have this problem when your screensaver popups or when you didn't do mutch on your machine?

    Try to execute the following procedure and see if you have the same messages where you are complaining about.

    1. Press the Windows Key + R
    2. In the run prompt type the following command (This is case sensitive.)
    Rundll32.exe advapi32.dll,ProcessIdleTasks
    3. Hit the OK button.

    Do you now have the same messages?

    Kind Regards
    DFT


    IM me - TWiTTer: @DFTER
    Monday, January 11, 2010 2:30 PM
  • Having same issue.

    What exactly is it doing?

    It is trying to execute .dll, .exe, .lnk, .bat, and .sys files.

    Is it doing some sort of index?
    Tuesday, February 02, 2010 6:25 PM
  • same here , everything from nod32 (i'm fine with that, lol )..............but movies?.....it tries to run update programs that are disabled, video files, audio files......almost anything !........and as a matter of fact,....i forget the exact wording but event viewer had a warning that....."dll's were being loaded for EVERY FILE ".....in my system !.......i wouldn't trust  "milk you soft "........as far as i could throw one of their fat ____ ceo's or stockholders, so it would not surprise me if this were NOT malware or something,........but i wish someone would find a way to neuter it !
    Wednesday, February 24, 2010 9:59 AM
  • Try this folks it may help, at least it did for me.

    Control Panel->Administrative Tools->Computer Management->Task Scheduler->Task Schedular Library->Microsoft->Windows->

    Highlight "Application Experience" you should have AIT Agent and ProgramDataUpdater at the top. Right click on ProgramDataUpdater and select Disable
    Wednesday, February 24, 2010 11:12 AM
  • On fresh a installation of 32-bit Windows 7 RC (downloaded from Microsoft TechNet site) I'm keep getting these Defense+ alerts (Comodo Internet Security) that rundll32.exe is trying to execute one or another dll / exe files ONLY when the PC is idle .

    I've ran Avira (installed), Kaspersky, F-secure (both online) and Malwarebytes' Anti-Malware, many times and they've found nothing so far.

    Here are some of the file names rundll32.exe tries to execute:
    Microsoft.stdformat.dll, QtCore4.dll, QtNetwork4.dll, jpeg62.dll, sqlceca30.dll, speedfan.exe (hard drive, temp etc monitoring program), CamMenuPlayer.exe, CamRecorder.exe (TechSmith Camtasia files) and many others I wasn't able to get name of.

    The screensaver is set at 40 min and turn display off is at 45 minutes but this rundll32.exe alerts I get anywhere between around 15/20 min. The alerts also pops up even when I turned off the screensaver & 'turn display off' settings.

    My main question/concern is the behavior of rundll32.exe, why it tries to execute any file in first place, even when no program is running (is this normal ?) and more importantly why only when the PC is idle ? (the alert never pops up when I'm using the PC)

    Many thanks in advance, any help is highly appreciated. - Jags


    I suggest using the free Microsoft Security Essentials. It works well on my machine, link in my front page.


    Vote if answered or helpful, I am running for Office (joke)! IT/Developer, Windows/Linux/Mainframe RaidMax Smilodon, 680W, Asus M2NBP-VM CSM, AMD X2 4200+, 2GB DDR2-800, HD2400 Pro, more details on my site, need a new boot disk, existing one is 5 years old
    Thursday, February 25, 2010 12:06 AM
  • thanks for the suggestion........i'll give it a try........any of milk you softs  BS that can be turned off, i'm all for it  ;-)
    Sunday, February 28, 2010 1:17 AM
  • Heya guys.

     

    For those of you experiencing rndll32.exe issues...the rundll32.exe is a list of system processes linked to the Windows registry. What often often happen is that due to various reasons the files in the registry linked to the rundll32 become corrupted. So when this occurs the rundll32.exe because its part of the system processes will continue trying to execute the corrupted files over and over. 

    So the first thing you do is identify the specific rundll32.exe process as Jags FL mentioned.

    "Here are some of the file names rundll32.exe tries to execute: Microsoft.stdformat.dll, QtCore4.dll, QtNetwork4.dll, jpeg62.dll, sqlceca30.dll, speedfan.exe (hard drive, temp etc monitoring program), CamMenuPlayer.exe, CamRecorder.exe (TechSmith Camtasia files) and many others I wasn't able to get name of."

    then all you do is stop the processes involved by opening start- run - type services.mse- in services mse end the specific processes related to your problem.

    If this does not work you will need to delete the corrupted entries in the registry. Here is a walkthrough that will guide you to making Windows registry Edits. Another solution could be for you to leverage a Windows registry cleaner that will remove the corrupted entries in the registry. Here are reviews of good Windows registry cleaner's.

     

    Hope you found the info useful.

     

    WhizKid26 

    Friday, December 31, 2010 1:54 AM