On fresh a installation of 32-bit Windows 7 RC (downloaded from Microsoft TechNet site) I'm keep getting these Defense+ alerts (Comodo Internet Security) that rundll32.exe is trying to execute one or another dll / exe files ONLY when the PC is idle .
I've ran Avira (installed), Kaspersky, F-secure (both online) and Malwarebytes' Anti-Malware, many times and they've found nothing so far.
Here are some of the file names rundll32.exe tries to execute:
Microsoft.stdformat.dll, QtCore4.dll, QtNetwork4.dll, jpeg62.dll, sqlceca30.dll, speedfan.exe (hard drive, temp etc monitoring program), CamMenuPlayer.exe, CamRecorder.exe (TechSmith Camtasia files) and many others I wasn't able to get name of.
The screensaver is set at 40 min and turn display off is at 45 minutes but this rundll32.exe alerts I get anywhere between around 15/20 min. The alerts also pops up even when I turned off the screensaver & 'turn display off' settings.
My main question/concern is the behavior of rundll32.exe, why it tries to execute any file in first place, even when no program is running (is this normal ?) and more importantly why only when the PC is idle ? (the alert never pops up when I'm using the PC)
Many thanks in advance, any help is highly appreciated. - Jags
I have the same issue here. My firewall / antivirus trigger a warning everytime the PC is idle, because rundll32 try to execute lots of files (exe´s, dll´s among others).
I think its a normal behaviour, and Windows is just indexing files (my system is clean from malware, it even happens in a clean installation, not connected to external network, with a new hard drive).
But I would like to have a official word from Microsoft about this.
In fact, if it´s the indexer, I would like to say that sometimes the indexer try to index a file beeing downloaded by utorrent, and it makes the download fail. uTorrent give a error: "Cannot write the file beeing used by another process".
And, it too happens only with the pc idle.
Just so you know that you are not alone, I have exactly the same behaviour:
WIndows 7 RC build 7100, Comodo and rundll32.exe is trying to execute every exe and dll on my hard drive. Also only when idle.
Nothing seems to happen if I block a request, but then nothing seems to happen if I allow one either...
I have also done virus scans with Comodo and Kaspersky and found no malware.
Microsoft? Is anybody monitoring this?
Yes, I do realize this. But rundll32 trying to execute random exe´s and dll´s across my drive don´t exactly remembers me of telemetry. There is no point (for microsoft) to "telemetry" a dozen files inside my system32 folder, if it was microsoft who put the files there in first place.
For me, telemetry have much more to do with what is installed, unninstaled, user opening / closing programs and so on.
So far, all I see is just random acess of lots of files, AND rundll32 don´t tried to connect to internet after it reads the random data. If it was telemetry, I suppose rundll32 would try to "delivery" the data to microsoft?
I have a brand new Toshiba laptop with Windows 7 64bit. I also have comodo installed and am getting these same messages that rundll32 keeps trying to run all sorts of programs. My first thought was definitely virus because all those programs shouldn't be running all the time. So it is not just the RC system but the release that is also doing this. Microsoft, why is it doing this?? How can I make it stop?
A wild guess ... do you have this problem when your screensaver popups or when you didn't do mutch on your machine?
Try to execute the following procedure and see if you have the same messages where you are complaining about.
1. Press the Windows Key + R
2. In the run prompt type the following command (This is case sensitive.)
3. Hit the OK button.
Do you now have the same messages?
IM me - TWiTTer: @DFTER
same here , everything from nod32 (i'm fine with that, lol )..............but movies?.....it tries to run update programs that are disabled, video files, audio files......almost anything !........and as a matter of fact,....i forget the exact wording but event viewer had a warning that....."dll's were being loaded for EVERY FILE ".....in my system !.......i wouldn't trust "milk you soft "........as far as i could throw one of their fat ____ ceo's or stockholders, so it would not surprise me if this were NOT malware or something,........but i wish someone would find a way to neuter it !
Try this folks it may help, at least it did for me.
Control Panel->Administrative Tools->Computer Management->Task Scheduler->Task Schedular Library->Microsoft->Windows->
Highlight "Application Experience" you should have AIT Agent and ProgramDataUpdater at the top. Right click on ProgramDataUpdater and select Disable
For those of you experiencing rndll32.exe issues...the rundll32.exe is a list of system processes linked to the Windows registry. What often often happen is that due to various reasons the files in the registry linked to the rundll32 become corrupted. So when this occurs the rundll32.exe because its part of the system processes will continue trying to execute the corrupted files over and over.
So the first thing you do is identify the specific rundll32.exe process as Jags FL mentioned.
"Here are some of the file names rundll32.exe tries to execute: Microsoft.stdformat.dll, QtCore4.dll, QtNetwork4.dll, jpeg62.dll, sqlceca30.dll, speedfan.exe (hard drive, temp etc monitoring program), CamMenuPlayer.exe, CamRecorder.exe (TechSmith Camtasia files) and many others I wasn't able to get name of."
then all you do is stop the processes involved by opening start- run - type services.mse- in services mse end the specific processes related to your problem.
If this does not work you will need to delete the corrupted entries in the registry. Here is a walkthrough that will guide you to making Windows registry Edits. Another solution could be for you to leverage a Windows registry cleaner that will remove the corrupted entries in the registry. Here are reviews of good Windows registry cleaner's.
Hope you found the info useful.
THKS Detzzz!! I believe that solved the problem I was having with RUNDLL32.EXE running none stop during idle mode with high CPU usage. I went to "Task Scheduler" and went to "Application Experience" and disabled AitAgent, Microsoft Compatibility Appraiser, and "ProgramDataUpdater". Not sure exactly which one of those is the culprit, but I will enable them back one by one, until I find the main culprit.
- Edited by RSwanson72 Tuesday, April 14, 2015 6:29 AM
Deitzzz solution solved my problem.
He states, Go to --->"Control Panel->Administrative Tools->Computer Management->Task Scheduler->Task Schedular Library->Microsoft->Windows->
Highlight "Application Experience" you should see AitAgent and ProgramDataUpdater at the top. Right click on ProgramDataUpdater and select Disable".
If you see "Microsoft Compatibility Appraiser" there too, you will probably will need to disable that one as well, because for me, it was doing the same thing that ProgramDataUpdater was doing.
- Edited by RSwanson72 Friday, April 17, 2015 8:25 AM