Rundll32 error, proc at 100%

[Anarax]

Hello, all!
A friend of mine called and said he was having a problem.
He used XP Pro, has broadband, and noticed that NAV popped up a message that indicated he had a trojan (he did not know the name); for some reason, he decided to run Spybot (?) and Spybot indicated that there was a few services running (he did not tell me any names) that it could not stop, but he selected to run Spybot at startup.
Since then, he has not keyboard control (Ctrl/Alt/Del, Windows key, etc.) and when he uses the mouse to execute a program, it signals busy (hourglass) for a second, then it goes away. When he reboots, a window pops up that says Rundll32 is not responding, etc.
He does use Kazaa Lite (!) and insists that he picked a virus.
What is the best way to deal with this?
I want to be able to go into the registry to look at the Run Once key, but I need advice. I'm going over there tomorrow and try to boot in SAfe Mode.
Any thoughts?
Thanks!
Tim

 

[bcastner]

See if my notes in this FAQ resolve the issue: faq608-4650

 

[Anarax]

bcastner -
Thanks for the FAQ, I ran those ad/spy/virus removal programs, (even kazaa begone) but his problem is more immediate, in that he cannot seem to run anything once Windows boots. Regarding Rundll32, is it a necessary service in XP? If so, can't I just boot to floppy and restore a good copy of it?
Thanks again!
Tim

 

[bcastner]

If you could, post a Hijack log:

http://mjc1.com/mirror/hjt/

 

[Anarax]

It turns out that I did not need to use Hijack this, repair Rundll32, or anytihng that complicated. When I booted his PC, it did take some time, and Task Manager did yield a 100% CPU untilization problem. The reason?
A) Drive was 54% fragmented;
B) He had installed Kazza (and all the Spy/Adware along with it;
C) He had apparently installed EVERY bit of software everytime he was prompted (Hotbar, Comet cursor, etc.);
D) His startup directory (msconfig.exe) displayed 21 items (!), half of which were Spy/Adware;
E) Using XP Pro with 384 MB RAM...

He is of the opinion that he should be able to pirate software, MP3's, video, use any and all software that he finds with NO repercussions.
Yikes!

 

[bcastner]

Yikes! is being nice.
I have a similar issue with a neighbor. He called several months ago asking advice for broadband service. I told him he was in luck, that the previous Winter storms forced the phone company to run clean new copper on the street, wheras the cable system was using 12-year-old cable, and had been patched beyound belief, so use DSL. So he of course subscribed for cable broadband. When he discovered that he needed a router, he called and I advised he go with a wireless router, as two of the three computers in the house were laptops. So he bought a wired router, and then complained that the cable company would not run wires for him. So I went to the store with him and returned the router, purchased a wireless router and the necessary adapters and installed them. It worked fine. So then he complains that the router is "ugly" and he tried hiding it in the basement but his wireless service no longer works. Ignoring the fact that there was no cable connection in the basement, so the router had no connection on the WAN at all. So, the whole time being told what idiots the cable company and the router company are, I pulled from my own site a reliable pair of powerline bridge adapters and connect from a decent cable connection site the cable modem to the router and write it off as neighborly goodwill. Last weekend he calls and tells me that the internet that "I" connected was broken. Grumbling the whole way I find: the router un-plugged. Their 12-year-old had become some disgruntled with the effect of Kazaa on his own machine (after a short period of time he had no internet connection at all) he had gone to each of the other machines and installed Kazaa only to find that they too after a short period of time would stop working. His "solution" had been to keep disconnecting machines as they "slowed things down too much" until there was only a power connection left to the router.

So, I puzzled this situation for a moment. And then told them: "This problem requires a specialist, it is far too complex for my feeble skills." I then gave them the name and number of a local fellow that I quite frankly feel is an idiot, "Cleve the Destroyer of the Internet, pillager of computer systems, Conquerer of the World" is roughly how his business card reads.

So my sainted spouse tells me last night: "Our neighbors called to thank you for recommending 'Cleve the Destroyer of the Internet', as it turns out what they needed was a whole new system from the ground up, and that Cleve was going to handle it. And not to feel bad for being overwhelmed by their technical needs."

Spouse, I said, I do not feel badly, but:

1. I want my damn powerline adapters back;
2. I want an unlisted phone number;
3. It is time to sell this house and find a different neighborhood. You did want a larger bathroom?

Best,
Bill Castner

 

[Anarax]

I realize that this is a help forum, and I am not attempting to abuse it; however, Bill brings up a really good point. I am by no means Captain Computer, but I am comfortable in what I do; I, like everyone else had to start somewhere. But when I started, PC's were not $400.00, or even $1,000.00. ISP's were still charging by the hour, and peer-to-peer file sharing was largely localized; (the client side software either did not exist or the learning curve was very high) in any case, before you could "do" anything on a computer, you had to do a little reading, and demonstrate an ability and a willingness to learn.
Case in point #1: My screen name (pogo) that I use on a discussion board displayed when someone using an AOL account (typing pogo under Keyword) tries to access pogo.com. Apparently, the creators of pogo.com have no interest in replying to their customers, since the site (at one time) contained NO contact info, which is why I was harrassed for months. Of course, I changed by screen name, but I was plagued by people (many of them admitting to being drunk while online), not asking, but DEMANDING that I fix their:
1) Account
2) Connection problems
3) Other various problems
I really did try to help many of them, after explaining to all of them that I was not affiliated with pogo.com, but a few cretins that I suspect were the result of inbreeding, thought that insulting and threatening me would help address their problems.
It sure did;
1) I 'helped" them (if they were running anything other than XP/Win2K) delete TCP/IP, then reconnect and tell me how it went (strangly, I have never heard from them);
2) Delete random subkeys in the Windows registry;
3) Enable print and file sharing, and NETBIOS;
4) Turn off any virus scanner, since it hogs system resources.

Do I feel bad? Yes, I do. But before I am judged, I would like to introduce you to this guy that will call me again with the same problem.
May the force be with you.
Tim

 

[bcastner]

Tim,
You are a bad, bad, bad boy.

I have had one phone number that ends in 9696 for over twenty years.

A year ago a retailer of "junk" jewelery opened, and their extension ends in 9699. They love to advertise on late night television, but only briefly at the end of their commercials mention the phone number.

So, after being beseiged with phone calls at 3 a.m. by people wanting to know the cheapest price of gold necklaces and diamonds, I went to the store and asked to speak to the owner. I had to return three times to get an appointment with the owner. I explained my problem, and requested that the phone number be more prominantly displayed in the Ads being run. I figured this was a Win-Win situation; I would not get 40+ phone calls late at night when the Ads ran, and he would receive them instead.
He explained to me that his wife had designed the Ads, and she was an artist, "a true artist." And that changing the Ads in any way shape or form would destroy what he described as, "the special moment, the unique ability to capture the users attention."

Oh, okay.

So I took an old Windows98 box with a Voice Modem and connected it to answer any call on that line after Midnight with the voice message: "Thank you for contacting the independent fraud hotline for XXXXXX (name of the company), we are conducting a survey of possibly fraudelent misrepresentations of jewelry sales. Please press 1. if you feel your gold necklace was overpriced; 2. if your diamond was overpriced; or 3. if your dealings with XXXXX was possibly fradulent.

I had the machine dutifully record their phone presses.

10 days later I hear from the owner. Most of what he said is not printable here, but he changed both his Ads and his phone number.

 

[Anarax]

Ah yes, the dark side of technology can be very effective when placed in the hands of capable people. I am quite sure that most people that help (or like me, people who are helped), can submit numerous simular stories.
I hope that I am not misunderstood; I am not an elitist or a "know it all", I just want everyone that has ever delt with technophobic people that happen to own computers that I feel your pain.
Until I finish my MCSE, I will continue to work at my company's help desk and be subjected to jems like this:
A caller at one of our wireless DSL locations called to report "Page cannot be displayed message"; no prob. I open a command prompt and try to ping their router; packets were being dropped faster than healthfood dropped by Sally Struthers. So per our procedures, I had rep reboot. Still no network connection, which I verified by asking if anyone else there was experiencing a dropped connection. Suprise, they were. I write up a ticket so that the telco can investigate. Before the cyber-ink has dried on my request, my boss points out that I didn't check to make sure that the network cables were plugged in at both the PCs and the router.
Did I mention it was a wireless location? Telco fixed the prob and they back up in less than a minute. My boss took credit AND sent out a memo detailing the "new" procedure (that you no LONGER need to check for network cable problems at wireless DSL locations.
When did I start working IN a Dilbert comic strip?

And I will now step down off my soapbox.
Thank you!
Tim