Scrooge

Am I infected? rundll32.exe

Recommended Posts

Dear Experts,

 

I was wondering if my computer might be infected or maybe I'm just paranoid. Although nothing seems to be out of the ordinary, please tell me I'm just paranoid here on this.

I've heard about dll injection when malware authors have been exploiting Windows dynamic library where executables access the library and share the memory space,
with a malicious dll beieng  injected into a legitimate process.

Then we won't then see a malicious process runing in memory there because it's a legitimate executable that could very well be an essential Windows operating system process but carrying out the malicious activities because it's actually
executing functions that are part of a malicious dll file.

Because I have Windows 10 Pro 64-bit(Version 1809 17763.134) (X64) there are obviously two rundll32.exe for calling different programs respectively.

One is located in C:\Windows\System32\rundll32.exe
Another one is in C:\Windows\SysWOW64\rundll32.exe

Sometimes when I turn on my computer I see them both ( I guess) starting up with Windows, and sometimes they don't start up with Windows. Today for example they started up again. See attached Task Manager screenshot.

I scanned my computer with Emsisoft while they were runnng. The scan result attached.
I ran FRABAR scan. FRST nad Addition scans attached.
I also ran  cmd command (tasklist /m /fi "IMAGENAME eq rundll32.exe") to identify loaded DLLs in these running rundll32.exe,. Screenshot attached.

Am I paranoid? My browsing habbits are pretty rigorous. I don't visit suspicious websites, I don't download literally anyting unless I have to.
I don't even click on links that I send to myself not to mention some attachments coming in an email.
My browser security settings don't have even one weak cipher siute and they are all with forward secrecy,
My browser user agent only supports TLS 1.2 and obviously 1.3 and it's immune to logjam, freak and poodle attacks with a bunch other firefox about:config  
strengthened security settings.

I know I'm probably a very sick individual in terms of this hyphened sense of security but that the way it is now.

Should I be worried about these two rundll32.exe?

 

Task Manager rundll32.jpg
Download Image

EEK SCAN.txt

rundll32 taslklist cmd.jpg
Download Image

FRST.txt

Addition.txt

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.