Scrooge 0 Posted December 1, 2018 Report Share Posted December 1, 2018 Dear Experts, I was wondering if my computer might be infected or maybe I'm just paranoid. Although nothing seems to be out of the ordinary, please tell me I'm just paranoid here on this. I've heard about dll injection when malware authors have been exploiting Windows dynamic library where executables access the library and share the memory space, with a malicious dll beieng injected into a legitimate process. Then we won't then see a malicious process runing in memory there because it's a legitimate executable that could very well be an essential Windows operating system process but carrying out the malicious activities because it's actually executing functions that are part of a malicious dll file. Because I have Windows 10 Pro 64-bit(Version 1809 17763.134) (X64) there are obviously two rundll32.exe for calling different programs respectively. One is located in C:\Windows\System32\rundll32.exe Another one is in C:\Windows\SysWOW64\rundll32.exe Sometimes when I turn on my computer I see them both ( I guess) starting up with Windows, and sometimes they don't start up with Windows. Today for example they started up again. See attached Task Manager screenshot. I scanned my computer with Emsisoft while they were runnng. The scan result attached. I ran FRABAR scan. FRST nad Addition scans attached. I also ran cmd command (tasklist /m /fi "IMAGENAME eq rundll32.exe") to identify loaded DLLs in these running rundll32.exe,. Screenshot attached. Am I paranoid? My browsing habbits are pretty rigorous. I don't visit suspicious websites, I don't download literally anyting unless I have to. I don't even click on links that I send to myself not to mention some attachments coming in an email. My browser security settings don't have even one weak cipher siute and they are all with forward secrecy, My browser user agent only supports TLS 1.2 and obviously 1.3 and it's immune to logjam, freak and poodle attacks with a bunch other firefox about:config strengthened security settings. I know I'm probably a very sick individual in terms of this hyphened sense of security but that the way it is now. Should I be worried about these two rundll32.exe? EEK SCAN.txt FRST.txt Addition.txt Link to post Share on other sites
Kevin Zoll 309 Posted December 2, 2018 Report Share Posted December 2, 2018 I am not seeing anything malicious in your logs or the provided screenshots. Link to post Share on other sites
Scrooge 0 Posted December 2, 2018 Author Report Share Posted December 2, 2018 Thank you very much for your time. I really appreciate it. The topic can be closed now. Link to post Share on other sites
Kevin Zoll 309 Posted December 3, 2018 Report Share Posted December 3, 2018 You are welcome. Thread Closed Link to post Share on other sites
Recommended Posts