May 20, 2008

Rundll32.exe Problem

If any of you have upgraded your XP system to service pack 3 AND happen to be using the free version of Spyware Doctor included with the Google pack you need to listen to this:

There seems to be a MAJOR SNAFU with PCTools Spyware Doctor that's causing it to give a false positive for a trojan. Running a scan indicates that the file rundll32.exe is infected with trojan-spy.Pophot.WX it also includes a number of other files related to rundll32.exe. Over at PCTools, they're dragging their heels on this one. This slow response time is alarming and unacceptable. Seriously, I would have thought they would have checked compatibility with SP3 long before this. I really liked Spyware Doctor, and even recommended it to friends, but this enough of an issue to make me reconsider.

This is almost certainly a false positive, as the version of rundll32.exe seems to be the official version. I've seen this on four machines so far, all running XP(home or professional) and it only occurred after the upgrade to SP3, so either someone's infiltrated the Windows update site and is distributing a wonky file, or (most likely) it's a false positive.

If you do have this problem, and you don't want to uninstall the spyware program, here's what you can do:

1) Go to settings in Spyware Doc, and select Global Action List.
2) Click on Add, select "file on disk" from the "data type" drop-down list
3) where it asks for the file name, click on the browse button. (The one that looks like three periods)
4) Browse to your windows/system32 folder, and select rundll32.exe. Click open.
5) Make sure the global action window says to "always allow." Click "Add."

If you've already "fixed" the file, thinking it was actually a trojan, you can go to settings, then quarantine, and restore the problem files. (Or use the system restore function.) Then go to number 1 above and follow the rest of the list.

If you have already deleted/quarantined these entries, you'll notice some problems, most noticeably problems running items in your control panel. The above remedy should take care of it until PCTools can update their program.

UPDATE: To its credit, it looks like PCTools has an update to take care of this.

1 comment:

  1. Anonymous1:54 AM

    Thanks! That's what exactly happened to me

    ReplyDelete