Win2K3 Server Std w/SP2 + critical updates from Microsoft as of Feb 15/2009
Server is a member of the local domain and is used only as a file/print server.
About a week now, I've noticed that there are alot of rundll32.exe appearing under the processes tab in task manager. As much as 100 of them. I don't know where they are coming from and was wondering if anyone would know.
I've scanned and rescanned for viruses, worms, trojans and malware but nothing shows up. We have 9 other servers, mixed Win2K3 std and ent and none of them have this issue as well as the 30 pc's.
Having all those rundll32.exe does not seem to affect the performance of the server itself. Still have access to files and printers. and from the server itself, I can browse the internet, connect to other servers and so forth.
Under processes, rundll32.exe displays 00 under CPU and 1688k under Memory Usage.
I ran "tasklist /m /fi "IMAGENAME eq rundll32.exe" >C:\rundll32.txt" and this is what I get for all of them. Only the PID # is different for each one.
Image Name PID Modules
========= ==== ====================================================================================
rundll32.exe 5060 ntdll.dll, kernel32.dll, msvcrt.dll, GDI32.dll, USER32.dll, ADVAPI32.dll, RPCRT4.dll, Secur32.dll, imagehlp.dll, IMM32.DLL
Any help is appreciated.
Thanks.
Stan.
Bookmarks