Windows 10: Suspicious "rundll32.exe -localserver ***" running in Task Manager, possibly a network worm

My PC is running Windows 10 21H2 Build 19044.2130 or 19045.2130, I don't remember. I was gone and put my laptop on sleep, when I finally came back after some time, I saw rundll32.exe running in Task Manager. I know that rundll32 is a Windows component commonly used to run DLL files as apps advanced information, don't worry if you don't understand it. Normally I see rundll32.exe with command line like this: rundll32.exe DllFileName.dll,Something. Although, rundll32.exe this time has command line equal to rundll32.exe -localserver *some guid, like 71eec927-27c0-466d-954d-e61f81be3d5d I rand

:)

 

OVER 160 RunDll32.exe in TASK MANAGER !

Have you got lots of Rundll32.exe or svchost.exe processes running, or both?

On a normal Windows 10 system, you should not have any Rundll32.exe processes running at all. Check your startup apps the see what is causing this:

• Press Ctrl + Shift + Esc together to open Task Manager, click on the Startup Tab and see if there are any entries that are starting under rundll32, if there are, disable them
• Press WIndows + R keys together to open the run dialog, type msconfig and hit enter. Click on the services tab and check the box marked 'Hide all Microsoft Services'. Then scroll through the list of services looking for rundll32 entries, if you find any,
  uncheck them and reboot

With regards to svchost, i have noticed a huge increase in the number of these processes since the Creators Upgrade - I have 77 currently running on my system. They all are using 0% processor and HDD and on average about 1MB - 2MB, though this number does
seem excessive . . .

 

Rundll32.exe "Suspicious botnet" warning

I use Opera and Eset Smart Security 9.

There is not a popup window but Eset shows me a warning screen.(it is original, no problem)

It shows the problematic program as Rundll32.exe and shows malicious servers IPs, too.

for example,

94.124.122.8

80.237.133.110

108.178.52.44

There are lots of this kind of IPs and Eset's warning screen appears every 30 seconds.

I can hide this window but this won't solve the problem.

Rundll32.exe will continue to try to contact these servers, it will keep reducing the performance of my computer,too. I tried to stop Rundll32.exe from task manager and stopped it. Warning screens are not showing.

But after restart, they will come back. If it is possible, can I delete rundll32.exe and paste the clean rundll32.exe to the same file directory? I f it is possible, where can I find the clean rundll32.exe?

Regards...

 

What is Rundll32.exe and why has it started running in the background?

Hello,

From the last few days there is something bizarre happening with my Windows 10 Task Manager Rundll32.exe will start running in the background when I look at my Task Manager and will not disappear.

I have Windows 10 1903 for the last 1 month and I never noticed this, until a few days ago.


I'm completely confused as to what this is. It starts launching approximately after 2 hours and will remain there. This happened somewhere around the 18th of June.

"C:\Windows\system32\rundll32.exe" -localserver 22d8c27b-47a1-48d1-ad08-7da7abd79617

Autostart location. HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}

I tried searching for this but I couldn't find much info. I think I started noticing this after I installed Diablo 2 and Splinter Cell 1 on the 18th of June. But I don't know if this is simply a coincidence. But it definitely seems a little bit strange as I have not noticed this behaviour prior to that.

Can someone tell me what is triggering this to launch after 2 hours?