Im having this Rundllw32.exe file running everytime I boot my PC (Task Manager), inspite of deleting it
and its entries in the Prefetch folder. It just gets regenerating. Im not able to connect
to my LAN as the driver for the ethernet card gets corrupted within minutes I install it.
The file that gets affected/corrupted is slnt.sys. Because of which Im not able to connect
to the internet too. This is not picked up by NAV 2005 or NIS 2005 and even by Zone Alarm.
Can anyone of you let me know what should I do to remove this trojan ?

Thanks
Arun

Arun, Follow the Removal Instructions under the "Solution" tab at the link below.

http://www.trendmicro.com/vinfo/vir...

Tufenuf

Tufe, I actually did try removing the registry entry mentioned in that article, but in vain. It just pops out again. It slows my net cnnection and ultimately corrupts the slnt.sys file, ensuring the PC is no more in any LAN. Im sure that some backend application makes this to run. Any idea or suggestions regarding this ?

Thanks
Arun

Arun, Are you first bringing up Task Manager (Ctrl/Alt/Del) and ending the process "Rundllw32.exe" then try removing the registry entry and deleting that file? You may also want to disable System Restore then run a virus scan in SAFE mode. If it comes up clean the enable System Restore again.

Tufenuf

Tufenuf, I tried doing what you had told. The file was detected and deleted in safe mode. The internet connection was working fine then.
But once i restarted the PC in normal mode and used the net.. thats it .. in the next ten min .. the exe started running again crashing the driver and disconnecting me from the LAN.
I guess this could be resolved only when the source file that repeatedly creates this exe is deleted. Any suggestions ?

Thanks
Arun

Arun, I'd try running the Free Housecall online virus scan at the link below and let if remove or fix everything it finds.

http://housecall.trendmicro.com/

Tufenuf

Arun, Did you turn off Syastem Restore like the Removal Instructions at the link I posted in Response Number 1 stated to do? Many times these culprits hide in the System Restore files and turning it off flushes them out.

Tufenuf

Hey Tufe, Sorry for the delay. Finally they are out of my system !

I thought I could share my experience here so that someone might find it useful.

I manually checked in the registry entries after trying everything in vain and I found that in the CURRENT_USERS domain there was an entry for MSIEXEC.EXE file. Actually this was the file that ran once I booted the system after connecting the ethernet card. This exe would give rise to the Rundll32.exe and which was causing the damage.

I came to know the relation by giving the following command in the command prompt that showed me all the EXEs that were initiating or using Rundll32.exe.

tasklist /m /fi "IMAGENAME eq rundll32.exe" >C:\rundll32.txt

Then did a full system scan with NAV and it deleted around six files that were affected. Then rebooted it.

Now its working fine .. Anyway thanks for your help..

[Note: Rundll32.exe will not run when the ethernet card is disabled from the system. Once the card is enabled the exe starts running until the driver for the card gets corrupted, disconnecting you from the network.]

Thanks
Arun

Arun, Good job and Thanks for posting back. It will be usefull to others who run into the same problem.

Tufenuf

Tufe, I just wanted to add one more detail regarding this problem.
Though the MSIEXEC is the file that initiates this Rundll32.exe, we should not delete MSIEXEC.EXE file because its an essential Windows file that actually is used by programs during their startup and during any installation process. Deleting the file file will result in malfunction of the above mentioned jobs. We just need to delete the linkage between MSIEXEC and Rundll32, which are in no way connected.

Tip To Find whether the running Runddll32.exe is a trojan:
As we have a Rundll32.exe that comes with the Windows package, we should not delete it. Basically Rundll32.exe is designed to run in invisible mode (it wont appear in task manager) so if you see a rundll32 running in the task manager then better check for your system compatibility.

Thnx for the suppport mate.

Thanks
Arun