Spyware in RUNDLL32.DLL

The sircam worm will do what you say ,,, If you can ,, You might try copying a new clean copy Also found this... not sure if it's related Sounds funny ,nonetheless When executed, Funner will copy itself to the WINDOWS directory under the name rundll32.dll and alter registry entries to ensure the worm is started. It will also copy itself under WINDOWS SYSTEM directory as explorer.exe IEXPLORE.EXE userinit32.exe The following registry keys are altered to ensure the worm runs upon next reboot HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MMSystem" "c:\winnt\rundll32.exe "c:\winnt\system32\mmsystem.dll"", RunDll32" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "MMSystem" "c:\winnt\rundll32.exe "c:\winnt\system32\mmsystem.dll"", RunDll32" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" "C:\WINNT\system32\userinit32.exe," Funner also overwrites the local hosts file with a file containing various URLs. NOTE! There is Windows system DLL named rundll32.dll under WINDOWS SYSTEM directory. This DLL is part of Microsoft Windows operating system. MSI 845e mb 768 mb ram and a p4 2.4n running xp ,win 2000 advanced server and win 98 SE alot to learn and I know so little !!!!

I dont have the sircam worm or funner. I did a check for both, no help.

Have you tried Spybot SD? If Spybot can't get rid of it because it's in use, it will ask you if it can run at startup before the offending file loads into memory.

tried stopping it in task manager 1st then spybot,if that dont work how about "hijack this",do google on it smuggly

try running ad aware and spybot, reboot in safe mode run them both again in safe mode....reboot.. and run this http://housecall.trendmicro.com/

You can find a lot of RunDLL32 references here: http://www.Dx21.com | Development | Scripting | RunDLL32