|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
05-05-2001, 08:25 PM
|
#1 |
|
Member (5 bit)
Join Date: Oct 2000
Location: Saskatchewan, Canada.
Posts: 16
|
"Run a DLL as an App" trying to access internet
In the last week or two, my firewall (Zone Alarm) has been asking me if I want to let "Run a DLL as an App" access the internet. Since I have no idea what it is, I've been saying no. Everything seams to be in working order, no adverse affects of not letting it access the net.
Every time it comes up, I just specify that it can't access the net at the moment, I haven't permanently blocked it, since I want to know every time it tries. It's tried about 4 or 5 times in the last few weeks, it started about 2 weeks ago. I can't think of anything I did that may have triggered it. Does anybody have any idea what it is? What it's supposed to do? Spyware perhaps? I'd like to get rid of it, if I can. |
|
|
|
05-05-2001, 09:00 PM
|
#2 |
|
Member (9 bit)
Join Date: Nov 1999
Posts: 447
|
There are a number of apps that ZA will report "run dll as an app" for, in my case At Guard is reported as this when it verifies a rule addition or a change.
I would look at any SW you may have started to use during the 4-5 weeks that you have been seeing this alert. It could be spyware, but it also could be a proggie that is making purposeful attempts at the net. Also, I would just let ZA permanently block its access; if you don't seem to be "missing" anything, than the rule can stay, if you find that this blocks something that you want/need than you will know what the app is! ZA will still log the attempts, but it won't ask you everytime it happens. |
|
|
|
|
05-06-2001, 12:39 AM
|
#3 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 41,163
|
I have the same thing happen occasionally - and I don't remember what app does this. I have it set to ask every time. By the way, Zone Alarm 2.6 is now out, both free and Pro.
|
|
|
|
|
05-09-2001, 11:25 PM
|
#4 |
|
Member (5 bit)
Join Date: Oct 2000
Location: Saskatchewan, Canada.
Posts: 16
|
Thank you both.
Before, all the info I got was "Run DLL as an App" is trying to access, etc. So I upgraded to ZoneAlarm 2.6, now I found out exactly what program it is, and even were it's trying to connect to. This probably makes perfect sense to somebody, but to me, this is just weird. The program is Rundll32.exe. I ran the IP address it was after through Neotrace, and out comes a node that looks like part of my ISP ("dns1.accesscomm.ca"). Why the heck would Rundll32.exe be trying to access something outside of my system? |
|
|
|
|
05-12-2001, 12:47 AM
|
#5 |
|
"Normal" again....??
Join Date: Dec 1999
Location: Regina, Saskatchewan, Canada
Posts: 17,600
|
Hey there Cosmyre, with accesscomm.ca, you must be in Regina as well. Anyhow... I did a bit of playing and got Windows and ZoneAlarm to bring up the RUNDLL as an app when I went to update a driver and it searched folders, drives, then the internet, so this is one example of when it will occur and is normal.
__________________
-At Ford, quality is job #1, job #2 is making them explode. ~Norm MacDonald, SNL News -Switching to Glide..Balancing in my head..inside of me... taking the glide path instead. |
|
|
|
|
08-16-2004, 02:35 PM
|
#6 |
|
Member (1 bit)
Join Date: Aug 2004
Posts: 1
|
I too have been receiving the same message, so is it something I should lock out or not???
|
|
|
|
|
09-10-2005, 02:48 PM
|
#7 |
|
Member (1 bit)
Join Date: Sep 2005
Posts: 1
|
Edit: Wow, i seem to have revived a significantly old thread. Sorry, i found this on google so it skipped my mind to check post dates.
I got this message as well for several weeks, but today soon after i upgraded to ZoneAlarm Pro, i am getting a box from SmartDefense Advisor stating: "Run a DLL as an App was prevented from was prevented from monitoring your mouse and keyboard strokes Program: Run a DLL as an App Time: 9/10/2005 3:45:46PM" That repeat wasnt a typo, by the way. Thats how it was wrote. On top of that, in my programs list 'Run a DLL as an App' is listed as a System file and warns that killing it may severely complicate things. Heres a bit more info, im unsure what to do. Product name Microsoft® Windows® Operating System File name C:\WINDOWS\system32\rundll32.exe OSFirewall System Program Last policy update Not applicable Version 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Last modified date 8/4/2004 12:00:00 File size 32 KB |
|
|
|
|
09-11-2005, 10:23 AM
|
#8 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 41,163
|
rundll32 - rundll32.exe - Process Information
Process File: rundll32 or rundll32.exe Process Name: Microsoft Rundll32 Description: rundll32.exe is a process which executes DLL's an places their libraries into the memory, so they can be used more efficiently by applications.This program is important for the stable and secure running of your computer and should not be terminated. Note: rundll32.exe is also a process which is registered as the W32.Miroot.Worm. This Trojan allows attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately. ---------------------------------------------------------------- http://securityresponse.symantec.com...root.worm.html Any current antivirus program should be able to detect this worm if you in fact have it. |
|
|
|
|
09-12-2005, 10:58 AM
|
#9 |
|
Member (1 bit)
Join Date: Sep 2005
Posts: 1
|
run dll as an app rundll32.exe
It seems I have the exact issue as Spikewire just posted on the 10th. run dll as app warnings from Zone Alarm after my recent upgrade. It seems my system would not run correctly unless I gave it super trusted level in ZA.
This is the detail of the program 'run dll as an app' Product name Microsoft® Windows® Operating System File name C:\WINDOWS\system32\rundll32.exe OSFirewall System Program Last policy update Not applicable Version 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Last modified date 8/4/2004 12:00:00 File size 32 KB I like Spikewire am left wondering....now I see these posts go back to 2001....Why does Zone Alrm not recognize this as a legitimate program then if it is? Why the scary red dangerous warning box for a legit MS program? I guess I am somewhat comforted by glc's post that although rundll32.exe is both legit and registered to a worm, that I should be protected by a 2004 NAV update......... Thanks Last edited by greenmoon; 09-12-2005 at 11:01 AM. |
|
|
|
|
04-09-2006, 01:19 PM
|
#10 |
|
Member (1 bit)
Join Date: Apr 2006
Posts: 1
|
Rundll or RundII ?
I knew that rundll is a windows program so it should not be deleted. (Certain programs such as control panel won't run without it.) Apparently, it copies a program file (dll) to memory to allow it to run faster, no harm done. The problem is: what program is trying to use rundll? That's the thing to determine.
Additionally, I saw that there are some viruses or worms with similar name. An interesting twist is that, depending on the font, two lower case L's appear nearly identical to Uppercase I's. So what you think is a safe file really may not be one... need to "re-font" it to make it appear as it really is. Here's how the two versions look side by side: Rundll32.exe RundII32.exe The second one is the fake one with the two I's. Notice that the I's are spread out a little more than the l's since they are captial letters. Very sneaky  Well have fun... and don't delete rundll. JL
|
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
