Strange dll

vbimport

#1

i noticed rundll32.exe in yamicsoft’s process manager (included in windows 7 manager). i do realize that this is usually a windows process; however, it doesn’t appear to be signed by MS and it also points to a strange dll in the temp folder named shrasdrv.dll :frowning: anyone know if this is malicious? virus scans do not report it as such.


#2

i took a few snips of the process manager’s info on the process

after trying to delete i got this in the image hijack detection tool

still wasn’t able to delete or end the process


#3

i would also like to mention that an unknown user account had full permissions to it, i denied access to be safe.


#4

i managed to delete it after ending several processes that it jumped to


#5

[QUOTE=justnandbrtny;2496167]i would also like to mention that an unknown user account had full permissions to it, i denied access to be safe.[/QUOTE]What user account exactly?

You may consider the “flatten and rebuild” cure, especially if you suspect someone else has had access to your system?

Are you normally using an account with restricted permissions? UAC - is it on or off?
And I have seen you are running some file sharing application. Might be some kind of infection vector, too.

Michael


#6

[QUOTE=mciahel;2496189]What user account exactly?

You may consider the “flatten and rebuild” cure, especially if you suspect someone else has had access to your system?

Are you normally using an account with restricted permissions? UAC - is it on or off?
And I have seen you are running some file sharing application. Might be some kind of infection vector, too.

Michael[/QUOTE]
well exactly, its an unknown account, reported in windows as: Account Unknown(S-1-5-21-2078719863-979482418-720246454-1001)

i plan on flattening in the future, though i dont suspect anyone has access to my files.
my account is the only on my machine, UAC is on and DEP is on.
as for file sharing, i use it (i assume you mean utorrent) for linux images from linuxtracker.org, into an isolated drive where i scan them.
im not for sure, but it seems to have fixed an issue with constant redirecting in firefox. i have had this issue for a while, and ive tried doing what others who have had the problem have suggested to no avail. The only problem is that now i need to fix rundll32.exe. Any Suggestion?

im not sure where the above account is, its not in my account list, though homegroupuser$ is… and im not sure if ive ever seen it before. im currently removing all permisions that the unknown account has.


#7

This might help… http://www.howtogeek.com/howto/windows-vista/what-is-rundll32exe-and-why-is-it-running/


#8

Hi,[QUOTE=justnandbrtny;2496199]well exactly, its an unknown account, reported in windows as: Account Unknown(S-1-5-21-2078719863-979482418-720246454-1001)[/quote]Then this file belonged to a user account you deleted some time ago, or it is from a foreign system. The latter is highly suspicious. If you managed to keep a copy of that file, I’d feed it to virusscan.jotti.org

my account is the only on my machine, UAC is on and DEP is on.
It is better to have a restricted account for regular work.

as for file sharing, i use it (i assume you mean utorrent) for linux images from linuxtracker.org, into an isolated drive where i scan them.

File sharing is an infection vector regardless of the material you are intending to share. Perhaps it is better to install a lightweight Linux system in a Virtual Machine (like Virtual Box) and do the file sharing in this more isolated environment.
And you can’t trust Antivirus software.

im not for sure, but it seems to have fixed an issue with constant redirecting in firefox. i have had this issue for a while,
This is an indication for some malware you managed to install.

Michael