Which one was the virus in disguise? Rundll32.exe, or Rundll32.dll??

Lately I've seen Rundll32.exe running as a process, and I know it wasn't there before. To boot, every time I open internet explorer I get a gay pop up menu at the bottom of my screen with stupid crap like vacation links. They don't appear to be related, but I'm positive they got through at the same time. I'm cleaning out the registry now, Rundll32.exe shows up about 40 times. BLEH.

the DLL is the bad one

edit : it's part of the Netsky virus... if you get the removal tool and run it you should be fine..

http://securityresponse.symantec.com/avcenter/FxNetsky.exe

DLLs are not bad files Elvtin, they can however be infected with a virus like you mention. This time I would suggest getting rid of the executable version of Rundll32.exe. Again, the Rundll32.dll is a Direct Link Library file and is required to run windows.

lol so which of them is it? I have found that removing rundll32.exe cuts out the ability to view desktop properties, so I'm leaving that right where it is ;)

I would recommend a little what both of us replied, leave both files alone and run that removal tool if said file does have a virus attached to it; the tool will get rid of it.

I like to copy/paste stuff...

Rundll (1)

Rundll32 (1)
Rundll.exe

Rundll32.exe

(Microsoft)
Microsoft’s “Run a DLL as an App”. A DLL is a Dynamic Link Library. In layman and [very] simplistic terms a DLL is a portion of a software program which is only used by the main program as and when specific features of the software are used by the end user (for instance the PRINT function in your wordprocessor). The main advantage is that, using this technique, programmers can develop software which does not end up gobbling up memory through the whole program loading in one go, but which instead only uses enough memory for the core functions of the program, with specific features, implemented in separate DLL files, only loaded as and when the end-user decides to use them (ie. The Print DLL will only be loaded into memory when the end-user clicks on PRINT). Another advantage is that the software developers can also have common features which they have implemented across a range of their programs, implemented just the one time as a shared DLL which is used by all that developer’s programs. RUNDLL and RUNDLL32 are the Microsoft Windows programs that need to be used to load DLLs into memory so that they can be used by specific programs or by Windows.

Recommendation :
First, note that RUNDLL.EXE only exists in Windows 95/98/ME, it does not exist in Windows 2000/XP/2003 – its path is C:\Windows\Rundll.exe as shown on the Tasks tab of The Ultimate Troubleshooter; anything else and you have a virus (see below). RUNDLL and RUNDLL32 do not normally appear in the Task List in Windows. In our experience they tend to appear only when you are already having problems of some sort with your PC, or a particular DLL is either misbehaving, is buggy, or is having problems, such as a Control Panel applet hanging for example. If you see RUNDLL or RUNDLL32 in your Task List persistently then you should be [slightly] worried (see below the other entry for RUNDLL32) – make sure you have good and up‑to‑date antivirus software, boot into Safe Mode, and run a full virus scan on your PC. If you do not have a virus and see either in your Task List, simply leave it alone. We are not sure as to the other times when the real RUNDLL or RUNDLL32 can sometimes suddenly appear in the Task List, but you should leave them alone in most cases provided, again, that you know you do not have a virus.

Rundll (2)
Rundll.exe

(???)
If you have Windows 2000/XP/2003 and this is running, then you most definitely have a virus. If you have Windows 95/98/ME and the full path to the program, as shown on the Tasks tab of The Ultimate Troubleshooter, is not C:\WINDOWS\RUNDLL.exe , or if this task shows up as a startup item on the Startups tab of The Ultimate Troubleshooter, then you also have a virus such as the PWSteal.Banpaes.D or W32.Huayu viruses.

Rundll32 (2)
Rundll32.exe

(???)
You have one of the W32.Miroot.Worm / W32/Legemer.Worm / W32.HLLW.Sanker viruses (or another virus).

Edit for me forgetting what the "D" stood for in DLL.

(sigh). I used to check my computer for adware every week. Just ran my tool, found hundreds of instances of Ad or Spyware on my computer. That tool found a FEW instances of the virus and removed it. Thanks :)