Kodi rundll32.exe ndi chiyani komanso momwe mungadziwire ngati pulogalamu yaumbanda yovomerezeka kapena yobisika?

Ngati mwabwera chankhan mu Task Manager ndikudzifunsa kuti ndi chiyani, simuli nokha: izi zitha kuchitika pafupipafupi, nthawi zina zingapo nthawi imodzi. Kutali kukhala wolowerera mwachisawawa, ndi gawo la Windows palokha ndipo cholinga chake ndikutsitsa ndikuchita ntchito zomwe zachitika dll mafayilo.

Tsopano, chifukwa chakuti ndizovomerezeka sizikutanthauza kuti sizingagwiritsidwe ntchito mwankhanza. Mapulogalamu ena omwe angakhale osafunikira komanso pulogalamu yaumbanda amadzibisa ndi dzina lawo kapena Amagwiritsa ntchito rundll32 yeniyeni kuti ayambitse nambala yoyipa.M'mizere yotsatirayi, ndikuuzani ndendende chomwe chiri, komwe chiyenera kukhala, chifukwa chake chikhoza kuwonetsa zolakwika kapena kudya CPU, momwe mungasiyanitsire zabwino ndi zoipa, ndi zomwe mungachite popanda kuwononga dongosolo lanu.

Kodi rundll32.exe ndi chiyani ndipo imagwiritsidwa ntchito bwanji?

wapamwamba rundll32.exe Ndi gawo lachilengedwe la Windows lomwe limagwiritsidwa ntchito pemphani ntchito zotumizidwa kuchokera ku dynamic link library (DLLs). M'Chingerezi Chomveka: Pamene dongosolo kapena pulogalamu ikufunika kuchita ntchito yomwe imakhala mu DLL, imatha kuyitcha kudzera rundll32.

Ma DLL amaphatikiza midadada yamakhodi omwe amatha kugwiritsidwanso ntchito omwe mapulogalamu ambiri amagawana, kuchokera network, audio, kanema kapena mawonekedwe ntchito zomwe mumagwirizana nazo. Ichi ndichifukwa chake, pamayikidwe a Windows (7, 10, 11, etc.) pali masauzande a ma DLL, ndipo rundll32 ndiyofunikira pakuwongolera.

Komwe mungapeze komanso momwe mungadziwire kopi yovomerezeka

Mu dongosolo lathanzi mudzawona makope ovomerezeka a rundll32.exe panjira monga C: \ Windows \ System32 (64-bit chilengedwe) ndi C: \ Windows \ SysWOW64 (Kugwirizana kwa 32-bit pamakina a x64). Pakhoza kukhalanso Fayilo ya MUI za zilankhulo zomwe zikugwirizana nazo mumafoda ang'onoang'ono monga en-US o pl-PL, Mwachitsanzo C:\Windows\System32\en-US\rundll32.exe.mui.

Mukamupeza akuthawa zikwatu kunja kwa chikwatu cha Windows (mwachitsanzo, mu AppData, ProgramData kapena chikwatu chakanthawi), samalani. Ndizofala kuti pulogalamu yaumbanda imadzibisa pogwiritsa ntchito dzina lomwelo koma kuthamanga kuchokera kumalo ena kupita kusokoneza njira zovomerezeka.

Ndi kachilombo? Momwe pulogalamu yaumbanda imawonongera

Yankho lalifupi: ayi. Rundll32.exe Si virus, ndi Windows 'chida chakeNthawi yayitali: pali misampha iwiri yofananira. Chimodzi, pulogalamu yoyipa yokhala ndi dzina lomwelo imakhala m'njira ina. Awiri, Trojan imanyamula DLL yake yoyipa kudzera pa rundll32 yeniyeni, kotero njira yomwe mukuwona ndi ya Microsoft, koma ikuyendetsa laibulale yoyipa.

M'mbiri yakuwopseza, mabanja omwe amagwiritsa ntchito rundll32 amatchulidwa, monga Backdoor.W32.Ranky o W32.Miroot.Worm. Ndipo, zochulukirachulukira, adware kapena osatsegula osatsegula amawagwiritsa ntchito kuyambitsa ntchito zomwe zimatha Ma pop-ups, kuwongolera, ndi kugwiritsa ntchito CPU. Ichi ndi chifukwa chimodzi chomwe ogwiritsa ntchito ambiri amakhulupirira kuti rundll32 "ndi kachilombo."

• Ngati mungazindikire kuchuluka kwa malonda kapena mawindo apakati, pakhoza kukhala adware kudalira rundll32.
• ndi amalozera kumasamba achilendo ndi kuchepa kwa msakatuli kumagwirizananso ndi PUPs/Spyware.
• Dongosolo limatha kukhala waulesi ndi njira zomwe zimayambitsa rundll32 ndi ma DLL okayikitsa.

Chifukwa chiyani ndikuwona zochitika zambiri ndi mauthenga olakwika?

Kuti Task Manager akuwonetsa zochitika zingapo Izi nzabwinobwino: zida zosiyanasiyana zamakina kapena mapulogalamu a chipani chachitatu amatha kuyitanitsa nthawi imodzi. Windows imagawa ntchito, ndipo muwona ma rundll32 angapo akuyenda molingana kutengera zomwe zikuchitika kumbuyo.

Zomwe sizabwinobwino ndikuwona ma spikes a CPU nthawi zonse kapena mauthenga ngati "Khodi yolakwika: rundll32.exe" mukusakatula mu Chrome, Edge, Firefox kapena IE. Muzochitika izi ndizoyenera kukayikira mapulogalamu omwe angakhale osafunikira (PUPs), zowonjezera zaukali kapena Trojan yomwe ikugwiritsa ntchito zomwe zingatheke kuti iwononge DLL yake.

Zomwe simuyenera kuchita: chotsani rundll32.exe

Chotsani rundll32.exe de System32/SysWOW64 Sichisankho: ndi fayilo zofunika kwa WindowsKuyichotsa kutha kusokoneza magwiridwe antchito, kuyambitsa kuwonongeka, kapena kuletsa makina kuti asakweze zinthu zofunika.

Ngati mukuganiza kuti rundll32 ikuchita "china chomwe sichiyenera kuchita", chinthu chanzeru kuchita ndi fufuzani ndondomeko kapena ntchito yomwe ikuyitanitsa ndikudula: kuletsa kapena kufufuta ntchitoyo, chotsani pulogalamu yomwe ili ndi vuto, yeretsani DLL, ndikulimbitsa chitetezo ndi pulogalamu yabwino yoletsa pulogalamu yaumbanda.

Momwe mungadziwire ngati chochitikacho chili choyipa

Macheke awa amakuthandizani kuti musiyanitse kugwiritsidwa ntchito kovomerezeka ndi kugwiritsidwa ntchito koyipa popanda kuchititsa mantha kapena kuwononga dongosolo. Pa, Ngati simukumva bwino, ndi bwino kupempha thandizo. kwa akatswiri kapena gulu lapadera.

• Onani njira: Mu Task Manager, onjezani ndime ya "Command Line" kapena tsegulani "Properties" za ndondomekoyi. Ngati rundll32.exe palibe C:\Windows\System32 o C:\Windows\SysWOW64, chizindikiro choipa.
• Onani chiyani DLL ikutsegula: rundll32 nthawi zambiri imatsatiridwa ndi njira yopita ku DLL ndi ntchito yotumizidwa kunja. Njira ngati C:\ProgramData\... o C:\Users\...\AppData\... amafuna kuunikanso. Chitsanzo cha cnbsofcVIdcorsn.dll en ProgramData\TreeCenter\BortValue amakayikira momveka bwino.
• Fufuzani Ntchito scheduler: Sakani ntchito zaposachedwa kapena ntchito zomwe zili ndi mayina osadziwika omwe amatcha rundll32. Njira zovomerezeka pansi pa Microsoft zitha kugwiritsidwa ntchito ngati zojambulajambula kutsegula ma DLL olakwika.
• Zimachitika Microsoft Woteteza kapena odalirika odana ndi pulogalamu yaumbanda: jambulani kwathunthu ndi siginecha zamakono adzazindikira ma PUPs ambiri, adware, mapulogalamu aukazitape, ndi Trojans omwe amadziphatika ku rundll32.
• Audit zowonjezera pa msakatuli: Chotsani chilichonse chomwe chilibe chofunikira, makamaka zowonjezera za projekiti ya VPN, otsitsa, kapena "otsegula" omwe nthawi zambiri amakhala ndi zotsatsa.
• Gwiritsani ntchito zida zowunikira monga Ndondomeko Yotsutsa kuwona ndondomeko ya makolo (njira ya makolo) yomwe imayitanitsa rundll32 ndi siginecha ya digito ya zomwe zikuyenera kuchitika. Chizindikiro cha Microsoft mu System32/SysWOW64 ndizabwinobwino; chodabwitsa ndi mipata kunja kwa Windows.

Njira zoyeretsera ndi kupewa

Gawo loyamba ndi lomveka bwino: Chotsani mapulogalamu omwe simugwiritsa ntchito kapena omwe amakonda adware. Kuti muyeretse bwino, maupangiri ambiri amalimbikitsa Revo Uninstaller mumachitidwe apamwamba kuti muchotse zotsalira (mafoda, makiyi olembetsa) a PUPs ngati "DuvApp" kapena "kukhathamiritsa" suites.

Kenako, thamangani a jambulani kwathunthu ndi Microsoft Defender ndipo, ngati mukuganiza kuti ndizoyenera, zowonjezera zotsutsana ndi pulogalamu yaumbanda zomwe zili ndi mbiri yotsimikiziridwa. Izi zimathandiza kusaka ma DLL oyipa ndi ntchito zomwe zakonzedwa zomwe zimadalira rundll32 kuti limbikira mwakachetechete.

Mukuyeretsa mwaukadaulo mudzawona kutchulidwa kwa zosunga zobwezeretsera (mwachitsanzo ndi DelFix) ndikugwiritsa ntchito zolemba zanu ndi FRST (Farbar) kukonza ndondomeko, kuchotsa ntchito, kutsegula ma DLL omwe akugwiritsidwa ntchito, ndi zina zotero. zopangidwira timu iliyonse: Osagwiritsanso ntchito za wina chifukwa mutha kuswa Windows yanu.

Zochita zodziwika bwino pamalembawa ndikukhazikitsanso ma netiweki ndi firewall (ipconfig /flushdns, netsh winsock reset, netsh advfirewall reset), kutseka njira, Chotsani zikwatu en ProgramData/AppData zolumikizidwa ndi ma PUP ndikuyeretsa ntchito zomwe zakonzedwa zomwe zimadzaza ma DLL pogwiritsa ntchito rundll32.exe. Apanso: bwino m'manja mwa akatswiri.

Kuti muchepetse zoopsa zamtsogolo, sungani Windows ndi mapulogalamu anu zosinthidwa nthawi zonse, tsitsani mapulogalamu kuchokera kumasamba ovomerezeka, sankhani zina mwazowonjezera "express" ndikukayikira dongosolo lililonse lomwe lingachitike lomwe likuwoneka kunja kwa njira zokhazikika.

Zambiri zokhudzana ndi malo ndi mafayilo okhudzana nawo

Kuphatikiza pa System32 ndi SysWOW64, mudzawona mafayilo azothandizira MUI ya rundll32 mumafoda azilankhulo ngati en-US o pl-PL. Iwo sali executable, koma zida zakumaloko. Onani "rundll32" popanda .exe mu Explorer mwina chifukwa bisani zowonjezera kuchokera pamafayilo odziwika.

Ngati chochitika chokayikitsa chasiya kuwonekera ndipo vuto lanu (mwachitsanzo, a mawu awiri pa kiyibodi) imasowa, ndi chizindikiro kuti chidutswa chovuta chinali kwinakwake ndikugwiritsa ntchito rundll32 ngati choyambitsa. Ikawonekeranso, ndi nthawi yoti muyang'ane ntchito, zowonjezera, ndi ma DLL olumikizidwa.

Nthawi yopempha thandizo lapamwamba

Ngati, mutatha kuyeretsa zowonjezera, kuchotsa PUPs ndikuyendetsa antimalware, mukuwonabe rundll32 yakhazikitsidwa kuchokera. njira zachilendo, kapena muwona zizindikiro monga bolodi losinthidwa, njira zazifupi za USB, ndi kiyibodi "yolumala", musachisiye: kukambirana ndi chithandizo chapadera. Script yokonza nthawi zambiri imafunika mwambo kwa timu yanu yomwe imasewera kulembetsa, ntchito ndi ndondomeko opaleshoni.

Kumbukirani: kompyuta iliyonse ndi dziko palokha. Zolemba zopangidwira makina ena (okhala ndi zikwatu ngati TreeCenter\BortValue kapena ma DLL enaake) ochitidwa pa yanu akhoza zisiyeni zosakhazikika. Kuyeretsa kwapamwamba sikopera-paste, ndi choncho matenda payekha.

Mafunso omwe amafunsidwa pafupipafupi

• Kodi ndingachotse rundll32.exe? Ayi. Ndi gawo lofunikira la dongosolo. Njira yolondola ndikuchotsa choyambitsa (ntchito, pulogalamu, DLL) chomwe chimachigwiritsa ntchito molakwika.
• Chifukwa chiyani pali zochitika zambiri? Chifukwa ntchito zosiyanasiyana zamakina ndi mapulogalamu a chipani chachitatu zimayitanira mofanana. Nthawi zambiri, pogwiritsa ntchito mphamvu zochepa, zimakhala zachilendo.
• Ziyenera kukhala kuti? En C:\Windows\System32 ndi / kapena C:\Windows\SysWOW64, ndi mafayilo ake a MUI mumafoda ang'onoang'ono. Kunja kwa Windows, khalani okayikira.
• Kodi antivayirasi sangathe kuzizindikira? Zitha kuchitika, makamaka ndi ma PUP ndi adware. Komabe, Microsoft Defender ndi sikani yathunthu nthawi zambiri imazindikira nkhanza zambiri, ndipo mutha kuwonjezera ndi yankho lina lodziwika bwino.
• Kodi zizindikiro zosatsutsika za chinthu chodabwitsa ndi chiyani? Njira zakunja za DLL (ProgramData, AppData), zingwe zachilendo mu bolodi, njira zazifupi za USB, kutsekereza tildes ndi ntchito zomwe zakonzedwa zomwe zimayimba rundll32.exe ndi DLLs obfuscated.

Mwachidule, rundll32.exe ndi chida chovomerezeka komanso chofunikira zomwe, mwachilengedwe, zitha kugwiritsidwa ntchito ndi adware ndi Trojans kuyendetsa ma DLL osafunikira. Musanayimbe mlandu zomwe zingatheke kapena kuzichotsa, yang'anani njira yachitsanzo, omwe ma DLL amanyamulidwa ndi omwe akuwapempha; Chotsani ma PUPs, zowonjezera zowonjezera, fufuzani ntchito zomwe zakonzedwa, ndikuyendetsa pulogalamu yabwino yolimbana ndi pulogalamu yaumbanda. Ndi miyeso iyi, ndi kupeza chithandizo chapamwamba ngati kuli kofunikira, mungathe kuthana ndi nkhanza popanda kusokoneza bata za Windows yanu.