Chii chinonzi rundll32.exe, nzvimbo, uye zviratidzo zvemarware

Rundll32.exe iri pamutemo: inoremedza DLL mabasa eWindows uye maapplication.
Nzvimbo yayo inoshanda ndeye System32/SysWOW64; kunze kwaizvozvo, nyumwira.
Malware inogona kuzvivanza kana kushandisa rundll32 kuvhura maDLL.
Usadzima: tsvaga mabasa anogumbura / DLL uye shandisa antimalware.

Kana wakasangana nazvo rundll32.exe muTask Manager uye uchinetseka kuti chii heck, hausi wega: izvi zvinogoneka zvinoonekwa kazhinji, dzimwe nguva mune dzakawanda zviitiko kamwechete. Kure nekuva muparidzi by default, chikamu cheWindows pachayo uye chinangwa chayo kurodha nekuita mabasa akaiswa mukati Mafaira eDLL.

Zvino, nekuti zviri pamutemo hazvireve kuti haigone kushandiswa zvisina kunaka. Zvimwe zvingangove zvisingadiwe zvirongwa uye malware zvinozvivharira nemazita avo kana Ivo vanoshandisa iyo chaiyo rundll32 kuvhura yakashata kodhi.Mumitsetse inotevera, ini ndichakuudza chaizvo kuti chii, painofanira kunge iri, nei ichigona kuratidza zvikanganiso kana kushandisa CPU, maitiro ekusiyanisa pakati pezvakanaka nezvakaipa, uye matanho api ekutora pasina kukanganisa system yako.

Chii chinonzi rundll32.exe uye chinoshandiswa chii?

Rundll32.exe maitiro ekuita DLL

Faira racho rundll32.exe Iyo yekuzvarwa Windows chikamu chinoshandiswa kuita invoke mabasa akatumirwa kubva kune dynamic link library (DLLs). MuchiRungu chakajeka: Kana iyo sisitimu kana app ichida kuita basa rinogara muDLL, inogona kuidaidza kuburikidza rundll32.

DLLs inoputira zvidhinha zvekodhi inogona kushandiswa zvakare iyo mapurogiramu akawanda anogovana, kubva network, odhiyo, vhidhiyo kana interface mabasa yaunodyidzana nayo. Ndosaka, mune zvakajairwa Windows kumisikidzwa (7, 10, 11, nezvimwewo) kune zviuru zveDLL, uye rundll32 kiyi yekuaronga.

Kwaunowana uye nzira yekuziva kopi yepamutemo

Muhurongwa hune hutano uchaona makopi ari pamutemo e rundll32.exe panzira dzakadai se C:\Windows\System32 (64-bit nharaunda) uye C:\Windows\SysWOW64 (32-bit kuenderana pane x64 masisitimu). Panogona kuvawo MUI mafaira yezvishandiso zvemitauro zvine chekuita mumaforodha madiki akadai en-US o pl-PL, Semuyenzaniso C:\Windows\System32\en-US\rundll32.exe.mui.

Ukamuwana achimhanya kubva maforodha kunze kweWindows dhairekitori (semuenzaniso, mune AppData, ProgramData kana bhuku renguva pfupi), ngwarira. Zvakajairika kuti malware azvivanze achishandisa zita rimwechete asi achimhanya kubva kune imwe nzvimbo kuenda kuvhiringidza maitiro ari pamutemo.

Hutachiona here? Iyo malware inoishandisa sei

Mhinduro pfupi: Aihwa. Rundll32.exe Haisi hutachiona, ndeye Windows 'chayo chishandisoNguva refu: kune maviri akajairwa misungo. Imwe, chirongwa chakaipa chine zita rimwechete chinogara mune imwe nzira. Vaviri, Trojan inotakura DLL yayo yakaipa kuburikidza neyechokwadi rundll32, saka maitiro aunoona ndeeMicrosoft, asi. iri kushandisa raibhurari yakaipa.

Exclusive content - Click Here Maitiro Ekuziva Kuti Ndiani Ari Seri Kweprofayili Yenhema

Munhoroondo yekutyisidzira, mhuri dzinoshandisa rundll32 dzinotaurwa, senge Musuwo wekumashure.W32.Ranky o W32.Miroot.Worm. Uye, zvimwe zvemazuva ese, adware kana intrusive browser ekuwedzera anoishandisa kutangisa mabasa anoguma mukati Pop-ups, redirects, uye CPU kushandiswa. Ndicho chimwe chikonzero nei vashandisi vazhinji vachitenda rundll32 "hutachiona."

Kana ukaona kuwanda kwema ads kana mahwindo epakati, panogona kunge paine adware inotsamira pane rundll32.
Iyo inodzosera kune zvinoshamisa mawebhusaiti uye kuderera kwebrowser kunokwanawo nePUPs/spyware.
Sisitimu yacho inogona kuva simbe nematanho anokonzeresa rundll32 ane fungidziro DLL.

Sei ndichiona akawanda zviitiko uye mameseji ekukanganisa?

Kuti Task Maneja anoratidza akawanda zviitiko Izvi zvakajairika: akasiyana masisitimu emukati kana yechitatu-bato maapplication anogona kuidaidza panguva imwe chete. Windows inogovera mabasa, uye iwe uchaona akati wandei rundll32s achimhanya achienderana zvichienderana nezviri kuitika kumashure.

Izvo zvisiri zvakajairika kuona nguva dzose CPU spikes kana mameseji senge "Kodhi yekukanganisa: rundll32.exe" paunenge uchitsvaga muChrome, Edge, Firefox kana IE. Muzviitiko izvi zvinokurudzirwa kufungidzira zvingangove zvisingadiwe zvirongwa (PUPs), kuwedzera kwehasha kana Trojan iri kushandisa izvo zvinogoneka kurodha DLL yayo.

Zvausingaite: bvisa rundll32.exe

Bvisa rundll32.exe de System32/SysWOW64 Haisi sarudzo: ifaira yakakosha kuWindowsKuidzima kunogona kutyora mabasa ekutanga, kukonzera kubondera, kana kudzivirira sisitimu kurodha zvinodikanwa.

Kana iwe uchifunga kuti rundll32 iri kuita "chimwe chinhu chisingafanirwe," chinhu chine musoro kuita ndechekuti tsvaga kuti ndeipi nzira kana basa ririkuridaidza uye cheka kunze: dzora kana kudzima basa racho, bvisa chirongwa chine dambudziko, chenesa iyo DLL, uye simbisa chengetedzo ine yakanaka antimalware.

isingaoneki malware

Maitiro ekutarisa kana chiitiko chine hutsinye

Aya macheki anokubatsira kusiyanisa kushandiswa zviri pamutemo kubva pakushandisa kwakashata pasina kukonzera alarm kana kukuvadza sisitimu. Zvakadaro, Kana usinganzwe wakasununguka, zviri nani kukumbira rubatsiro. kune nyanzvi kana nharaunda yakasarudzika.

Tarisa nzira: MuTask Manager, wedzera iyo "Command Line" column kana kuvhura iyo "Properties" yemaitiro. Kana rundll32.exe Hazvisi mukati C:\Windows\System32 o C:\Windows\SysWOW64, chiratidzo chakaipa.
Tarisa kuti chii DLL iri kurodha: rundll32 inowanzoteverwa nenzira inoenda kuDLL uye inotumirwa kunze. Nzira dzakadai C:\ProgramData\... o C:\Users\...\AppData\... zvinoda kuongororwa. Muenzaniso we cnbsofcVIdcorsn.dll en ProgramData\TreeCenter\BortValue ari kunyumwa zvakajeka.
Tarisa Murongi webasa: Tsvaga mabasa achangoburwa kana mabasa ane mazita asina kujeka anodana rundll32. Nzira dzepamutemo pasi peMicrosoft dzinogona kushandiswa se kumberi kwemba kurodha zvisina kufanira DLL.
Zvinoitika Mudziviriri weMicrosoft kana anti-malware yakavimbika: scan yakazara ine-kusvika-date siginicha ichaona akawanda maPUPs, adware, spyware, uye Trojans anozvibatanidza kune rundll32.
Ongororo zviwedzerwa zvebrowser: Bvisa chero chinhu chisina kukosha, kunyanya VPN proxy extensions, downloaders, kana "unblockers" inowanzova nemashambadziro.
Shandisa maturusi ekuongorora chirwere akadai se Kutsvaga Maitiro kuona maitiro emubereki (maitiro emubereki) anokoka rundll32 uye siginecha yedhijitari yezvinogoneka. Siginecha yeMicrosoft muSystem32/SysWOW64 zvakajairika; chinhu chinoshamisa slots kunze kweWindows.

Exclusive content - Click Here AdGuard DNS vs NextDNS: Kuenzanisa kwakazara uye sarudzo gwara

Kuchenesa nekudzivirira matanho

Yekutanga layer ine common sense: Uninstall software yausingashandise kana kuti inotarirwa adware. Kuti unyatsocheneswa, madhairekitori mazhinji anokurudzira Revo Uninstaller mune yepamusoro modhi yekubvisa zvakasara (maforodha, registry kiyi) yePUPs se "DuvApp" kana intrusive "optimization" masutu.

Zvadaro, mhanya a scan yakazara neMicrosoft Defender uye, kana iwe uchifunga kuti zvakakodzera, imwe yekuwedzera anti-malware ine mukurumbira wakaratidza. Izvi zvinobatsira kuvhima DLL ane hutsinye uye akarongwa mabasa anovimba nerundll32 ku ramba wakanyarara.

Mukuchenesa kwehunyanzvi unoona kutaurwa nezve registry backups (semuenzaniso neDelFix) uye kushandiswa kwe zvinyorwa zvakagadzirwa neFRST (Farbar) kugadzirisa mitemo, kubvisa mabasa, kusunungura maDLL ari kushandiswa, nezvimwewo. zvakagadzirirwa timu imwe neimwe: Usashandise zvakare yemumwe munhu nekuti unogona kutyora yako Windows.

Zviito zvakajairika kune izvi zvinyorwa zvinosanganisira kuseta zvakare network uye firewall (ipconfig /flushdns, netsh winsock reset, netsh advfirewall reset), kuvhara maitiro, bvisa maforodha en ProgramData/AppData yakabatana nePUPs uye kuchenesa akarongwa mabasa anoremedza maDLL uchishandisa rundll32.exe. Zvakare: zviri nani mumaoko enyanzvi.

Kuti uderedze njodzi dzenguva yemberi, chengeta Windows nemaapuro ako nguva dzose inoenderana nenguva, dhawunirodha software kubva kune zviri pamutemo saiti, usatarise zvimwe zvikamu mu "kutaura" kumisikidzwa uye fungira chero system inoteedzera inoonekwa kunze kwe. nzira dzakajairika.

Zvimwe zvinongedzo nezvenzvimbo uye mafaera ane hukama

Pamusoro peSystem32 uye SysWOW64, iwe uchaona mafaira ekushandisa MUI ye rundll32 mumafolda emitauro senge en-US o pl-PL. Ivo havaite executable, asi localization zviwanikwa. Ona "rundll32" pasina .exe muExplorer inogona kunge iri nekuda kwe viga zvinyorwa kubva kumafaira anozivikanwa.

Exclusive content - Click Here Dzidza maitiro ekuona malware uye kuzvidzivirira

Kana chiitiko chekufungidzira chikamira kuoneka uye dambudziko rako (semuenzaniso, iyo kutsvedza kaviri pa keyboard) inonyangarika, chiratidzo chekuti chidimbu chinonetsa chaive kune imwe nzvimbo uye yakashandisa rundll32 sechinhu chokutanga. Painozoonekwa zvakare, inguva yekutarisa mabasa, mawedzero, uye akabatana maDLL.

Nguva yekukumbira rubatsiro rwepamusoro

Kana, mushure mekuchenesa mawedzero, kusunungura PUPs uye kumhanya antimalware, iwe uchiri kuona rundll32 yakatangwa kubva nzira dzinoshamisa, kana kuti unoona zviratidzo zvakaita sekibhodhi yakakanganiswa, mapfupi e USB ane hutsinye, uye "yakaremara" keyboard, usaisiye: kubvunzana nerutsigiro rwakakosha. Chinyorwa chekugadzirisa chinowanzodiwa tsika kuchikwata chako chinotamba kunyoresa, mabasa uye mitemo kuvhiyiwa.

Rangarira: komputa yega yega inyika pachayo. Chinyorwa chakagadzirirwa mumwe muchina (ane mareferensi kumaforodha akadai TreeCenter\BortValue kana DLL chaiyo) inouraiwa pane yako inogona chisiye chisina kugadzikana. Kuchenesa kwepamberi hakusi kukopa-namira, ndizvo kuongororwa kwemunhu mumwe nemumwe.

Mibvunzo Inowanzo bvunzwa

Ndinogona kubvisa rundll32.exe? Kwete. Chinhu chakakosha chehurongwa. Nzira chaiyo ndeyekubvisa chinokonzeresa (basa, chirongwa, DLL) chinoshandisa zvisirizvo.
Sei kune zviitiko zvakawanda? Nekuti akasiyana masisitimu anoshanda uye echitatu-bato maapplication anoidaidza nenzira yakafanana. Zviitiko zvakawanda, zvine simba shoma rekushandisa, zvakajairika.
Inofanira kunge iri kupi? En C:\Windows\System32 Ini C:\Windows\SysWOW64, nemafaira ayo eMUI mumaforodha emitauro. Kunze kweWindows, nyumwira.
Ko antivirus haigone kuiona here? Zvinogona kuitika, kunyanya nePUPs uye adware. Zvakadaro, Microsoft Defender uye scan yakazara inowanzo ratidza kushungurudzwa kwakawanda, uye unogona kuwedzera neimwe mhinduro ine mukurumbira.
Ndezvipi zviratidzo zvisina kujeka zvechimwe chinhu chinoshamisa? Nzira dzekune dzimwe nyika dzeDLL (ProgramData, AppData), tambo dzisinganzwisisike mu clipboard, mapfupi mapfupi pa USB, kuvharira tildes uye mabasa akarongwa anofona. rundll32.exe ine maDLL akabatikana.

Muchidimbu, rundll32.exe chishandiso chiri pamutemo uye chinodiwa iyo, nehunhu hwayo, inogona kushandiswa neadware neTrojans kumhanya isingadikanwi DLL. Usati wapa mhosva iyo inogona kuitika kana kuidzima, tarisa iyo muenzaniso nzira, maDLL akaremerwa uye ndiani ari kuadaidza; uninstall PUPs, edzedzero yakachena, tarisa akarongwa mabasa, uye mhanyisa yakanaka anti-malware chirongwa. Nematanho aya, uye nekuwana rutsigiro rwepamusoro kana zvichidikanwa, unogona kurwisa kushungurudzwa pasina kukanganisa kugadzikana yeWindows yako.

Daniel Terrasa

Mharidzo inyanzvi mune tekinoroji uye internet nyaya ine anopfuura makore gumi echiitiko mune akasiyana dhijitari media. Ndakashanda semupepeti uye mugadziri wezvemukati we e-commerce, kutaurirana, online kushambadzira uye kushambadzira makambani. Ndanyorawo pane zvehupfumi, mari uye mamwe masekete mawebhusaiti. Basa rangu ndirowo shungu dzangu. Zvino, kuburikidza nezvinyorwa zvangu mu Tecnobits, Ndinoedza kuongorora nhau dzose nemikana mitsva iyo nyika yetekinoroji inotipa zuva rega rega kuvandudza hupenyu hwedu.