rundll32.exe => 100% CPU Utilization!! HELP

Operating System, Common Application & ThinkPad Utilities Questions...
Post Reply
Message
Author
djpharoah
Junior Member
Junior Member
Posts: 472
Joined: Fri Feb 03, 2006 7:25 pm
Location: Irvine, California
Contact:
Contact djpharoah

rundll32.exe => 100% CPU Utilization!! HELP

#1 Post by djpharoah » Sat Oct 28, 2006 1:35 pm

Hi.

recently noticed that NHC is showing that my cpu utilization is 100%. This is without any of my programs running. I found the cause to be rundll32.exe which is taking anywhere from 95-100% of my cpu utilization.

I have tried various spyware, virus and what not. This seems to be an issue within windows or something like that. I am running sp2 cuz thats what my restore cds are.

any ideas??
T400 14.1" WXGA+ LCD / T9400 / 4GB / 160gb / ATi+Intel GFX / 9C / W7 64
T42p 14" SXGA+ / 2.0GHz / 1.5GB / 60GB / 2 x 6C / XP
T40 14" XGA / 1.7GHz / 1GB / 40GB / 9C / XP
T40 14" SXGA+ / 1.7GHz / 1GB / 40GB / 6C / XP
Sold: A31, A31p, A20m, T20, T23
Top
jdhurst
Admin
Admin
Posts: 5831
Joined: Thu Apr 29, 2004 6:49 am
Location: Toronto, Canada

#2 Post by jdhurst » Sat Oct 28, 2006 1:50 pm

It is not an inherent Windows issue or an inherent IBM issue. Rundll32 is not running on either of my machines.
... JD Hurst
Top
cxls
Freshman Member
Posts: 118
Joined: Fri Oct 20, 2006 11:08 pm
Location: Cumberland, Rhode Island

#3 Post by cxls » Sat Oct 28, 2006 5:43 pm

Description:
rundll32.exe is a process which executes DLL's and places their libraries into the memory, so they can be used more efficiently by applications. This program is important for the stable and secure running of your computer and should not be terminated.

Note: rundll32.exe is a process registered as a backdoor vulnerability which may be installed for malicious purposes by an attacker allowing access to your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.

Note: rundll32.exe could also be a process which belongs to the . This program is a non-essential process, but should not be terminated unless suspected to be causing problems.
IBM ThinkPad T60p 2623-DDU | Intel Core Duo 2.0 GHz T2500 | 2 GB RAM | 256 MB ATI FireGL V5200 | 100 GB 7200 RPM SATA HDD | 15" UXGA BOE-Hydis (1600x1200) | NMB Keyboard | 9 Cell Battery x2
Top
christopher_wolf
Special Member
Posts: 5741
Joined: Sat Oct 08, 2005 1:24 pm
Location: UC Berkeley, California
Contact:
Contact christopher_wolf

#4 Post by christopher_wolf » Sat Oct 28, 2006 6:12 pm

Killing off Rundll32 isn't going to crash your system; so the best thing to do to find out how it is being used is to first look in the event logs, then kill it off, whenever you note the anomalous behaviour, and see what happens. :)
IBM ThinkPad T43 Model 2668-72U 14.1" SXGA+ 1GB |IBM 701c

~o/
I met someone who looks a lot like you.
She does the things you do.
But she is an IBM.
/~o ---ELO from "Yours Truly 2059"
Top
tomh009
Moderator Emeritus
Moderator Emeritus
Posts: 3021
Joined: Wed Feb 23, 2005 3:30 pm
Location: Kitchener, ON

#5 Post by tomh009 » Sat Oct 28, 2006 6:25 pm

christopher_wolf wrote:Killing off Rundll32 isn't going to crash your system; so the best thing to do to find out how it is being used is to first look in the event logs, then kill it off, whenever you note the anomalous behaviour, and see what happens. :)
Typical legit use of rundll32.exe is a control panel applet (or an Access IBM Access). So, as Christopher said, go ahead, kill the process, and see if an open control panel applet disappears.

If the rundll32.exe is running after a fresh start, that may indicate some sort of malware. Depending on your level of Windows expertise, you could try using Process Explorer to track down what the runaway rundll32.exe process is doing ...
Top
christopher_wolf
Special Member
Posts: 5741
Joined: Sat Oct 08, 2005 1:24 pm
Location: UC Berkeley, California
Contact:
Contact christopher_wolf

#6 Post by christopher_wolf » Sat Oct 28, 2006 6:37 pm

You might also want to get Process Explorer from SysInternals and see just what exactly is going on with rundll32 if you still can't pin down where and how it starts up with all the aforementioned techniques. :)
IBM ThinkPad T43 Model 2668-72U 14.1" SXGA+ 1GB |IBM 701c

~o/
I met someone who looks a lot like you.
She does the things you do.
But she is an IBM.
/~o ---ELO from "Yours Truly 2059"
Top
jdhurst
Admin
Admin
Posts: 5831
Joined: Thu Apr 29, 2004 6:49 am
Location: Toronto, Canada

#7 Post by jdhurst » Sat Oct 28, 2006 6:43 pm

Rundll32 does not normally stay running as process (as least it does not on my computers or any that I have occasion to check). So follow the advice given here on malware if you see it sitting as a process in Task Manager. ... JD Hurst
Top
deforest
Freshman Member
Posts: 98
Joined: Thu Feb 09, 2006 8:47 pm

#8 Post by deforest » Sun Oct 29, 2006 9:49 am

On my t60, I have 2 rundlls running one is for the thinkpad power manger, and it is started with the command:

"C:\WINDOWS\system32\rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

I use process explorer to find this info out, one of the nice things about it is, it will tell you more detail for the process, whereas task manager just says rundll and leaves it at that.
Top
dsigma6
Senior ThinkPadder
Senior ThinkPadder
Posts: 2299
Joined: Wed Apr 26, 2006 2:13 pm
Location: Philadelphia, PA
Contact:
Contact dsigma6

#9 Post by dsigma6 » Sun Oct 29, 2006 11:46 am

The only rundll i have is for tweakUI.
[Current] [Dell Latitude D630] : [Past] [T43] [T40] [T23] [T20] [R40] [X22] [600E] [570] [765D]
Top
davidspalding
ThinkPadder
ThinkPadder
Posts: 1593
Joined: Mon Nov 14, 2005 2:39 pm
Location: Durham, NC
Contact:
Contact davidspalding

#10 Post by davidspalding » Sat Nov 11, 2006 10:10 am

The SysInternals app (their library is now hosted by Microsoft, so don't worry if you're redirected there) is certainly a winner.

Alternately, you can run the CMD line command ...

Code: Select all

tasklist /svc /fi "imagename eq rundll32.exe"
... when you see it maxing your CPU, and see what's associated with it. (Note, the /svc switch shows services and what apps are using them, the /fi filters on a match criteria, in this case, the name of the process. Execute tasklist /? to get more info. BTW, I believe tasklist is only in XP professional.)
2668-75U T43, 2GB RAM, 2nd hand NMB kybd, Dock II, spare Mini-Dock, and spare Port Replicators. Wacom BT tablet. Ultrabay 2nd HDD.
2672-KBU X32, 1.5GB RAM, 7200 rpm TravelStar HDD.
Top
djpharoah
Junior Member
Junior Member
Posts: 472
Joined: Fri Feb 03, 2006 7:25 pm
Location: Irvine, California
Contact:
Contact djpharoah

#11 Post by djpharoah » Wed Nov 29, 2006 7:49 pm

Ok it seems that this problem was caused by NHC. Which has been promptly replaced with Mobile Meter.

However there is no way now to manually change my cpu speed.
T400 14.1" WXGA+ LCD / T9400 / 4GB / 160gb / ATi+Intel GFX / 9C / W7 64
T42p 14" SXGA+ / 2.0GHz / 1.5GB / 60GB / 2 x 6C / XP
T40 14" XGA / 1.7GHz / 1GB / 40GB / 9C / XP
T40 14" SXGA+ / 1.7GHz / 1GB / 40GB / 6C / XP
Sold: A31, A31p, A20m, T20, T23
Top
Musti
Sophomore Member
Posts: 140
Joined: Tue Nov 14, 2006 4:48 pm

#12 Post by Musti » Thu Nov 30, 2006 4:17 am

djpharoah wrote:Ok it seems that this problem was caused by NHC. Which has been promptly replaced with Mobile Meter.

However there is no way now to manually change my cpu speed.
http://www.diefer.de/speedswitchxp/

:)
T61p 6458-BT6 T9300/4GB/120GB/WUXGA
T23 2647-8SU P3-M 1.20/512/40
Top
Post Reply
  • Similar Topics
    Replies
    Views
    Last post

Return to “Windows OS (Versions prior to Windows 7)”

Who is online

Users browsing this forum: No registered users and 3 guests