Replacing rundll32.exe XP SP2
August 22, 2006 5:15 PM Subscribe
Problems with replacing rundll32.exe on an XP SP2 machine.
I'm running XP SP2. I recently ran into some trouble with a few viruses which seemed to have corrupted rundll32.exe (and a few others perhaps). None of the .cpl files in the Control Panel work, either by running them through the front end or by running them through the file browser. I get the dreaded "another program is using this file" message.
I've run various malware/spyware/antivirus programs such as AVG Personal, ewido, AdAware etc. and come up with nothing.
To compund matters, I can't run any of the system utilities to replace the file (such as system restore) as they too will not run - I get the same message.
As I understand it, from my increasingly luddite perspective, XP doesn't have standalone DOS which you can boot to without running Windows, so I don't really know how to fix this. An ideal solution would be a standalone utility which would allow me to replace system files pilfered from my desktop.
I'd appreicate it if anyone had any insight, short of doing a totally clean reinstall (which I may end up doing).
I'm running XP SP2. I recently ran into some trouble with a few viruses which seemed to have corrupted rundll32.exe (and a few others perhaps). None of the .cpl files in the Control Panel work, either by running them through the front end or by running them through the file browser. I get the dreaded "another program is using this file" message.
I've run various malware/spyware/antivirus programs such as AVG Personal, ewido, AdAware etc. and come up with nothing.
To compund matters, I can't run any of the system utilities to replace the file (such as system restore) as they too will not run - I get the same message.
As I understand it, from my increasingly luddite perspective, XP doesn't have standalone DOS which you can boot to without running Windows, so I don't really know how to fix this. An ideal solution would be a standalone utility which would allow me to replace system files pilfered from my desktop.
I'd appreicate it if anyone had any insight, short of doing a totally clean reinstall (which I may end up doing).
go to bootdisk.com and create a win98 boot disk. This will give you a limited DOS to work from upon boot-up. If you don't have a floppy drive, then just ignore me.
posted by chudmonkey at 5:33 PM on August 22, 2006
posted by chudmonkey at 5:33 PM on August 22, 2006
Oh, and in case you were worried, there is no harm in using a Win98 bootdisk if you run XP. I do it all the time.
posted by chudmonkey at 5:34 PM on August 22, 2006
posted by chudmonkey at 5:34 PM on August 22, 2006
Response by poster: Thanks. My rundll32.exe returns the same value, as does the one from my desktop. The reason I suspected something wrong in the first place is that the file from my desktop is 32kb in size, and the suspect file is only 10kb. Not sure how the fingerprint can be the same on a file 3 times the size, but I don't really know a lot about this.
I tried booting in safe mode earlier and none of the .cpl files would work from either the front or back end, but I didn't try system restore. I'm thinking it won't, but I'm off to try right now.
I'm guessing that it's not a corrupt .ini file somewhere if the back end files won't work. Oy, my head.
posted by jimmythefish at 5:41 PM on August 22, 2006
I tried booting in safe mode earlier and none of the .cpl files would work from either the front or back end, but I didn't try system restore. I'm thinking it won't, but I'm off to try right now.
I'm guessing that it's not a corrupt .ini file somewhere if the back end files won't work. Oy, my head.
posted by jimmythefish at 5:41 PM on August 22, 2006
Response by poster: Ah yes, no floppy drive either. I already thought of that...used to do it all the time. All this progress is killing me.
posted by jimmythefish at 5:42 PM on August 22, 2006
posted by jimmythefish at 5:42 PM on August 22, 2006
jimmythefish writes "Thanks. My rundll32.exe returns the same value, as does the one from my desktop."
The one on your desktop????
"The reason I suspected something wrong in the first place is that the file from my desktop is 32kb in size, and the suspect file is only 10kb. "
Where's the "suspect file" located?
"Not sure how the fingerprint can be the same on a file 3 times the size, but I don't really know a lot about this."
They can't be. Please show us exactly what you're doing, by copying/pasting your DOS window, or with a screen shot.
posted by orthogonality at 6:01 PM on August 22, 2006
The one on your desktop????
"The reason I suspected something wrong in the first place is that the file from my desktop is 32kb in size, and the suspect file is only 10kb. "
Where's the "suspect file" located?
"Not sure how the fingerprint can be the same on a file 3 times the size, but I don't really know a lot about this."
They can't be. Please show us exactly what you're doing, by copying/pasting your DOS window, or with a screen shot.
posted by orthogonality at 6:01 PM on August 22, 2006
Response by poster: Hmmm...after the reboot to go to safe mode everything works - both in safe and regular mode. I'm 99% sure I rebooted after the online ewido ran, but I guess I didn't. Damn...that's the only explanation I can come up with.
Apologies.
PS - system restore doesn't work in safe mode, it seems. If we learned one thing out of this crazy episode, I guess that's it.
posted by jimmythefish at 6:04 PM on August 22, 2006
Apologies.
PS - system restore doesn't work in safe mode, it seems. If we learned one thing out of this crazy episode, I guess that's it.
posted by jimmythefish at 6:04 PM on August 22, 2006
Response by poster: orthogonality,
I took the rundll32.exe from my other machine - my 'desktop', also running XP SP2. Sorry for the confusion.
posted by jimmythefish at 6:08 PM on August 22, 2006
I took the rundll32.exe from my other machine - my 'desktop', also running XP SP2. Sorry for the confusion.
posted by jimmythefish at 6:08 PM on August 22, 2006
Oh. Thanks for clarifying, and glad you're back up.
posted by orthogonality at 6:15 PM on August 22, 2006
posted by orthogonality at 6:15 PM on August 22, 2006
You might want to try running 'sfc /scannow' from the Start -> Run command after loading your Windows XP disc in your media drive. This will run the System File Checker, which can be used to scan and restore corrupted/altered core Windows files.
posted by Jim T at 4:29 PM on August 23, 2006
posted by Jim T at 4:29 PM on August 23, 2006
This thread is closed to new comments.
I have XP and I do not believe I have a corrupted version of rundll32.exe (but maybe I do). For me, the md5sum of WINDOWS/system32/rundll32.exe is: da285490bbd8a1d0ce6623577d5ba1ff
If you get the same md5sum, then either your problem isn't rundll32.exe, or I have the same problem, or your problem is a rootkit that's intercepting md5sum's filesystem calls to rundll32.exe.
posted by orthogonality at 5:23 PM on August 22, 2006