Thread: My HiJackThis Scan (Need Help)

I dont have enough time to go through the whole list but if you want to be sparkling clean, there are still a lot of lines Im questionable about. Any time you see an exe coming from your System32 or sysWOW64 folder, you should google the exe file to see if its legit or not.

C:\Windows\system32\rundll32.exe -- usually legit

C:\Windows\system32\FBAgent.exe -- ehhhhhh (upon googling this its just ASUS FastBoot, but you can never be too sure and also need to make sure the file is in the right location that the website lists because these viruses like to mask their files as the same name but a different location.

And even if they are legit, they might be services you dont need running in the background to bog down your computer. Usually Ill see like RealPlayer, expired tools that came with the computer, etc...

rundll32.exe is just a shell to run executable code from a dll file. So while rundll32.exe is usually legit, the code it's running from a dll might not be.



If you add the command line column to your task manager's processes tab you can see what dll is being accessed by rundll32.exe and then look up the dll itself to see if it's legit. (Go to View->Select Columns. It's towards the bottom.)

Originally Posted by RhysJD3

Also, do you have a second computer you can add this drive to as a secondary to run a sweep from a clean system?

Seconded. If it's rootkitted you might not find it without pulling the drive and running a scan from a clean machine. Assuming it's not clean, which you indicated you thought it was.