Blocking the same suspicous attempt over and over again

Help for v3
1

While online my computer began beeping over and over again. I believe it is my Comodo Firewall because the beeps are simultaneous to each suspicious attempt that is blocked when I look at the Firewall Summary screen. It keeps blocking the same application and target. This is what it is blocking: Application: C:\Windows\System32\rundll32.exe. and the Target is C:\Windows\System32\imm32.dll. What is this? Is this some type of virus or harmful program? If not, then how do I get the firewall to stop blocking it? Right now it has already blocked it 1,383 times and keeps on going. Any help would be appreciated.

Update: Ok, when I turned off my printer the beeping stopped and the blocking of the suspicious attempts stopped as well. Where do I go from here?

2

About imm32.dll

http://www.processlibrary.com/directory/files/imm32/ (As you can see it is a safe file from Microsoft system.)

About rundll32.exe

http://www.processlibrary.com/directory/files/rundll32/

http://www.processlibrary.com/directory/files/rundll32/25747/

The best way is to make a full scan to your system with Malwarebytes Antimalware (Download Malware Removal 2023 | Free Antivirus Scan & Virus Protection Tool), SUPERAntispyware Free Edition (SUPERAntiSpyware Free and Professional X Edition Comparison)

Install them and update both, then perform full system scans.

Have you also performed a scan with your AV, updated? If not, do it so. Then, you should also try to verify your system with on-line antiviruses, such as Kaspersky (Kaspersky Free & Trial Downloads - Virus Protection 2023 | Kaspersky) and BitDefender (Bitdefender Free Antivirus for Windows - Download Software). For BitDefender you will need Internet Explorer.

You could also perform an online scan with Comodo AV - Anti Virus Scan | Free Online Scanner to detect Viruses and Spyware

Sometimes, and if it is your situation, antiviruses cannot detect malware, while the malware runs. In such cases, the best way is to create a bootable cd/dvd/pen with antiviruses. You have Kaspersky, BitDefender, Avira, F-Secure. Those are the ones I know about.

Kaspersky - dnl-eu10.kaspersky-labs.com/devbuilds/RescueDisk/ (everytime I test it, my system shuts down. won’t perform any scans)

BitDefender - The Bitdefender Expert Community

F-Secure - http://www.f-secure.com/linux-weblog/2008/06/19/f-secure-rescue-cd-300-released/ (make sure it is the latest version)

Avira - Download Security Software for Windows, Mac, Android & iOS | Avira Antivirus (Avira is always good at detection, but never that great at removal.)

You could also create your own bootable O.S and place malware scanner tools in it, but will require some work.

You should also download Hijackthis from Trend Micro and post a log here https://forums.comodo.com/virusmalware_removal_assistance-b58.0/ (make sure you read the first thread on that board.)

Best regards

3

Hallo JessMarie,

although imm32.dll is a filename of a legitimate system DLL it won’t hurt running Microsoft sigverif to confirm it’s authentic.
Sigverif will list all unsigned files and since imm32.dll is not supposed to be unsigned, it should not be listed.

sigverif will also be able to point out legitimate but unsigned files (eg 3rd party drivers/dlls/executables) but any unsigned microsoft executable in system 32 folder should be examined.

The same goes with rundll32.exe (running sigverif will allow to confirm if it is an authentic MS ffile)

In this case it is likely that rundll32.exe. and imm32.dll are legitimate apps and those enties in D+ logs are caused by a too much restrictive policy previously applied to rundll32.exe.

It could be possible to locate rundll32.ex policy in Defense+ Tasks > Advanced - Computer Security Policy and edit it.

It is likely you’ll find a blocked entry for C:\Windows\System32\imm32.dll in the corresponding Windows/WinEvent Hooks access right (clicking on the modify… button).

Deleting that entry will allow you to get an alert again. You can then allow that alert and mark it to be remembered.