I have two HDDs, and the second HDD has my pics, videos, and backup files stored on it.
When I opened it up I got a Defense+ notice asking me if rundll32.exe wants to access Contact.doc, a file of mine, which is not on the second HDD. The odd thing about it is that rundll32.exe even wants to access this file.
Another note: This happened after I set Defense+ to “Safe Mode” after having it in “Clean PC mode” for a long time.
It could prove useful to track that rundll32.exe and its related DLL, find any possible related startup entry, confirm that rundll32.exe is a legitimate microsoft app and eventually submit that rundll32.exe and related file to an online virusscan service like virustotal.
The result of this preliminary analisys could provide some clues to take additional steps.
rundll32.exe is usually a microsoft stub executable whose purpose is to lauch other function provided in separate DLL files.
Even if rundll32.exe is legit and it is placed in \WINDOWS\system32 folder the related DLL may or may not be legit.
If rundll32.exe path does not belong to WINDOWS\system32 it could be a suspicios file.
MS sigverif is able to report if the rundll32.exe in windows subfolder is a legit MS executable.
On a specific PC there may be many different rundll32.exe instances running at the same time and task manager is unable to list the DLL each rundll32.exe launched.
Using Process Explorer (treat as Trusted app) it is possible to either confirm the path of each rundll32.exe and check the loaded DLLs (right-click on each rundll32.exe> properties > Image Tab command line and path ; Process Explorer Menu View> Lower Pane View > DLLs)
AutoRuns for Windows provide an easy way to find the related startup entry (eg in the Logon tab) and to disable it