rundll32.exe is trying to execute sessionstore.js
http://img407.imageshack.us/img407/2341/clipboard01w.gif
Log:
\Device\HarddiskVolume2\Windows\System32\rundll32.exe -- Create Process, Execute Image -- \Device\HarddiskVolume2\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxxxx.default\sessionstore.js
rundll32.exe is 44,544 bytes, md5 4b555106290bd117334e9a08761c035a
Running Comodo 3.8.65951.477, Avira AntiVir, Realtek HD Audio Manager, Intel GMA Driver, and nothing else. (Firefox was not running.)
Ran full scans with Avira, Norton, Malwarebytes’ Anti-Malware, SuperAntiSpyware, Spybot, Ad-Aware, Windows Defender – while watching Flight of the Conchords season 1. Nothing detected. HijackThis is clean.
i get this too when i run CCleaner sometimes. I might have gotten sessionstore.js in the past, but usually it’s prefs.js in the firefox profile as well. i don’t know why it does this randomly sometimes, but i think it’s safe. (not positive though, but i allow it).
I think I’ve seen it with prefs.js. It happens rarely – like once a month – with random files.
Forgot to note that this is Vista 32.
Rundll32.exe is an app that needs to be ‘Allowed’ only on a per case basis as the file trying to be loaded may be viral.
So is this a request from Windows – or a non-Microsoft app? I only had these running: Comodo, Avira, Realtek HD Audio Manager, Intel GMA.
If you are sure what is running is safe, allow it. Otherwise, block it.