I’ve been having some problem with running some of the games i have, I have to double click on their .exe files twice in order to run them which wasnt the case earlier.
As this looked suspicious, i tried checking up outbound connections in commodo which indicated that a file named rundll32.exe was connected to some ip.
Later on i checked with process explorer which showed that the game that i just executed once was running while it wasnt, with a sub file named rundll32.exe adding to its working memory continuously.
I tried scanning the game folder with commodo antivirus but had no luck in finding a threat
So Now everytime i play one of that games i have to execute it twice and close one of the file with the descendent rundll32.exe
I have a picture attached of process explorer showing the file
Can this be a spyware or is it some windows related process ?
Specs
Windows 7
Commodo Firewall with Antivirus
Expired Mccaffee
There are some games which do no run with Commodo Defense Mode switched on, They simply give a black screen on starting and freeze the laptop.I’ve had these problems with games like counter strike and age of empires 2.
I havn’t checked them with the new updated commodo though.
Also, I noticed that your signature said you have both Comodo Antivirus and McAfee installed. Please be aware that running two antiviruses at the same time can cause problems. I’m not sure if you are, but I thought I’d mention it.
If the subscription is expired anyway I’d advise uninstalling it and seeing if that helps. This could be a problem with both scanners scanning the files when you try to open it, butI’m not sure.
Comodo Internet Security does provide full security. If you want to install another AV beside it, assuming you don’t want Comodo Antivirus, I’d recommend Avast.
Also, which version of CIS are you currently running and are you sure there are no files in the sandbox at all? It’s just that this is a strange problem.
I’ve just removed mcaffee but the games still run with rundll32.exe
I’ve checked the always sandbox tab, theres nothing in it. Although there are 2 partially limited files other than what im running
Im using Commodo internet security premium, the one available at commodo firewalls site, it comes with antivirus, i guess its the latest version
I have picture attached down here, Rundll32.exe isnt adding its working memory once ive blocked its internet access but still firewall is rejecting its connectivity continuously while its running
the game crash because of the sandbox, you can allow rundll32 connecting into internet.
Comodo call it : " Heuristic command-line " :-TU
fhollow steps :
I still do not understand why does rundll32.exe run along with with game and try to connect to the internet, and i have to execute the the game twice inorder to start it while this wasnt the case earlier even with comodo installed
Jay2007
Yes i was using msn
I uploaded rundll32.exe to virustotal.com the results came out fine
I scanned it with hitman pro but it did not report anything about rundll32
I guess rundll32 is doing some windows process, because the ip which it connects to … traces to microsoft coporation
Windows 7 seems to connect to different microsoft ips now and then through svchost and system too
It'll be simple to do, give me a day or so and I'll post how (I'll post 2 different ways)
As promised,
(For the first one) assuming your running Comodo version 4 or 5
Open comodo
Click on “Firewall” Icon
Click on “Network security policy”
Click on “Global Rules”
Click on “Add”
On “action” Click on “Block”
Click on “Source Port”
Click on “A port Range”
For “start port” put in 135
For “end port” put in 139
Click on “Destination port”
Click on “a port range”
For “start port” put in 135
For “end port” put in 139
Click on “Apply”
Now repeat the proccess from step 1-15 EXCEPT THIS TIME instead of adding 135 and 139, IT WILL BE 443 and 445
===================================
For the second method, I just realized your using Windows XP, What I was going to write was for Windows 7. If I get a chance later and get to a XP machine. I’ll write it step-by-step
done
bonus points if you delete all files inside the
customer experiance folder
and hover the mouse over each file in “task scheduler” and see which one phones home to microsoft (in so many words) do it line-by-line
I installed Windows 7 manager and did you as you adviced but still everytime i connect to internet, svchosts asks for connection to the servers ip (192.168.15.1), i guess its nothing to worry about since theres no unusual remote ip
is that ip the ip of your router?
when nothing stops working by not allowing rundll32 to connect to the internet, you should not allow it.
i never allowed something like that, all works fine.
to run a game with defense+ (first of all steam games), the easiest way is to set defense+ one short time to trainings mode until you reached the menu of the game. then switch back to safe mode fast.
i connect to internet, svchosts asks for connection to the servers ip (192.168.15.1), i guess its nothing to worry about since theres no unusual remote ip
192.168.15.1 <--after looking it up on yahoo.com, it is Vonage phone services.
You'll need certain connections so you can surf the internet web or phone service :)
to run a game with defense+ (first of all steam games), the easiest way is to set defense+ one short time to trainings mode until you reached the menu of the game. then switch back to safe mode fast.
Can you get the same effect by using "game mode"?? Like right click on the comodo icon and choose "game mode"
