W10 Trouble with Rundll32.exe

Tuesday, March 18, 2025, Mark Sylva called from MS to warn me about hacks on my system. He said that Rundll32.exe was the culprit. He removed it. and started the "Malicious Software Removal Tool" (MSMSRT) on a deep scan. It took too long. So he called back March 19. MSMSRT only 40% done. Said he would call back March 20.
I downloaded the tool again, ran Quick Search. No adverse results. Started dee/long scan again. That will take days. Mark blames old, slow computer for slow results.
Dell XPS 420, NEW HD's, new power supply, fairly recent video card (or runs OK), RAM at max 8GB. MS updates up-to-date for Windows 10. (W11 will not run on this Dell)
Mark Sylva called today to check on MSMSRT. It is not done yet and Quick Search revealed nothing.
Anyone else receive a call from MS tech re: Rundll32.exe?
Anyone at MS know Mark Sylva?
Anyone want to explain to Mark that MS users are not all bottomless pits of money $$$ and time?

Date of install of Rundll32.exe in C:\Windows\System32 is 7/9/2024 88KB. Seems not to match date with other items in the OS. Any observations on that point?

My remedy choice: Run MSMSRT deep scan; reboot (should replace Rundll32.exe); Ask MS why hackers can get past Windows Defender, MS Firewall, Comodo firewall, & Comodo virus defs.

 

It happens because no security can stop a hacker if the user opens the door and lets the bad guy in. Or in this case, answers an unsolicited phone call that came out of the blue from someone they don't know!

Microsoft will NEVER make an unsolicited phone call to you about your computer security or software fixes. NEVER EVER!

Is that call from Microsoft a scam? | Microsoft Security Blog

I recommend you immediately stop all conversation with that scammer, then run all your security scans again and hope your computer is clean.

Did you download and install any file or program he asked you to install?

 

I have never heard or seen on any of the Mesage Boards that I am on where MS has ever called anybody.

 

The only time I am aware of Microsoft calling is when the registered user called Microsoft first, initiating the conversation and Microsoft called the user back - in other words, the user was expecting a callback.

NEVER does Microsoft (or most other companies for that matter) initiate the first (out of the blue or unsolicited) call. Most will next text or email either. If they truly have business with you, they typically will send you a letter via regular mail. And even then, do NOT call any number or visit any site listed on such correspondence. Instead, contact that organization as you normally would if you wanted to initiate contact.

I have to wonder how MS even has a user's phone number? I have never given them mine.

Unless the OP comes back and tells us they indeed did initiate the trouble call, what I suspect happened is the bad guy (Mark Sylva being a fake name) just calls random numbers assuming someone at that number has a Windows computer - likely a safe assumption these days. Then he or she uses very convincing speech to trick the user into supplying personal information, including credit card numbers, bank accounts, social security numbers and more.

I note these are social engineering tactics - perhaps the most successful way to hack users and infect computers and networks.

@Goaglen - if you fell victim to this scam, first, do not be ashamed or embarrassed. These are professional badguys and very good at what they do. Second, if you gave them any personal information like credit card numbers or bank account information, contact your banks immediately and have them void and reissue cards (with new numbers) and they can help secure your accounts. Contact the credit bureaus and put a freeze on your credit. These steps cost $0.00.

 

Hi Goaglen, Sorry to see you got caught out as Bill has explained.
MRT is built in the OS!
You do not have to download it.
I would suggest you use the MRT to check your system.

RIGHT click on the Start Icon.
when the menu opens > click on Terminal Admin > Yes to UAC > Type MRT then hit your ENTER key.
The page for MRT will open and you click on FULL SCAN > click on Next and the scan will operate.

The time for a full scan will depend on how big your storage drive is, and how fast your CPU and RAM are, but mine only takes about an hour and a half.
YOU must never have to download MRT as it is built into the Windows OS.
I sincerely hope this will clean your comp.

 

Ummm, the OP has Windows 10. Windows Terminal is a Windows 11 feature. While it can be installed in W10, it must be done manually. Therefore, most W10 users do not have it.

That said, I note the OP indicated his "remedy" was to run the MS MSRT "deep" scan.

And just for the record, I have been using Defender on all my systems here since Windows 7 (with Microsoft Security Essentials - later renamed as Windows Defender in W8/10/11) and never, not once, has my secondary scanner ever found anything malicious that slipped by Defender or me.

That said, the user is, always has been, and always will be the weakest link in security. As noted above, the best security in the world is easily thwarted if the user opens the door and invites the bad guy in. So it is upon us to keep our OS and our security current, and perhaps most importantly, be aware of social engineer tactics. Don't respond to unsolicited phone calls and avoid being "click-happy" on unsolicited links, popups, attachments and downloads.

 

Make it Windows Powershell (Admin) in W10 and MRT can be engaged the same way.
My 'Bad' for being a from intro user of W11.

 

Well, I guess we need the OP to return with an update and clarification.

He talks about the "remedy choice" being MRT but not sure what that really means. The Quick scan was clean. Is the deep scan complete? Did it find anything? Does the computer run fine otherwise? Does a scan with Defender find anything?

@Goaglen - if still listening, what's happening? I might suggest you download another security scanner for triple check. I typically recommend Malwarebytes Free for that. If nothing malicious is found, then call it a day and block any future calls from Mark.

 

I ran the "Full" scan on my W10 comp to note how long the scan would take. 3 Hours total time. Nothing found.
I hope this gives the OP a better idea of how long the scan would take.

 

Maybe but the time depends on several factors, including disk size, number of files, amount of free disk space, SSD or hard drive, amount of RAM and processor horsepower.

The OP said his full scan started on the 18th and was only 40% complete on the 19th. We don't know how many hours that entails, or if it ever finished, but that's a long time.

My biggest worry is he said the caller somehow determined the problem was with rundll32.exe and removed a file. That would suggest the caller had remote access. I fear the worse now.

Rundll32: The Infamous Proxy for Executing Malicious Code

@Goaglen - if me, I would run system file checker. See Fix 2 here.