Hundreds of rundll32.exe processes running at once, freezing computer

Question

Lately, I've been noticing my computer slowing down, until it freezes completely, allowing only mouse movement and no other interaction (until eventually, sometimes, the mouse freezes too). Having a look around, I've noticed this happens when a massive amount of rundll32.exe processes suddenly activate at the same time. This usually happens just a few minutes after startup, however, it occasionally doesn't happen at all.

After a fair amount of research, coming to assume this is a virus, I've run full scans with both my antivirus (Immunet) and Malwarebytes, and quarantined any threat found. However, the issue persists. I've also run an sfc scan with it being unable to repair some of the files. The failed output was the following:

Cannot repair member file [l:28{14}]"iassdo.dll.mui" of Microsoft-Windows-Networking-Internet_Authentication_Service_Iassdo.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
Cannot repair member file [l:28{14}]"iassdo.dll.mui" of Microsoft-Windows-Networking-Internet_Authentication_Service_Iassdo.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
This component was referenced by [l:266{133}]"Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.Windows Foundation Language Pack"
Could not reproject corrupted file [ml:60{30},l:58{29}]"\??\C:\Windows\SysWOW64\en-US"\[l:28{14}]"iassdo.dll.mui"; source file in store is also corrupted
Cannot repair member file [l:28{14}]"iassdo.dll.mui" of Microsoft-Windows-Networking-Internet_Authentication_Service_Iassdo.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
Cannot repair member file [l:28{14}]"iassdo.dll.mui" of Microsoft-Windows-Networking-Internet_Authentication_Service_Iassdo.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
This component was referenced by [l:266{133}]"Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.Windows Foundation Language Pack"
Could not reproject corrupted file [ml:60{30},l:58{29}]"\??\C:\Windows\SysWOW64\en-US"\[l:28{14}]"iassdo.dll.mui"; source file in store is also corrupted

I don't know whether this helps in anyway, and so I figured I might as well post it.

Here's a picture of the task manager. Each of the processes also runs about the same amount of memory, which also leads me to believe this is a virus.

And so, I was wondering if there's any known or potential fix for this, before I have to go for a clean installation of Windows? I'd rather try all my options first before doing that. Thank you.

Answer 1

First you need to find out if it's a virus or a bug. There are different approaches, but my choice would be to check if the rundll.exe is you're "original windows" file:

• click on (any) of the rundll tasks, choose attributes and check if the following is correct:
• It should be in this folder: C:\Windows\System32
• It should be called: "rundll.exe" (exactly like that! so virus like to hide by replacing the L with a 1)

If there are issues already you most likely have a virus. If not we need to investigate further.

And please update your backups to avoid potential data loss!