Possible Duplicate:
Computer is infected by a virus or a malware, what do I do now?
On one of my server (Windows Server 2003 R2 in VMWare VSX VM) I can see very many rundll32.exe instances running:
Each of them was started by command line like these:
rundll32.exe umhsuk.kk,znkefa
rundll32.exe umhsuk.kk,yfufqk
rundll32.exe umhsuk.kk,hmhjje
All of them run in session 0.
All of them run under scvhost.exe (i.e. was started by) where the following services are hosted:
What is it?
Those are viral.
The clue is the random letters following the rundll32 line:
rundll32.exe umhsuk.kk,znkefa
rundll32.exe umhsuk.kk,yfufqk
rundll32.exe umhsuk.kk,hmhjje
Also, the very similar memory sizes indicate this as well. They are multiple duplicate processes spawned this way to make it more difficult to clean. This, however, is one of the simpler and less advanced ways of protecting the viral processes, and so possibly indicates a relatively weak virus that should, hopefully, be easy to clean.
I highly recommend you go through some of the virus cleaning processes described in other questions in this site. I'll get links up shortly.
OK, here's the link to the exhaustive exploration of how best to go about cleaning viruses:
