Rundll32 Alert In GW

Mank · September 21, 2021, 4:08pm

Just an few minutes ago I received a GW alert that Windows Host process(Rundll32) was trying to connect to the internet to IP 52.35.59.213:80.

The IP resolves to “ec2-52-35-59-213.us-west-2.compute.amazonaws.com”

I have never seen Rundll32 try to connect to the internet since I began using GW 2 years ago.

I was watching youtube videos using the chrome browser when this occurred.

I denied the connection until I could post here and see what might be triggering this.

Any ideas what might be causing this?

Ken_GlassWire · September 21, 2021, 5:43pm

@Mank

https://www.glasswire.com/processes/

Interesting. Please check the page above for some ideas on how to check the file to make sure it’s safe.

Maybe some others can chime in if they see this file on their firewall yet or not.

inesbeag · September 22, 2021, 6:32pm

Thanks, I learn something new today.

anothermindbomb · September 25, 2021, 5:28pm

Do you have any logitech kit on this machine for which you have installed some software (keyboard, mouse, speakers, etc).

S.

Mank · September 26, 2021, 8:45pm

Yes. I have a wireless Logitech Mouse connected to my PC via USB dongle. However, I have all the logitech software disabled and there are no processes associated with logitech running in memory. There are also no scheduled tasks that should be making a call/hook to rundll32.exe.

So I have no idea how this was initiated.

Dreamzz81 · September 27, 2021, 1:57pm

Logitech software must be removed, not disabled.

Mank · September 27, 2021, 10:55pm

Anyone know if it could be some form of MS update mechanism that is attempting to keep the logitech software up to date?

Ken_GlassWire · September 28, 2021, 5:31am

It’s possible… I have seen Windows Update update different drivers that Microsoft itself doesn’t make.