There are some viruses that hide and one reason is to NOT allow the RunDLL program to even start, let alone run as they are usually stuck inside a DLL which are easier to sneak in. Having said that, the rate of what are actual computer viruses has dropped off dramatically over the last few years and for example in the late 90s and early 2000s there was a worry that if the rate of new virus creation continued at it's pace, no one would get any work done as their machine would spend ALL DAY scanning for viruses!
Now it is easier to just send an email telling someone their "account" has a problem and please send the requested info and we'll fix it....... and people do it every day! In addition now emails can be sent looking like corporate official stuff, open the "very important attachment" and bingo, they are in your system! This was discovered in Europe this week and several engineering companies have lost lots of data and information because dummies don't think! At the last place I worked as an Oracle DBA I never opened an email, I would look to see what it was and then walk over to that person's office and actually talk to them. If they needed a document then they could walk over and see me. After nearly 5 years I was the ONLY person that never got hit with a spam attach or malware or virus in the company!
That program I mentioned above will tell you what is running and you can do a search to see what the valid files for size and date/time stamp are and it lets you look inside the running processes. Attached is a screen shot of one of my svchost.exe files with a verify check done.
