Search filename

 
Home page
Download
File information

Database statistics
Total:  679,046
Whitelist:  203,572

Top process list
svchost.exe
iexplore.exe
csrss.exe
rundll32.exe
lsass.exe
alg.exe
wuauclt.exe
ccapp.exe
explorer.exe
ctfmon.exe
spoolsv.exe
services.exe
smss.exe
jusched.exe
winlogon.exe
mdm.exe
rthdcpl.exe
hkcmd.exe
msascui.exe
alcxmntr.exe

Rundll32.exe

?????? ?????????? DLL ??? ?????????? - ???????????? ??????? Microsoft® Windows® - Microsoft Corporation
Run a Free Scan for RUNDLL32.EXE related errors

Rundll32.exe file description
Rundll32.exe with description ?????? ?????????? DLL ??? ?????????? is a process file from company Microsoft Corporation belonging to product ???????????? ??????? Microsoft® Windows®.
In total there are 25 launchpoints for this file including "Running processes".
There are 15 different variations of the file in our database and the file is digitally signed from Microsoft Windows - Microsoft Time-Stamp Service
We do not recommend removing digitally signed files from Microsoft Windows

What is rundll32.exe?
Rundll32.exe is a process that allows dynamic link libraries (DLLs) to be executed. Many system DLLs contain entry points for external use. These include the control panel, as well as Shell32.dll, which allows you to bring up windows such as the "Open with..." dialog.

This process is a system process that is essential to the system's proper operation. Despite this, it is generally safe to kill a misbehaved rundll32.exe, as it will only terminate the program that is executing as a DLL. Removing the executable altogether, however, will render your system unable to execute DLLs and thus render significant parts of the system unusable. The screenshot below illustrates how this process should appear in the task manager:



In the above screenshot, rundll32.exe is running as the current user (Mike). Due to the nature of this process, it can run as any user.

Dangers of rundll32
As this is a critical system process that runs on every Windows machine, it is common for virus writers and spyware vendors to disguise their malware as the genuine one.

Some malicious files will have the same name but will be stored somewhere other than in %SystemRoot%\System32 on NT-based systems and %SystemRoot% on 9x-based systems. Other malware will use a name that appears similar to it but with slight differences in spelling or with appended or removed digits. The following malware is known to disguise itself as rundll32.exe:
  • W32.Miroot.Worm (%SystemRoot%)
    • Miroot is a worm that infects systems through network shares.
  • Backdoor.Lastdoor (%SystemRoot%\System32)
    • This is a Trojan that overwrites the real rundll32.exe on NT-based systems.
  • Troj/AnaFTP-01 (%SystemRoot%\rundll.exe)
    • This is an FTP Trojan that listens on port 41462 for remote access.
  • W32.Rbot-GSJ (%SystemRoot%\rundll.exe)
  • W32.Agobot.EQ (%SystemRoot%\System32\rundll.exe)
There can be any number of instances of this process running at a given time. The presence of multiple instances is a not an indicator of a malware infection.

Common problems
  • Cannot find rundll32.exe when opening the control panel
    • This is caused by a corrupt or missing rundll32.exe file. This is often caused by a virus infection on your system. Once you are sure your system does not have a virus, restore your rundll32.exe from your Windows installation disc.
  • This process uses 100% CPU time
    • Because rundll32.exe allows any dll to be executed, and as such the executing dll will appear as rundll32.exe, any misbehaved dll could cause rundll32.exe to use 100% CPU time. Kill the offending rundll32.exe instance to try to determine the cause.

Automatic startup locations
001 Running Processes
002 Autorun registry entries local machine
003 Autorun registry entries Current User
004 All users startup startmenu
005 Current user startup startmenu
006 Start Menu\Programs\Startup
007 Roaming Start Menu\Programs\Startup
008 Autorun registry entries Default user
009 Autorun registry entries SYSTEM user
010 Installed services
013 RunOnce registry entries S-1-5-XX users
033 Winlogon Userinit
034 Winlogon Shell
035 Active Setup Installed Components
038 Winlogon Taskman
063 BootExecute
065 Image File Execution Options (debugger)
071 Notification Packages
073 %windir%\Tasks
135 Current User Runonce (+ subkeys)
136 Local Machine Runonce (+subkeys)
139 Windows\load
166 HKCU Policies\Explorer\Run
167 HKLM Policies\Explorer\Run
191 Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run

File versions in our database
  Company  Version  Size 
n/a  n/a  4294967295 
n/a  n/a  1525248 
n/a  n/a  1435136 
n/a  n/a  1296384 
Trend Micro Inc  2.00.00.2  659352 
Copyright © executable file  6.1.33.0  512000 
Microsoft Corporation  5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)  470528 
n/a  0.0.0.0  311296 
Microsoft Corporation  5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)  233984 
Microsoft Corporation  5.1.2600.5512 (xpsp.080413-2105)  231424 
Microsoft Corporation  5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)  180736 
Microsoft Corporation  5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)  175616 
Microsoft Corporation  5.1.2600.5512 (xpsp.080413-2105)  168448 
Microsoft Corporation  5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)  142336 
Microsoft Corporation  5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)  135680 

Digital signatures found for this file
  Signer of certificate  Issuer of certificate 
Microsoft Windows  Microsoft Time-Stamp Service
Microsoft Windows  Microsoft Timestamping Service
Microsoft Windows  VeriSign Time Stamping Services Signer
Microsoft Windows 2000 Publisher  NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
Microsoft Windows 2000 Publisher  VeriSign Time Stamping Service CA SW1
Microsoft Windows 2000 Publisher (Europe)  NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
Microsoft Windows 2000 Publisher (Europe)  VeriSign Time Stamping Service CA SW1
Microsoft Windows Component Publisher  Microsoft Timestamping Service
Microsoft Windows Component Publisher  VeriSign Time Stamping Services Signer
Microsoft Windows Publisher  VeriSign Time Stamping Service
Microsoft Windows Publisher  VeriSign Time Stamping Services Signer
Microsoft Windows XP Publisher  VeriSign Time Stamping Service
Microsoft Windows XP Publisher  VeriSign Time Stamping Services Signer
Microsoft Windows XP Publisher (Europe)  VeriSign Time Stamping Service

MD5 security rating in our database
542 files (Not yet rated and not signed)
2 files (Not yet rated and digitally signed)
8 files (Safe and not signed)
185 files (Safe and digitally signed)
Some versions of this filename have not yet been checked for safety.
Warning: Some malware might rename itself to rundll32.exe. Always make sure that your file is from a verified publisher.

Application errors
Fix rundll32.exe application error:  Run a FREE registry scan
User comments for Rundll32.exe
There are no comments yet.


Please add your comments if you have more information about this file or if you know how to solve rundll32.exe application errors.


File rating :

Are you human? How much is 0+16:


Browse files by letter
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
More system processes
rundll33.exe rundll42.exe rundll47.exe
rundlll.exe rundlls.exe rundtl32.exe
rundumX.dll rundys32.exe RunEPoker.exe
runescape.exe RunExe.exe runexe.ocx