Information and startup locations can be examined on this page: verify all your files to make sure that they are legitimate, digitally signed and from the company Microsoft Corporation to which they should belong.
rundll32.exe security and file info
Modulo di esecuzione DLL come applicazioni
- Sistema operativo Microsoft(R) Windows (R) 2000
- Microsoft Corporation
 |
|
 |
| Filetype : executable |
An executable file is a program that can be executed in your windows environment.
|
|
What is rundll32.exe?
Rundll32.exe is a process that allows dynamic link libraries (DLLs) to be executed. Many system DLLs contain entry points for external use. These include the control panel, as well as Shell32.dll, which allows you to bring up windows such as the "Open with..." dialog.
This process is a system process that is essential to the system's proper operation. Despite this, it is generally safe to kill a misbehaved rundll32.exe, as it will only terminate the program that is executing as a DLL. Removing the executable altogether, however, will render your system unable to execute DLLs and thus render significant parts of the system unusable. The screenshot below illustrates how this process should appear in the task manager:
In the above screenshot, rundll32.exe is running as the current user (Mike). Due to the nature of this process, it can run as any user.
Dangers of rundll32
As this is a critical system process that runs on every Windows machine, it is common for virus writers and spyware vendors to disguise their malware as the genuine one.
Some malicious files will have the same name but will be stored somewhere other than in %SystemRoot%\System32 on NT-based systems and %SystemRoot% on 9x-based systems. Other malware will use a name that appears similar to it but with slight differences in spelling or with appended or removed digits. The following malware is known to disguise itself as rundll32.exe:
- W32.Miroot.Worm (%SystemRoot%)
- Miroot is a worm that infects systems through network shares.
- Backdoor.Lastdoor (%SystemRoot%\System32)
- This is a Trojan that overwrites the real rundll32.exe on NT-based systems.
- Troj/AnaFTP-01 (%SystemRoot%\rundll.exe)
- This is an FTP Trojan that listens on port 41462 for remote access.
- W32.Rbot-GSJ (%SystemRoot%\rundll.exe)
- W32.Agobot.EQ (%SystemRoot%\System32\rundll.exe)
There can be any number of instances of this process running at a given time. The presence of multiple instances is a not an indicator of a malware infection.
Common problems
- Cannot find rundll32.exe when opening the control panel
- This is caused by a corrupt or missing rundll32.exe file. This is often caused by a virus infection on your system. Once you are sure your system does not have a virus, restore your rundll32.exe from your Windows installation disc.
- This process uses 100% CPU time
- Because rundll32.exe allows any dll to be executed, and as such the executing dll will appear as rundll32.exe, any misbehaved dll could cause rundll32.exe to use 100% CPU time. Kill the offending rundll32.exe instance to try to determine the cause.
|
|
|
|
|
|
| MD5 File security rating |
A MD5 hash is a unique fingerprint of a file.
Different files/versions can have the same filenames. The MD5 hash verifies that the legitimate file is not altered.
Runscanner (Freeware) can help you checking the file's MD5 hashes
| Rundll32.exe files in Runscanner database |
 |
|
155 different item(s) in database |
|
|
2 different item(s) in database |
 |
|
5 different item(s) in database |
|
|
156 different item(s) in database |
|
|
Green items are verified safe to use |
|
Unrated items are not yet checked for safety. |
 |
Red items are not safe (typically virusses, spyware or other malware) |
|
This file is digitally signed by it's publisher.
This means that the file is from the company claiming to created it, this does not mean by default that the file is safe
|
|
|
|
| General file info |
| Product name: |
Sistema operativo Microsoft(R) Windows (R) 2000
|
| Description: |
Modulo di esecuzione DLL come applicazioni
|
| Company: |
Microsoft Corporation
|
| Fix RUNDLL32.EXE errors: Free registry scan |
|
|
|
| Pacman startup database |
|
Displays battery status information on an IBM Thinkpad |
|
Added by the AGENT-EZ TROJAN! Note - the real rundll32.exe resides in the System (9x/Me) or System32 (NT/2K/XP) folder whereas this file is found in a "SHELLEXT" subfolder |
|
Added by the DVLDR TROJAN! Note - this is not the valid "Rundll32.exe" as it's in the WindowsFonts directory |
| info provided by sysinfo.org |
|
|
|
Automatic startup locations
 |
| |
 |
001 Running Processes |
| |
 |
002 Autorun registry entries local machine |
| |
|
003 Autorun registry entries Current User |
| |
 |
004 All users startup startmenu |
| |
|
005 Current user startup startmenu |
| |
|
007 Roaming Start Menu\Programs\Startup |
| |
|
008 Autorun registry entries Default user |
| |
|
009 Autorun registry entries SYSTEM user |
| |
 |
010 Installed services |
| |
 |
033 Winlogon Userinit |
| |
|
035 Active Setup Installed Components |
| |
|
065 Image File Execution Options (debugger) |
| |
|
073 %windir%\Tasks |
| |
|
135 Current User Runonce (+ subkeys) |
| |
|
136 Local Machine Runonce (+subkeys) |
| |
|
139 Windows\load |
| |
|
167 HKLM Policies\Explorer\Run |
 User comments for this file
More system processes
|
|
| Filename / Process |
|
| Guid / CLSID |
|
| MD5 hash |
|
|
|
318 MD5 version(s) found
only top 10 displayed
|
|
|
| Check your autostart files
|
|
|
|
