Search filename

 
Home page
Download
File information
Helper forums

Database statistics
Total:  617,551
Whitelist:  174,970

Top process list
svchost.exe
iexplore.exe
csrss.exe
rundll32.exe
lsass.exe
alg.exe
wuauclt.exe
ccapp.exe
explorer.exe
ctfmon.exe
spoolsv.exe
services.exe
smss.exe
jusched.exe
winlogon.exe
mdm.exe
rthdcpl.exe
hkcmd.exe
msascui.exe
alcxmntr.exe

Rundll32.exe

?????? ?????????? DLL ??? ?????????? - ???????????? ??????? Microsoft® Windows® - Microsoft Corporation
Run a Free Scan for RUNDLL32.EXE related errors

Rundll32.exe file description
Rundll32.exe with description ?????? ?????????? DLL ??? ?????????? is a process file from company Microsoft Corporation belonging to product ???????????? ??????? Microsoft® Windows®.
In total there are 64 launchpoints for this file including "Running processes".
There are 15 different variations of the file in our database and the file is digitally signed from Microsoft Windows - Microsoft Time-Stamp Service
We do not recommend removing digitally signed files from Microsoft Windows

What is rundll32.exe?
Rundll32.exe is a process that allows dynamic link libraries (DLLs) to be executed. Many system DLLs contain entry points for external use. These include the control panel, as well as Shell32.dll, which allows you to bring up windows such as the "Open with..." dialog.

This process is a system process that is essential to the system's proper operation. Despite this, it is generally safe to kill a misbehaved rundll32.exe, as it will only terminate the program that is executing as a DLL. Removing the executable altogether, however, will render your system unable to execute DLLs and thus render significant parts of the system unusable. The screenshot below illustrates how this process should appear in the task manager:



In the above screenshot, rundll32.exe is running as the current user (Mike). Due to the nature of this process, it can run as any user.

Dangers of rundll32
As this is a critical system process that runs on every Windows machine, it is common for virus writers and spyware vendors to disguise their malware as the genuine one.

Some malicious files will have the same name but will be stored somewhere other than in %SystemRoot%\System32 on NT-based systems and %SystemRoot% on 9x-based systems. Other malware will use a name that appears similar to it but with slight differences in spelling or with appended or removed digits. The following malware is known to disguise itself as rundll32.exe:
  • W32.Miroot.Worm (%SystemRoot%)
    • Miroot is a worm that infects systems through network shares.
  • Backdoor.Lastdoor (%SystemRoot%\System32)
    • This is a Trojan that overwrites the real rundll32.exe on NT-based systems.
  • Troj/AnaFTP-01 (%SystemRoot%\rundll.exe)
    • This is an FTP Trojan that listens on port 41462 for remote access.
  • W32.Rbot-GSJ (%SystemRoot%\rundll.exe)
  • W32.Agobot.EQ (%SystemRoot%\System32\rundll.exe)
There can be any number of instances of this process running at a given time. The presence of multiple instances is a not an indicator of a malware infection.

Common problems
  • Cannot find rundll32.exe when opening the control panel
    • This is caused by a corrupt or missing rundll32.exe file. This is often caused by a virus infection on your system. Once you are sure your system does not have a virus, restore your rundll32.exe from your Windows installation disc.
  • This process uses 100% CPU time
    • Because rundll32.exe allows any dll to be executed, and as such the executing dll will appear as rundll32.exe, any misbehaved dll could cause rundll32.exe to use 100% CPU time. Kill the offending rundll32.exe instance to try to determine the cause.

Automatic startup locations
001 Running Processes
002 Autorun registry entries local machine
003 Autorun registry entries Current User
004 All users startup startmenu
005 Current user startup startmenu
006 Start Menu\Programs\Startup
007 Roaming Start Menu\Programs\Startup
008 Autorun registry entries Default user
009 Autorun registry entries SYSTEM user
010 Installed services
011 Installed drivers
030 Installed protocol filters
031 Installed protocol handlers
033 Winlogon Userinit
034 Winlogon Shell
035 Active Setup Installed Components
036 Internet Explorer Components
037 Winlogon System
038 Winlogon Taskman
040 Internet Explorer UrlSearchHooks
041 Internet Explorer Toolbars
042 HKLM Internet Explorer Extensions
044 Internet Explorer\Toolbar\ShellBrowser
045 Internet Explorer\Toolbar\WebBrowser
050 Explorer ShellExecuteHooks
051 Explorer SharedTaskScheduler
052 Explorer Browser Helper Objects (BHO)
060 Shell ServiceObjectDelayLoad
061 Shell Approved Extensions
062 Shell ColumnHandlers
063 BootExecute
064 Known Dll's
065 Image File Execution Options (debugger)
067 Winlogon notify
069 Print monitors
070 Authentication Packages
071 Notification Packages
073 %windir%\Tasks
091 HKCU Scripts\logon
103 Downloaded program files
104 ActiveX controls (Distribution Units)
107 NameSpace Catalog
121 AppInit_DLLs
135 Current User Runonce (+ subkeys)
136 Local Machine Runonce (+subkeys)
139 Windows\load
146 AlternateShell
147 SecurityProviders
149 Wow wowcmdline
153 HKLM Drivers32\Midi
166 HKCU Policies\Explorer\Run
167 HKLM Policies\Explorer\Run
171 Screensaver
173 ContextMenuHandlers
176 AeDebug\Debugger
210 MyComputer\BackupPath
213 Accessibility\Utility Manager\Magnifier
221 HKLM *\ShellEx\ContextMenuHandlers
225 HKCU Folder\ShellEx\ContextMenuHandlers
227 HKLM Directory\ShellEx\ContextMenuHandlers
229 HKLM Directory\Background\ShellEx\ContextMenuHandlers
231 HKLM Folder\Shellex\ColumnHandlers
251 HKLM Directory\Shellex\DragDropHandlers
254 HKCU Directory\Shellex\CopyHookHandlers

File versions in our database
  Company  Version  Size 
n/a  n/a  4294967295 
n/a  n/a  1525248 
n/a  n/a  1435136 
n/a  n/a  1296384 
Microsoft Corporation  5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)  470528 
Microsoft Corporation  5.1.2600.5512 (xpsp.080413-2105)  231424 
Microsoft Corporation  5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)  180736 
Microsoft Corporation  5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)  175616 
Microsoft Corporation  5.1.2600.5512 (xpsp.080413-2105)  168448 
Microsoft Corporation  5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)  142336 
Microsoft Corporation  5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)  135680 
?????????? ??????????  5.1.2600.5512 (xpsp.080413-2105)  135680 
Microsoft Corporation  5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)  118272 
Microsoft Corporation  5.1.2600.5512 (xpsp.080413-2105)  116736 
Microsoft Corporation  5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)  115200 

Digital signatures found for this file
  Signer of certificate  Issuer of certificate 
Microsoft Windows  Microsoft Time-Stamp Service
Microsoft Windows  Microsoft Timestamping Service
Microsoft Windows  VeriSign Time Stamping Services Signer
Microsoft Windows 2000 Publisher  NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
Microsoft Windows 2000 Publisher  VeriSign Time Stamping Service CA SW1
Microsoft Windows 2000 Publisher (Europe)  NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
Microsoft Windows 2000 Publisher (Europe)  VeriSign Time Stamping Service CA SW1
Microsoft Windows Component Publisher  Microsoft Timestamping Service
Microsoft Windows Component Publisher  VeriSign Time Stamping Services Signer
Microsoft Windows Publisher  VeriSign Time Stamping Service
Microsoft Windows Publisher  VeriSign Time Stamping Services Signer
Microsoft Windows XP Publisher  VeriSign Time Stamping Service
Microsoft Windows XP Publisher  VeriSign Time Stamping Services Signer
Microsoft Windows XP Publisher (Europe)  VeriSign Time Stamping Service

MD5 security rating in our database
491 files (Not yet rated and not signed)
2 files (Not yet rated and digitally signed)
5 files (Safe and not signed)
182 files (Safe and digitally signed)
Some versions of this filename have not yet been checked for safety.
Fix rundll32.exe application error:  Run a free registry scan
Warning: Some malware might rename itself to rundll32.exe. Always make sure that your file is from a verified publisher.
User comments for Rundll32.exe
There are no comments yet.


Please add your comments if you have more information about this file.


File rating :

Are you human? How much is 15+25:


Browse files by letter
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
More system processes
rundll33.exe rundll42.exe rundll47.exe
rundlll.exe rundlls.exe rundtl32.exe
rundumX.dll rundys32.exe RunEPoker.exe
runescape.exe RunExe.exe runexe.ocx