What is Rundll32.exe

Internet Explorer {4b218e3e-bc98-4770-93d3-2731b9329278} - Microsoft® Windows® Operating System - Microsoft Corporation

File description

Rundll32.exe with description Internet Explorer {4b218e3e-bc98-4770-93d3-2731b9329278} is a process file from company Microsoft Corporation belonging to product Microsoft® Windows® Operating System.
The file is digitally signed from Microsoft Windows Component Publisher - Microsoft Timestamping Service
We do not recommend removing digitally signed files from Microsoft Windows Component Publisher

What is rundll32.exe?
Rundll32.exe is a process that allows dynamic link libraries (DLLs) to be executed. Many system DLLs contain entry points for external use. These include the control panel, as well as Shell32.dll, which allows you to bring up windows such as the "Open with..." dialog.

This process is a system process that is essential to the system's proper operation. Despite this, it is generally safe to kill a misbehaved rundll32.exe, as it will only terminate the program that is executing as a DLL. Removing the executable altogether, however, will render your system unable to execute DLLs and thus render significant parts of the system unusable. The screenshot below illustrates how this process should appear in the task manager:



In the above screenshot, rundll32.exe is running as the current user (Mike). Due to the nature of this process, it can run as any user.

Dangers of rundll32
As this is a critical system process that runs on every Windows machine, it is common for virus writers and spyware vendors to disguise their malware as the genuine one.

Some malicious files will have the same name but will be stored somewhere other than in %SystemRoot%\System32 on NT-based systems and %SystemRoot% on 9x-based systems. Other malware will use a name that appears similar to it but with slight differences in spelling or with appended or removed digits. The following malware is known to disguise itself as rundll32.exe:
  • W32.Miroot.Worm (%SystemRoot%)
    • Miroot is a worm that infects systems through network shares.
  • Backdoor.Lastdoor (%SystemRoot%\System32)
    • This is a Trojan that overwrites the real rundll32.exe on NT-based systems.
  • Troj/AnaFTP-01 (%SystemRoot%\rundll.exe)
    • This is an FTP Trojan that listens on port 41462 for remote access.
  • W32.Rbot-GSJ (%SystemRoot%\rundll.exe)
  • W32.Agobot.EQ (%SystemRoot%\System32\rundll.exe)
There can be any number of instances of this process running at a given time. The presence of multiple instances is a not an indicator of a malware infection.

Common problems
  • Cannot find rundll32.exe when opening the control panel
    • This is caused by a corrupt or missing rundll32.exe file. This is often caused by a virus infection on your system. Once you are sure your system does not have a virus, restore your rundll32.exe from your Windows installation disc.
  • This process uses 100% CPU time
    • Because rundll32.exe allows any dll to be executed, and as such the executing dll will appear as rundll32.exe, any misbehaved dll could cause rundll32.exe to use 100% CPU time. Kill the offending rundll32.exe instance to try to determine the cause.

Automatic startup locations

001 Running Processes
002 Autorun registry entries local machine
003 Autorun registry entries Current User
004 All users startup startmenu
005 Current user startup startmenu
006 Start Menu\Programs\Startup
007 Roaming Start Menu\Programs\Startup
008 Autorun registry entries Default user
009 Autorun registry entries SYSTEM user
010 Installed services
012 Autorun registry entries S-1-5-XX users
013 RunOnce registry entries S-1-5-XX users
033 Winlogon Userinit
034 Winlogon Shell
035 Active Setup Installed Components
038 Winlogon Taskman
063 BootExecute
065 Image File Execution Options (debugger)
071 Notification Packages
073 %windir%\Tasks
135 Current User Runonce (+ subkeys)
136 Local Machine Runonce (+subkeys)
139 Windows\load
166 HKCU Policies\Explorer\Run
167 HKLM Policies\Explorer\Run
191 Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run

Digital signatures found for this file

    Certificate 
63 Microsoft Windows Component Publisher - Microsoft Timestamping Service
40 Microsoft Windows Publisher - VeriSign Time Stamping Services Signer
22 Microsoft Windows - Microsoft Time-Stamp Service
19 Microsoft Windows XP Publisher - VeriSign Time Stamping Service
9 Microsoft Windows 2000 Publisher (Europe) - VeriSign Time Stamping Service CA SW1
7 Microsoft Windows Publisher - VeriSign Time Stamping Service
3 Microsoft Windows Component Publisher - VeriSign Time Stamping Services Signer
3 Microsoft Windows - VeriSign Time Stamping Services Signer
2 Microsoft Windows 2000 Publisher (Europe) - NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1 Microsoft Windows XP Publisher - VeriSign Time Stamping Services Signer
1 Microsoft Windows 2000 Publisher - VeriSign Time Stamping Service CA SW1
1 Microsoft Windows XP Publisher (Europe) - VeriSign Time Stamping Service
1 Microsoft Windows 2000 Publisher - NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1 Microsoft Windows - Microsoft Timestamping Service
1 SteamDonkey LLC - COMODO Time Stamping Signer

MD5 security rating in our database

1004 files (Not yet rated and not signed)
3 files (Not yet rated and digitally signed)
3 files (Safe and not signed)
194 files (Safe and digitally signed)
Some versions of this filename have not yet been checked for safety.
Warning: Some malware might rename itself to rundll32.exe. Always make sure that your file is from a verified publisher.

User ratings for this file

File rating: Average rating of rundll32.exe: by 1204 files and users.

Application errors

Fix rundll32.exe application error:  Run a FREE registry scan

User comments

I have two versions of this program running on my machine.
one running under my username and the other running under the SSYSTEM user name.
I know a virus that run under rundii32.exe. Be careful for processes with a similar (false) name.


Please add your comments if you have more information about this file or if you know how to solve rundll32.exe application errors.


File safety :

File security rating :

Are you human? How much is 14+17:


Like this page?

Please support this free service by giving us a Google+1


Browse files by letter

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

More system processes

rundll33.exe rundll42.exe rundll47.exe
rundlll.exe rundlls.exe rundtl32.exe
rundumX.dll rundys32.exe RunEPoker.exe
runescape.exe RunExe.exe runexe.ocx

Lansweeper computer inventory From the creator of Runscanner:

Lansweeper
is an automated IT asset management tool. It can quickly scan your computers and has over 250 default reports available.

There is no need to install any agents on the scanned computers, all hardware and software inventory scanning is done by standard build-in functionality.