Understand the Windows Process rundll32.exe

A problem child in the Windows pantheon of processes is something called rundll32.exe. The rundll32.exe program exists to run programs held in DLL files. A DLL is a Dynamic Link Library, a common set of routines used by a number of programs in Windows. To run one of these routines directly, the rundll32.exe program lives up to its name and runs the dll program file.

The problem with rundll32.exe is that it can easily run a process that’s secretly malware. Here’s what you can do to review the list of processes being run by rundll32.exe:

  1. Start a command prompt window.

    From the Start button menu, choose All Programs→Accessories→Command Prompt.

  2. Type the following command:

    tasklist /m /fi “imagename eq rundll32.exe”
  3. Double-check your typing.

  4. Press the Enter key.

    Quickly, text spurts onto the command prompt window. The details show which services are being run by the various instances of rundll32.exe.


The information that’s displayed only tells you some nerdy things about what the rundll32.exe program is up to. Only when you know which nasty programs to look for can you confirm that rundll32.exe is running them.

  • The rundll32.exe program is merely the messenger. Although it can be abused to run nasty software, or you may occasionally see rundll32.exe in an error message, the program itself is most likely not the problem child. No, it’s probably one of the DLLs that rundll32.exe is running that’s causing you strife.

  • Don’t be surprised in Windows 7 not to find any tasks using rundll32.exe. It’s an older technology, and you’d have to be running older applications or games to see any active rundll32.exe tasks.

  • The original program to run DLL files was named rundll.exe. That was the filename used with the Windows 95, 98, and Me editions. Because Windows XP is a 32-bit operating system, the filename was changed to rundll32.exe.

blog comments powered by Disqus

Inside Dummies.com

Dummies.com Sweepstakes

Win $500. Easy.