Rundll32.exe is critical to the functionality of your Windows operating system. This program file executes all of your dynamic link library (DLL) files and places their libraries into the system memory. Without this file, your computer will become unstable and run very slow. The file runs from your system directory, e.g., C:WindowsSystem32. If it is running from another location, it has most likely been redirected or overtaken by a virus or Trojan Horse and needs to be reinstalled once the virus issue has been addressed.
In this video, learn how to restore rundll32.exe on your Windows XP machine. You can also use this method to fix or patch a missing or deleted.
Locate Copies of Rundll32.exe on Your System
Step 1
Use the Windows Search tool to determine if rundll32.exe exists on your computer. Click on 'Start,' 'Search,' 'All Files and Folders.'
Step 2
Type 'rundll32.exe' in the 'All or Part of the File Name' section.
Step 3
Select 'All Local Hard Drives' from the 'Look in:' drop-down list for the best results and click 'Search.'
Step 4
Make note of any specific paths where the file is located.
Step 5
Delete any occurrences of the file that are not in C:WindowsOptionsInstall, C:ServicePackFiles, or the cabinet files from your initial Windows Installation. These are indicative of a virus or Trojan Horse that need to be addressed separately.
Continue to 'With a Copy of Rundll32.exe on Your System' if you have located a legitimate file copy. Skip to 'Without a Copy of Rundll32.exe on Your System' if you have not.
With a Copy of Rundll32.exe on Your System
Step 1
Click 'Start,' then 'Run', to open the command window.
Step 2
Type 'msconfig' in the field labeled 'Open' and press 'Enter.' This opens the System Configuration Utility. Click the 'Expand File' button on the General tab.
Step 3
Type 'rundll32.exe' in the 'File to restore' field. Type the location of the file copy in the 'Restore from' field, e.g., 'C:WindowsOptionsInstall'. Type the location where the file should be located in the 'Save file in' field, e.g., 'C:WindowsSystem32'.
Click on 'Expand.' If the file is located and copies into the System32 folder, your system file has been restored. If the file cannot be reinstalled from the alternate location, you will need to reinstall Windows to recover the file.
Without a Copy of Rundll32.exe on Your System
Step 1
![Rundll32.exe error Rundll32.exe error](/uploads/1/2/5/8/125874928/408274342.jpg)
Step 2
Click 'Start,' 'Run' to open the command window. Type 'msconfig' in the field labeled 'Open' and press 'Enter.' This opens the System Configuration Utility. Click the 'Expand File' button on the General tab.
Step 3
Type 'rundll32.exe' in the 'File to restore' field. Type the drive location of the installation disk in the 'Restore from' field, e.g., 'D:'. Type the location where the file should be located in the 'Save file in' field, e.g., 'C:WindowsSystem32'.
Click on 'Expand.' If the file is located and copies into the System32 folder, your system file has been restored. If the file cannot be located individually on the installation disk, you will need to reinstall Windows to recover the file.
Warning
- The Rundll32.exe process is registered as a backdoor vulnerability that may be used by hackers to distribute malware. These security risks need to be removed from your computer with a reputable anti-virus software.
More Articles
One of the problems when you’re trying to diagnose any problems in Windows, is quite a lot of information about what files and programs are loaded in the background is hidden away and not readily visible. One of these Windows programs is the svchost.exe process which just looks like a single process in Task Manager, but in fact can contain several dll loaded services which you won’t know about unless you know how to identify what’s inside the svchost process.
![Rundll.exe download xp windows 10 Rundll.exe download xp windows 10](/uploads/1/2/5/8/125874928/506824235.jpg)
Another process that might be showing in your Windows Task List but you can never know what it is will probably be the rundll32 process. Rundll32.exe is a part of Windows found in WindowsSystem32 and used to run program code in a dll file as if it was an actual program. The dll file can’t be executed directly, that’s why the rundll32.exe is required to to run it.
A lot of malicious software can also use this name or similar names to fool you into thinking the virus is actually a legitimate Windows file. Names such as rundII32.exe (actually using 2 uppercase i letters) or rundll.32.exe are not uncommon and you should always study the rundll32 (and svchost) file names in Task Manager if you suspect you have malware on your system. Rundll32 is also commonly used by spyware to launch its own code. As you can see if you open the Task Manager and you have a Rundll32.exe present, you can’t actually see by default what the dll is it’s launching.Here’s how to identify what DLL files are being loaded in rundll32.exe on Windows XP, Vista and 7.
Use Task Manager to Identify the Rundll32.exe Command in Use
This function is only available in Vista and above, and what it does is show an extra column in Task Manager which tells you what the command line currently used by the process is. Open Task Manager -> View menu -> Select Columns…, click the Command line box and then OK.
A new column will now be available and you should be able to identify which dll is being executed.
Identify Loaded DLL Files Using Process Explorer
Process Explorer is a great Task Manager replacement made by SysInternals which can display a lot more detailed information about what the Rundll32 process is loading. Simply run the Process Explorer tool and you will be presented with a Task Manager type list of processes.
All you have to do is hover your mouse over the Rundll32.exe entry and it will show you in a tool tip what command is being launched and which dll is being executed. As you can see from the image, this rundll32.exe is executing the nVidia tray icon.
Download Process Explorer
Identify Loaded DLL Files through Command Prompt
Here is a manual way of identifying DLL files in rundll32.exe. Open a Command Prompt by pressing WinKey+R and type cmd. Then type or paste the command below into the prompt and hit Enter.
tasklist /m /fi 'IMAGENAME eq rundll32.exe'
Do take note that by default, Windows XP Home edition does not have the tasklist.exe utility, only Professional. It is built into all versions of Windows Vista and 7. If you want the Tasklist tool for XP Home you can download it from this link:
Download Tasklist.exe
The dll modules are displayed on the right side of the tasklist result. You’ll probably see a lot of modules being displayed which are the internal Windows dll’s and it takes a little knowledge from an experienced user to identify any dangerous dll on the list. If you’re unsure, you can always do a search in Google on the dll file name.
Fake Rundll32 files
Now you know how to identify loaded DLLs in rundll32.exe, but there are also instances of spyware and viruses replacing the Windows original rundll32.exe with a fake one. When you have a bad or corrupted rundll32.exe, you’ll have problems in opening Control Panel and etc.
To check whether your rundll32.exe has been modified or replaced, you can open it with Notepad, Wordpad or a Hex editor. Once you’ve opened rundll32.exe, look for the word “padding”. If this word is inside the rundll32.exe, it means that you’re using a fake file and it needs to be replaced.
The simplest way to replace the file is using the System File Checker (SFC) from the Command Prompt.
1. Press Win key+R and type cmd into the Run dialog, press Enter.
2. Type the command below into the Command Prompt and press Enter. Windows should now replace the corrupted rundll32.exe and any other system files damaged by a virus or other issues.
sfc /Scannow
If you know only the rundll32.exe file is corrupt and you’re using Vista or 7, you can avoid a full system file check and just run SFC on that 1 file.
sfc /scanfile=c:windowssystem32rundll32.exe
Windows XP users may need the Windows installation CD to restore an original file. A very useful and time saving tip to avoid needing the CD in future when running SFC is to copy the i386 folder to your hard drive.
You might also like:
7 Ways to Easily Identify SVCHOST.EXE Service NameFind Out the Command Line Location When Windows Opens a Process7 Task Management Tools that can Replace the Windows Task ManagerDetermine Program Path from Task Manager for Running ProcessFix Windows Task Manager With Missing Tabs and Menu 5 Comments - Write a Comment
thankyou.
ReplyThanks Raymond. Helped alot
Replypretty useful info findout it wasnt virus or whatever in my case darn microsoft groove sticking to rundll like a glue it wont let my computer open or anything else then removed them in safemode things back to normal
ReplyWhat if there is nothing written under the “Comand Line” column? Also nothing under “User Name” or “Description”? I have 3 seperate “rundll32.exe” processes running with nothing under any of those columns.
Replythanks Raymond
Reply