Hi, this post will explain more about rundll32.exe and how it works
What is rundll32?
If you have been Using windows for any period of time, you will have seen the zillions of *.dll (Dynamic Link Library) files in every application folder, which is used to store the common piece of application logic that can be accessed from multiple applications.
The rundll32.exe application can be used to open functionality stored in shared .dll files since there is no way to open a DLL files directly. This executable is a valid part of Windows, and normally should not be a threat.
Note: The valid process is located in the \Windows\System32\rundll32.exe, but in some cases, spyware uses the same filename and runs from a different directory in order to disguise itself. If you think you have any problem, you should always run a scan to be sure, but we can get exactly what is going on… so you can keep reading
Is Rundll32.exe a Virus?
Is rundll32.exe a virus? No, it is not a virus. The true rundll32.exe file is a safe Microsoft Professional Windows system process, named “Run a DLL as an App.
Rundll command line
The command line for Rundll is as follows:
RUNDLL.EXE <dllname>,<entrypoint> <optional arguments>
An example is as follows:
RUNDLL.EXE SETUPX.DLL,InstallHinfSection 132 C:\WINDOWS\INF\SHELL.INF
There are 3 issues to consider carefully in the above command line:
- Rundll32 search for the given DLL filename in the standard places. It is advisable that you provide a complete full path to the DLL to ensure that the correct one is found. For best results, use the abbreviation instead of the long file name to ensure that no illegal characters will appear.
- The <dllname> might not contain any spaces or commas or quotation marks. This is a limitation in the Rundll command line parser.
- In the command line above, the comma (,) between the <dllname> and the <entrypont> function name is very important. Assuming the comma separator is missing, Rundll or Rundll32 will fail without indicating single errors. However, there mustn’t be any blank spaces in between the <dllname>, the comma, and the <entrypoint> function.
How To Fix The Rundll32.exe Error
Follow these simple steps:
- Place your Windows CD into your CD-ROM drive.
- Click on the Windows icon and type in the search bar.
- Type expand D:\i386\rundll32.ex_ c:\windows\system32\rundll32.exe in the Open box, assuming D is the letter of your CD-ROM drive.
- Re-boot your computer.
How do I Disable the Rundll32 Process? (Windows 7)
What the process is made up will tell if you would disable it, but if you would like to disable it, you can type msconfig.exe into the start menu search box and you should be able to find it by the Command column, which should be the same as the “Command line” field above. Simply uncheck the box to prevent it from starting automatically.
Sometimes the process doesn’t actually have a startup item, in which case you’ll likely have to do some research to figure out where it was started from. You will locate another rundll32.exe in that list if you open the Display Properties on XP because Windows internally use the rundll32 to run that dialog.
How to Disable rundll32.exe on Windows 8 or 10
If you’re using Windows 8 or 10, you can use the Startup section of Task Manager to disable it.