Windows operating system contains millions of dynamic link libraries (DLL’s) which provide functionalities which other applications use. By using these already developed DLL files, applications take less space and program developers don’t need to code the same thing again and again; they can simply refer to that specific DLL and get the job done. For example when you click “Save as”, almost every program displays the same dialogue box.
There is no way you can directly launch a DLL file on your computer. Rundll32.exe is used to launch the functionality stored in these .dll files for other applications. This executable is normally authentic and is to be found in ‘/Windows/System32’. If you find this executable somewhere else, you should scan your computer as your computer could’ve been compromised.
How to see which application is using rundll32.exe?
Normally people use task manager to diagnose which application is executing which executable but we will be using another software by Microsoft named “Process Explorer Utility”. Download it from the official website and install it on your computer before following the steps given below.
- Now click “File” and select “Show Details for All Processes”. This will ensure we can see all the running processes on your computer. Do note that you will require administrator privileges to perform this action.
- Now when you hover over the process in the “rundll.exe” category, you will see a tooltip giving information about the location of the executable and the location is being targeted into. As you can see, the target of the DLL is NVIDIA.
- Right-click on the executable and select “Properties”. Navigate to the image tab. Here you can see the full pathname that is being launched. Check the parent process to see which application launched the executable. In this case, it is “rundll.exe”; this indicates that the executable was launched from a shortcut or desktop icon.
Is Rundll32 harmful to my computer?
Ideally, there is only one instance of rundll32.exe running on your computer. It is possible that there are more than instances running if there is more than one application require DLL services. If you are concerned regarding the health of your computer, make sure that the executable is located at a valid location. If you see the executable somewhere suspicious, scan your computer for potential threats and remove it as soon as possible.
You can also disable the application which uses rundll32.exe either by uninstalling the application or by disabling it using Services. Make sure to restart your computer after implementing the changes.