Windows operating system contains millions of dynamic link libraries (DLL’s) that provide functionalities that other applications use. Through using these already developed DLL files, applications take less space and program developers do not need to code the same thing again and again. They can simply refer to that particular DLL and get the job done. Such as when you click “Save as”, almost every program displays the same dialogue box. In this article, we are going to talk about Why is rundll32.exe Running on Your Computer – What is it?
There is no way that you can directly launch a DLL file on your computer. Rundll32.exe is used to open the functionality stored in these .dll files for other applications. This executable is normally authentic and we can find in ‘/Windows/System32’. If you find this executable somewhere else, then you should scan your computer as your computer could’ve compromised.
If you have been around Windows for any amount of time, you have seen the zillions of *.dll (Dynamic Link Library) files in each and every application folder. They are used to store common pieces of application logic that can be accessed from multiple applications as well.
Since there is no way to directly open a DLL file, the rundll32.exe application is simply used to open functionality stored in share .dll files. This executable is actually the valid part of Windows, and normally should not be a threat.
Note that the valid process is actually located at \Windows\System32\rundll32.exe. However, sometimes spyware uses the same filename and runs from a different directory in order to disguise itself. If you think you have a problem, then you should always run a scan to make sure, but we can verify exactly what is going on… so keep on reading.
Research through Using Process Explorer on Windows 10, 8, 7, Vista, etc
Rather than using Task Manager, we can use the freeware Process Explorer utility from Microsoft to figure out what is going on. That has the advantage of working in every version of Windows and the best choice for any troubleshooting job.
Simply open Process Explorer, and you will want to select the file or Show Details for All Processes to make sure that you are seeing everything.
Now when you go to the rundll32.exe in the list, then you will see a tooltip with the details of what it actually is:
Or you can also right-click, choose Properties, and then take a look at the picture tab to see the full pathname that is launched. And you can even see the Parent process, that in this case is the Windows shell (explorer.exe). That indicates that it was likely launched from a shortcut or startup item.
You can browse down and see the details of the file just like we did in the task manager section above. In my instance, it is actually part of the NVIDIA control panel. And so I am not going to do anything about it.
How to Disable the Rundll32 Process in Windows 7
That depends on what the process is, you won’t want to necessarily disable it. However, if you would like to, then you can type msconfig.exe into the start menu search or run box. And you should be able to find it by the Command column, that should be the same as the “Command line” field we saw in Process Explorer as well. Simply uncheck the box to avoid it from starting automatically.
Most of the time the process does not actually have a startup item. In which case you will likely have to do some research to figure out where you actually start from. For instance, if you open up Display Properties on XP then you will see another rundll32.exe in the list. Because Windows internally uses rundll32 in order to run that dialog.
Disable in Windows 8 or 10
If you are using Windows 8 or 10, then you can use the Startup section of Task Manager to disable it.
Use Windows 7 or Vista Task Manager
One of the great features in Windows 7 or Vista Task Manager is the ability to see the full command line for any of the running application. For instance, you guys will see that I have two rundll32.exe processes in my list here:
If you go to View or Select Columns, then you will see the option for “Command Line” in the list. That you will want to check.
Now you can also see the full path for the file in the list, which you will notice is the valid path for rundll32.exe in the System32 directory. And the argument is another DLL that is actually what is running.
If you browse down to locate that file, which in this example is nvmctray.dll, then you will mostly see what it actually is when you hover your mouse over the filename:
Otherwise, you can open up the Properties and take a look at the Details to view the file description. That mostly will tell you the purpose of that file.
Alright, That was all Folks! I hope you guys like this article and also find it helpful to you. Give us your feedback on it. Also if you guys have further queries and issues related to this article. Then let us know in the comments section below. We will get back to you shortly.
Have a Great Day!