rundll32.exe and rundll.exe
|Windows Help > Windows Processes > rundll32.exe and rundll.exe|
rundll32.exe and rundll.exe - DLL ExecuterMicrosoft Windows began life as a 16-bit OS, and even now maintains some degree of compatibility with older programs written during this era. The rundll.exe file was used to execute Dynamic Link Library (DLL) files as if they were executable binaries. It was a legitimate component of the Windows OS in the days of Windows 95, 98, and Me.
Today it's been replaced by the 32-bit version, known as rundll32.exe. This binary fulfills the same requirement. It invokes DLL files, acting as a shell in which they can execute. The legitimate, Windows-supplied version of both rundll.exe and rundll32.exe are critical components of the operating system and should never be deleted or altered.
Under 16-bit versions of Windows, rundll.exe was found in the C:\windows directory. Its successor, rundll32.exe, can be found on Windows NT, 2000, XP, and Vista in the C:\windows\system32 directory. Copies of rundll.exe generally should not be found on 32-bit versions of the OS, nor should rundll32.exe be found on Windows 95, 98, or Me. More information about both these files and the mechanism by which DLLs operate can be found on Microsoft's OS support site.
Deleting, disabling, or altering either of these files is not recommended since doing so may cause certain functions to stop working. DLLs, while often used to pass viruses and other malware, are also legitimately used in Windows software developing. Not all DLLs represent malware.
If you find copies of either rundll.exe or rundll32.exe in locations other than those noted above, you should treat them as suspicious files. Also, DLLs received from websites or via email should not be run blindly since they may contain viruses or other malware. As always, if you suspect a malware infestation you should download and run a current copy of an antivirus/malware scanner in order to isolate and remove the offending application. Be sure to obtain the most recent definition files, since these are critical to the removal of current malware variants.