What is the Rundll32.exe process?

What is the Rundll32.exe process?  Is it dangerous?

If you do a good old fashioned CTRL+ALT+DEL and see a few Rundll32.exe’s in the process list you may be alarmed. The good new is that rundll32 is a standard Windows component – you definitely don’t want to delete it. However, it is used to execute dll files and while the exe is fine, the dll it’s running may not be.

In order to find out the module being executed by Rundll32, read on. (This will not work with Windows XP Home edition, as it does not have tasklist)

Open a Command Prompt (Start->Run CMD) and type the following:

tasklist /m /fi “IMAGENAME eq rundll32.exe” >C:rundll.txt

Now, open rundll.txt and identify the modules that are not system related. Anything that looks like it was randomly named is almost definitely bad (Example: Cxz32db.dll)

If you run into a bunch of DLL’s that you are not familiar with, then it is a good idea to run a spyware and virus scan. Many trojans load as DLLs with Rundll32.exe, so better to be safe than sorry. If you’re in a hurry, you can likely just scan the Windows directory, as that’s where 99% of all DLLs, trojan or not, are stored.