You’ve found rundll32.exe running on your computer, but now you’d like to know what it is doing there. Don’t worry, it’s not a virus and your Windows computer is happy to have it around. But, what does rundll32 do? Let’s find out!
Is it safe?
Yes! Rundll32.exe is made by Microsoft and normally causes no threat to your computer at all. It is similar to another executable that we talked about, svchost.exe. Both processes act as hosts that allow .dll (Dynamic Link Libraries) files to run without their own executable. The difference is, rundll handles most third party .dll files and svchost handles primarily internal system .dll files.
As is with any executable file, the only chance of danger is when a malicious program invades your computer and uses a system named file to blend in. On most Windows system, rundll32.exe will be installed in one of the two locations:
What is rundll32.exe currently doing?
Normally rundll32 is pretty vague about what .dll it has loaded. So, to delve deeper we need to go grab and install a program called Process Explorer. With process explorer you can hover over each item to get exact stats and details of all of the currently running process on your computer, but it is still slightly limited.
In the example below, Chrome is loading a .dll file through rundll32.exe. If I want to figure out where it is, I just have to follow the command or target path.
Rundll32.exe is a basic .dll file-host and it can be used in conjunction with a variety of third party programs. It poses very little threat, unless taken over, but that is unlikely if you have some good antivirus software installed. Overall, I can’t say its useful to the everyday user to know this, but there are a few out there who will really appreciate understanding the complexities of rundll32.exe