subject: Rundll32.exe Features Analysis - How To Fix Rundll32.exe Error? [print this page] What is Rundll32.exe? What is Rundll32.exe?
Now, let's learn more information about the file Rundll32.exe. The role of Rundll32.exe is to execute the internal function of DLL files, so that in the processes there is only Rundll32.exe, instead of the DLL backdoor, which allows the DLL files to be hidden. If you find that there are several Rundll32.exe in the system, please don not worry, as this just shows how many DLL files have been initiated. Of course, as for what the DLL files executed by Rundll32.exe are, we can find them where the system automatically loads.
Is Rundll32.exe infected?
If your computer has the disguised Rundll32.exe file, the system may have contained several files produced by viruses. Generally, these files survive by attaching to other processes, and they download or upload information in the background of the system, doing relatively great harm to the system. The following is the sum-up of some features of infected Rundll32, which may be good alerts to computer users while using their computers.
Feature One:
As long as opening a website, the computer becomes extremely slow; in the processes of the Task Manager, Rundll32.exe occupies CPU 99%. Meanwhile, there are other processes with strange names which will appear again after being closed. And, the antivirus/anti-spyware software does not seem to work to these processes.
Feature Two:
Download a free Process Viewer tool to see the file path of the process Rundll32.exe. If the file path is not C:windowssystem32, it is usually the case that the virus disguises itself and stores in another file directory. Then, there are always many Rundll32.exe appearing in the system process, while it usually exists as hidden file.
Feature Three:
Check the Registry. If the following keys are added, then your system has been infected.
Access the computer system; click Run on Start menu; type cmd, and type netstat an in the opened command window. If a large number of TCP connections to the external port 6667, or TCP port 5800 and 5900 are in monitoring, then your system may have been infected, as follows:
C:>netstat.exe n
Active Connections
Proto Local Address Foreign Address State
TCP x.x.x.x:1043 149.156.91.2:6667 CLOSE_WAIT
TCP x.x.x.x:1045 198.65.147.245:6667 CLOSE_WAIT
...
TCP x.x.x.x:4811 198.65.147.245:6667 CLOSE_WAIT
TCP x.x.x.x:4887 149.156.91.2:6667 CLOSE_WAIT
Feature Five:
Often disguise itself with different process names, such as rundll132.exe, rundl132.exe, etc. All these need to be carefully viewed with a Process Viewer tool.
Solutions to fix Rundll32.exe
1. Rundll32.exe is a Windows executable file which can be disabled by many viruses. However, there is a virus named Happy Times which has the same name and size as Rundll32.exe and it keeps reproducing itself under the root directory of each folder you open. If a large number of this file appears in your computer, then your computer is undoubtedly infected, and usually most antivirus software can not solve this problem. The general solution is, manually bulk deleting all the files with the name Rundll32.exe, and then retrieve from the Windows source program the useful file Rundll32.exe. The way to retrieve it is, taking Windows XP as an example, typing cmd in the Run box and pressing Enter; typing:
CD-ROM is the location of the operating system source code, not necessarily the drive.
2. The original file of Rundll32.exe has backup in C:windowssystem32dllcache, where you can make a copy.
3. Download the same file from website and cover it to the directory C:windowssystem32.
4. If you have two computers at home, it is also available by copying and recovering the file from one computer to another.
Please notice that only Rundll32.exe in the same version of system can be recovered, or the system will show an error. Before recovering the process manager should be used first to end the process Rundll32.exe.
If you are still not sure that your Rundll32.exe has got infected after reading the four features above, you can also download Spyware Cease and run the Online Scan function built in, to accurately check and diagnose whether your Rundll32.exe has been infected.
