What Is Microsoft Windows Host Process Rundll32?
Wondering why you see Rundll32.exe running in Task Manager? Learn what it's for and when it might be a problem.
Windows includes thousands of dynamic link libraries that provide system features for other applications to use. For example, when you click Save As, almost every program displays the same dialog box. By using these DLL system resources, programs require less space and program developers don't have to reinvent the wheel for every application.
The Role of Rundll32
DLL files aren't applications, so they can't run on their own. Other programs open DLLs to use their features. When Windows needs to open a DLL file directly, it uses Rundll32.exe, an application made specifically to load DLL files.
How to Use Rundll32
During day-to-day computer use, you never need to use Rundll32 manually. Windows runs the program as needed behind the scenes. In the unlikely situation that you need to load a DLL file, type Rundll32 at the command prompt, followed by the name of the DLL, and press Enter. The Rundll32 command prompt command has no other switches or options.
The command prompt (or the equivalent Run dialog box) is the only way to use Rundll32. Locating the program in the Windows directory and double-clicking it won't have any effect, because this method doesn't provide a way to specify a DLL file.
Inspect Rundll32 in Task Manager
Windows usually has at least one copy of Rundll32 running at any given time. In Windows 8, check the Details tab in the Task Manager (press Ctrl-Shift-Esc) to see details about Rundll32.exe and other active programs.
Usually, you don't need to worry about Rundll32, but if you see several running copies or if Rundll32 is using a high percentage of your CPU power, check its location to make sure it's a legitimate Windows process. Right-click each copy of Rundll32.exe and choose Open File Location to find its source. The real Rundll32 will open to C:\Windows\System32 or C:\Windows\SysWOW64. If another location opens instead, run a full virus scan, as the Rundll32 might be a fake.
Fake copies of Rundll32 might have slightly altered names rather than use different locations. Look out for names such as Rundll32_.exe -- note the underscore.