What is RUNDLL32.exe?
First of all let me tell you what rundll32.exe is! Rundll32.exe is a Windows host process which runs and executes all your dll files. It is a very important process and is required for all your applications to work properly.
How to spot if Rundll32 is infected?
Normally files with .exe extensions are application files having windows default application icons. If your Rundll32.exe is infected the icon turns into a page type icon. Check out in the images below!
There are many ways Rundll32 can get infected. Rundll32.exe can be attacked by a hacker or a bot maker and can be exploited by making it steal passwords and other confidential data that you enter online. These files will then run in stealth mode and automatically replicate itself.
The exploited rundll32 file can also be used by a hacker to use your system as a bot and spread malware such as DDOS (Distributed Denial-Of-Service) attack. These files then become undetectable to many antivirus softwares. Believe me, i have tried many popular antivirus out there such as Norton, Kaspersky, Avira AntiVir, Avast, Eset, Comodo and scanned it even from as low as Spyware Doctor and Microsoft Security Essentials! But all in vain, none of them detected a fault in it.
In case your rundll32.exe is infected you can easily confirm it by looking in your task manager, if there are multiple processes going by the name ‘rundll32.exe’, then i am sorry to say that your system is already compromised.
Please take the steps below to neutralize it immediately!
How i fixed my problem of rundll32.exe?
I searched in many forum sites of how to repair rundll32.exe but turns out many sites led me to specialised PC repair products which would perform free scans of my computer and when it comes time to fix them, they ask for product keys.
I certainly believe they would never repair the rundll32 file as they never actually detected them.
So i decided to replace the rundll32 file with the backup file. For those of you who dont know where the rundll32 backup file is located, its in your C:\Windows\Prefetch or your i386 folder. When i went to delete the rundll32 file it said ‘Access Denied’ which turned out to be another dead end.
I finally gave up and decided to format my whole PC. When i was almost thinking to go for it, i came across an article which i thought was worth a last try. You can find this article over here.
According to the article, i took the following steps:
- First, to take ownership of the rundll32.exe file go to Start menu > Run. Type cmd to open Command Prompt.
- Now type the following command to take ownership of the file :
takeown /f C:\Windows\System32\rundll32.exe
- Dont hurry, we still cant delete the file, we have just taken ownership of the file and have no control over the file yet. Now type the following command to gain full access on the file :
cacls C:\Windows\System32\rundll32.exe /G rdx:F (NOTE: Please replace ‘rdx’ with your System Username)
- Thats it, now head over to C:\Windows\System32 and delete the rundll file. If you still cant delete, restart your computer in Safe Mode and open CMD. Then type in del C:\Windows\system32\rundll32.exe.
This will surely erase the file from your system.
Now i sucessfully copied the backup file into C:\Windows\System32 folder. Your backup file will be located in either C:\Windows\Prefetch folder or the ‘i386′ folder.
Finally, my WINDOWS was working fine.
Download a genuine copy of rundll32.exe for Windows 7 operating system over here.
Download a genuine copy of rundll32.exe for Windows Vista operating system over here.
Please leave a comment if this tutorial has helped you in any way and also if you encounter any problem and need assisstance. I had be happy to help you.