How to fix rundll32.exe?

What is RUNDLL32.exe?

First of all let me tell you what rundll32.exe is! Rundll32.exe is a Windows host process which runs and executes all your dll files. It is a very important process and is required for all your applications to work properly.

How to spot if Rundll32 is infected?

Normally files with .exe extensions are application files having windows default application icons. If your Rundll32.exe is infected the icon turns into a page type icon. Check out in the images below!

rundll infected How to fix rundll32.exe?

Infected rundll32.exe

 

rundll cured How to fix rundll32.exe?

Normal rundll32.exe

 

There are many ways Rundll32 can get infected. Rundll32.exe can be attacked by a hacker or a bot maker and can be exploited by making it steal passwords and other confidential data that you enter online. These files will then run in stealth mode and automatically replicate itself.

The exploited rundll32 file can also be used by a hacker to use your system as a bot and spread malware such as DDOS (Distributed Denial-Of-Service) attack. These files then become undetectable to many antivirus softwares. Believe me, i have tried many popular antivirus out there such as Norton, Kaspersky, Avira AntiVir, Avast, Eset, Comodo and scanned it even from as low as Spyware Doctor and Microsoft Security Essentials! But all in vain, none of them detected a fault in it.

In case your rundll32.exe is infected you can easily confirm it by looking in your task manager, if there are multiple processes going by the name ‘rundll32.exe’, then i am sorry to say that your system is already compromised.
Please take the steps below to neutralize it immediately!

How i fixed my problem of rundll32.exe?

I searched in many forum sites of how to repair rundll32.exe but turns out many sites led me to specialised PC repair products which would perform free scans of my computer and when it comes time to fix them, they ask for product keys.
I certainly believe they would never repair the rundll32 file as they never actually detected them.

So i decided to replace the rundll32 file with the backup file. For those of you who dont know where the rundll32 backup file is located, its in your C:\Windows\Prefetch or your i386 folder. When i went to delete the rundll32 file it said ‘Access Denied’ which turned out to be another dead end.

I finally gave up and decided to format my whole PC. When i was almost thinking to go for it, i came across an article which i thought was worth a last try. You can find this article over here.

According to the article, i took the following steps:

  1. First, to take ownership of the rundll32.exe file go to Start menu > Run. Type cmd to open Command Prompt.
  2. Now type the following command to take ownership of the file :
    takeown /f  C:\Windows\System32\rundll32.exe
  3. Dont hurry, we still cant delete the file, we have just taken ownership of the file and have no control over the file yet. Now type the following command to gain full access on the file :
    cacls C:\Windows\System32\rundll32.exe /G rdx:F (NOTE: Please replace ‘rdx’ with your System Username)
  4. Thats it, now head over to C:\Windows\System32 and delete the rundll file. If you still cant delete, restart your computer in Safe Mode and open CMD. Then type in del C:\Windows\system32\rundll32.exe.
    This will surely erase the file from your system.

Now i sucessfully copied the backup file into C:\Windows\System32 folder. Your backup file will be located in either C:\Windows\Prefetch folder or the ‘i386′ folder.
Finally, my WINDOWS was working fine.

Download a genuine copy of rundll32.exe for Windows 7 operating system over here.

Download a genuine copy of rundll32.exe for Windows Vista operating system over here.

Please leave a comment if this tutorial has helped you in any way and also if you encounter any problem and need assisstance. I had be happy to help you.

Subscribe to our Weekly Newsletter

I take your privacy very seriously

Comments

  1. Murugappan

    I had switched to Ubuntu only because of this annoying thang. Thank GOD (read as: GAD), you have written a tutorial on this. Would be of great help if I ever switch to windows. Thank you again, man! Have a blessed day! :-)

    • Gautam Doddamani

      Thank you muru for the comment! :) and that GAD is very sweet, though i am just a beginner. I use UBUNTU too and i am eagerly waiting for 11.04 to release. the D-Day is this 28th and i am already excited! :) :)

  2. username

    In the folder “Prefetch” I find 3 rundll32 backup files, what is the difference? Which one should I use?

    RUNDLL32.EXE-095C481F.pf
    RUNDLL32.EXE-1304AE86.pf
    RUNDLL32.EXE-AC01A582.pf

    • Gautam Doddamani

      thats right! prefetch folder has many versions of rundll32 file like .pf and .mui. you should use neither one of them. you should only use .exe versions which are of 43KB in size. if you dont find one in the prefetch folder look for it in the “C:\Windows\winsxs” folder. When in the folder try typing “rundll32.exe” in the search bar at the top, you will definitely find one!

      If there is still no luck, you can always request me for a new genuine rundll32.exe. Thank you. :)

      • Tiffany

        Hi Guataum,

        I have the same problem as the above person. I need a genuine copy of rundll32.exe file sent to me PLEASE!!! So anxious to try and see if this will work. I see so many great comments and I just want my computer back Lol… working with a desktop Windows XP

        Many thanks for whatever you can do!

        Tiffany~

  3. username

    Hello

    I searched in de winsxs folder, I did find a rundll32 file of 43,5KB (in the folder “x86_microsoft-windows-rundll32…”). But the icon is also a page, just like the infected rundll32 in the System32 folder… So I guess that one is also infected???

    What should I do?
    Maybe it’s best that you send me a new genuine rundll32.exe file?
    Thanks for your help!

  4. Biba

    Hi,
    I read your article and find it helpful.I have simmilar problem with rundll32.exe. I searched allfolders for this bacup file but cannot find any. How can I get a new genuine rundll32.exe

    • Gautam Doddamani

      Hi Biba. Sent you an e-mail with a genuine windows 7 rundll32.exe! :)

  5. MAHJONG

    After reading How to fix rundll32.exe? I decided to write a nice note for author. Keep up the good work, I hope to read soon similar articles. Also your site loads up fast!

  6. Diet recipes for diabetics

    Great post, I admire the writing style :) A little off topic here but what theme are you using? Looks pretty cool.

  7. Gautam Doddamani

    glad it helped u! :)

  8. utkarsh

    cannot see even one in the processes of my comp

  9. fake watches for men

    I such as the feedback you’ve got gave, supplying it some believed, I’ll bookmark this web page.!

  10. Art SKI

    When I type; takeown /f C:\Windows\System32\rundll32.exe i get the message; ‘takeown’ is not recognized as an internal or external command, operable program or batch file.

    • Gautam Doddamani

      its working for me buddy. chk if u r logged in as admin! type takeown /? in the command prompt to know more about its parameters!!!

  11. HILARY

    hello there. I have similar probs with my Windows XP system, rundll32.exe problems. I was very impressed with the help given here and have emailed to ask if he can help with my problems. I have also bookmarked this page. Excellent, very easy to understand free help for us who are not so smart but like to use our computers and the internet. Bless you!
    regards from Hilary in Sydney Australia

  12. Dale

    g’day, I downloaded the genuine copy of rundll32.exe for Windows 7 operating system from this page and deleted the old rundll32.exe then extracted back to system32 folder but it still comes up as a page icon. What do I do now?

    • Gautam Doddamani

      hi dale. check if ur whole computer is infected! run a commercial version of spyware doctor and clean up all the vulnerabilities…if all options fail i recommend u to do a re-format of c drive!

  13. Alan

    Hello!

    I have the same problem with this file and run the Vista operating system. I find a similar file 43.5 KB (in the folder “x86_microsoft-windows-rundll32 …”). But the icon is also a page, just like the infected rundll32 in the System32 folder. I think this copy is also infected?

    Do you have the opportunity to send a copy of the “rundll32″ to me.
    Thanks for your help!

    Alan

    • Gautam Doddamani

      sent u mail, alan! chk it :)

      • Alan

        Thank you for the file you sent me but the icon is Also a page, just like the infected rundll32 in the System32 folder. What can I do?

        Alan

        • Gautam Doddamani

          alan sometimes a pagetype icon is normal. chk if u hav multiple rundll32.exe processes running in ur task manager…dats when u’ll know dat ur system has been compromised. also chk if that file is behaving strangely….lyk running background processes and giving false errors. if ur system doesn’t hav symptoms such as these its ok…as rundll32 in some operating systems displays as a page type! :)

          • Alan

            It runs two processes in task manager one with me as a user and one without a user. I do not really understand what you mean by “check if That file is behaving Strangely …. Lyk running background Process and rationale behind false errors”.

            All I know is that my PC goes really slow and I get sometimes the following message from the operating system “rundll32 has final close to work and I will be notified when a solution exists”

            I have not done anything with the file you sent me. I have only extract file and discovered that it has the page type icon. As I wrote before I run the Vista operating system. Do you recommend that I should delete my rundll32 and copy the file you sent me?

          • Gautam Doddamani

            dat proves it..ur rundll32.exe is corrupted. yes i had recommend u to do d same thing but make sure to go in d safe mode and replace it. if it works its gud or else formatting is d only option. rundll32.exe is a very important file as it is required to install and uninstall programs and for other tasks too. dont worry just replace d file and see wot happens…u should stop getting dat error from windows!!!

      • Alan

        Do you think the copy I have (in the folder “x86_microsoft-windows-rundll32 …”) also corrupted?

        and one last question: Is the file “rundll32″ you sent me compatible with Vista? I must not copy this file if it is made for other operating systems (like Windows 7 and XP).

        Tkanks you for helping me.

        • Gautam Doddamani

          oops…i completely forgot about the backup copy u hav in x86 folder. no that wont be corrupted…try replacing d original file wit d backup copy u found in d x86 folder. i m sorry alan, d file i gave u is only for windows 7 users…if u want i can send u a vista compatible file. tel me how d above procedure goes for u first!

          • Alan

            Hello again!

            Now I have another problem. I try to follow your guideline and go to Start menu> Run. Type cmd two open Command Prompt.
            When I type the following command two take ownership of the file:
            takeown / f C: \ Windows \ System32 \ rundll32.exe, so I get a message that I do not have admin rights to perform this process.
            I know that I am the only user on my PC and have admin rights. What can I do?

            Could you please also send me a rundll32 that is compatible with Vista.
            Thanks for your help.

          • Gautam Doddamani

            sent u a mail wit instructions alan. also attached a rundll32 file for vista…chk it! :)

      • Yousuf

        Gautam, I see two files in the backup folder (winsxs), one is under the amd64*** folder (size 44.5) and the other one is inside x86_micro*** (size 43.5k). Which one should I use? The file my windows process takes me to is located at SysWow64 with a size of 43.5k. So I’m assuming I need to copy the version under x86_micro** folder? Which one is correct? Help please!

        • Gautam Doddamani

          hi yousuf sorry for the late reply…no even if you screw up, the computer will startup as it should..it will not mess up your system boot. yes i think the correct rundll is located in your x86 folder as 43.5k is the right file size of rundll32’s. go with it…if you come across any problems just holler! :)

      • aziz

        can u send me the rundll32.exe files plz mines are infected pleasssssssssssssssssssssse

      • ZACK

        pls send me a copy of rundll32 as well my fren

  14. Alan

    Could you please help me! I need “rundll32.exe”

    Alan

  15. Jasper

    HElped me thanks!

  16. Rob

    hi, i can’t seem to find the correct rundll32 file either. could you please send it to my email.
    thanks

  17. Alan

    Hello Gautam Doddamani!
    I’m sorry I could not get back to you earlier about the result of replacement of the rundll32.exe file on my PC. I have been away for a while and could not give you feedback but back to the result.

    When I managed to run the first command (takeown / f C: \ Windows \ System32 \ rundll32.exe) following advice from you to disable the user account control in my system. So it was difficult to carry out the command number 2: cacls C: \ Windows \ System32 \ rundll32.exe / G RDX: F (NOTE: Please replace ‘RDX’ with your System User Name). I got various error messages that the command was invalid. After several days of effort and help from a friend so I started CMD program as an administrator and was able to complete the command. But when was the next step and delete the rundll32.exe. I was not allowed to delete the file. But when I started the PC in safe mode and finally managed to replace the rundll32.exe.

    Now I am relieved that the computer no longer hangs but still takes a long time to start and finish the PC. This problem has nothing to do with rundll32.exe but rather a Vista problem as I have always had.

    I would like to thank you especially for the time you spent to help me. Thanks!

    I appreciate the advice about the fast start and end of my PC if you have any advice.

    Thanks again! Alan

    • Gautam Doddamani

      hi alan u r welcome and about the slow boot time i had suggest you to download tuneup utilities 2011..google it and install it. after install fire up tuneup utilities dashboard and start the utility known as startup manager..here you will get all the apps which are unnecesarily starting at boot…disable all unnecessary apps…this feature greatly affects ur boot time. after that perform registry clean and defrag it later…perform all other optimizations, i m sure you will be surprised how fast ur system will boot up now! :)

  18. What'swrongwithmycomp

    Hi, I’m freaking out. I was just writing my paper and that rundll message popped up and then I saw in the Task Manager that I had 4 rundll32’s running so I followed your instructions and types everything in the CMD but then it says ACCESS DENIED and I can’t delete the rundll thing.
    Please help :(

    • Gautam Doddamani

      hi about your problem i think you are not able to gain administrative privileges to your file, first check whether you are logged in as an administrator on the computer, if you already are, then maybe its a malware…try spyware doctor or spyware terminator to get rid of the viruses…my best guess would be a worm coz its replicating the files!

  19. Amber

    Hi could you please send me the Rundll32 for vista. Thank you.

    • Gautam Doddamani

      hi amber sent u mail :)

      • Amber

        Hmmm, I did not receive it in my email. I emailed you from other email account to see if that would work. Thanks!!

  20. DLee

    Hi, Could you please send me a copy of the rundll32.exe for Vista? Thank you

  21. Laisan

    Hi, good day to u. i’ve read ur article and i couldn’t find any of the back up file in the folder u mentioned. I found the rundll32.exe icon is infected icon, just like the page icon. I right click to delete it, but it keeps appear to be there after i exit the window and re-enter again. Can you please help me on this? I’m using Windows XP SP2. Thank you very much for your concern.

    • Gautam Doddamani

      hi laisan sorry for the late reply. pls follow the steps given in the tutorial by typing in the necessary commands in the cmd :)

      • Laisan

        can you please send me a backup file of rundll32.exe thanks. im using window XP SP2

  22. AJ

    Hi there, could u help me out cuz i cant find any backup of rundll32.exe.
    btw ,i’m using XP sp3 .
    Thank you~!!

    • Gautam Doddamani

      pls chk ur mail AJ :D

      • Yousuf

        Hello Gautam, well, I’m sure my rundll is infected and I do have a backup so I’m going to try out your suggestion. Two questions though: once I copy the backup over, is it possible my whole world will come to an end? :) What happens if the machine refuses to start up? And second, I want to try not to do it for a few weeks. Do you have a script that polls for the non-Windows spawned rundll and kills it behind the scenes? Will that at least help mitigate the issue? Any help will be really appreciated. Thanks!

  23. darkshia

    Hi Gautam,
    I use win 7 and have rundll32 in system 32, amd64, sysWOW64, and x86_microsoft-windows..
    I also have rundll32.exe.mui in the same places as well and I’m not too sure if that is correct..

    • Gautam Doddamani

      hi don’t worry mui files are just language files, they won’t do you any harm! :)

  24. Messed up

    Hello there
    Great article!
    My computer is running on Vista 64 bit
    I tried the commands you gave and the message said I did not have admin rights. Since I am the only user on the computer I do have rights, so as you mentioned it might be a worm?

    I tried opening in safe mode and using the delete command you gave but says “access denied”

    How do I solve for this?

    Thank You very much for your help
    G

    • Gautam Doddamani

      hi have you tried taking own of the file by typing in takeown command in the tutorial? sometimes administrator too cant delete some files because he doesn’t have privileges to delete a system file.

      • messed up

        Hi there
        I did try to take ownership with the command you had given earlier in the thread. When I put in that command to get ownership I get message saying I do not have admin rights
        where am i going wrong?
        Appreciate your help
        G

        • Gautam Doddamani

          maybe you really dont have the admin rights to access the file or maybe a virus has corrupted your system files. pls open control panel and then go to user accounts and family safety option and click on User acccounts…now check to see if you are listed as administrator, if you are listed as an administrator then maybe its a malware problem. sometimes even an administrator loses his file access rights due to a virus. i advise you to format your system. if you are not listed as administrator then change your account from guest to admin and type the commands again!

  25. Chandima

    Hi,I think i hav the sme problem ,in the task manager also i find two processes with the name rundll32.exe,but both ht eprocesses are from the user and none of the procceses are from windows,let me explain the issues i have with my PC,

    While i’m using my computer my machine suddenly runs a process,which is also shown in the task bar and the task manager.this happens about once in every 5 mins.this process lasts only about a scond and disappears.while this process starts for e.g:if i’m playing a game,it minimizes to the desktop.Please comment.

    • Gautam Doddamani

      hi i suggest you to follow the steps provided in the tutorial as this is the same problem i was having! type in the commands in the cmd to successfully wipe out the virus-ridden rundll32.exe and to install the new one from the download link above :)

  26. ED

    This article is exactly what i needed, but all my rundll32.exe files are page files. Where could i get a genuine rundll32.exe file from? Oh and thanks for this well thought out and easy to understand article, much appreciated.

  27. ED

    nevermind i found the download link, i swear im blind lol

  28. ED

    yh im back again, i did everything you said to do but the are still 2 rundll32.exe page files left and when i try to delete them it says i need permission from trusted installer to delete it. One rundll32.exe file is is C:\windows\syswow64 and the other is in C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_d7dba7b30c3e2855………………..how do i get rid of them if possible?

    • Gautam Doddamani

      hi edmund sorry for late reply. you dont have to delete rundll files located in syswow and winsxs folder…they are just backups of ur original rundll..they will do you no harm. the file you have to get rid of is located in system32 folder…just type the commands given in the tutorial in cmd and you are good to go!

  29. queteepie918

    I was able to delete the file, but looking in the C:\Windows\Prefetch the files are dated this month. I have had this problem for a couple months and just came across your blog. I do not want to use one of these files out of fear that the problem will reappear. How can I locate a FRESH copy of rundll32.exe to load back on my Vista 32bit home computer? I do not have the disks – everything was pre-installed. I have searched endlessly on Microsoft.com and cannot find the file to download. Thanks in advance.

  30. John Dunn

    I am supporting a friend who has VISTA and needs the VISTA rundll32 file not the WIn 7 version. Are you able to send that too? Would it be easier to put a link to both versions on this page as well so you don’t have to keep emailing everyone? LoL :) Thanks for your help on this as well.

  31. geerk

    thank you ++++ you saved me ! I found back an “old” rundll32.exe in a Ghost save, deleted the corrupted file with your method, and now that’s OK !

    • Gautam Doddamani

      u r welcome! keep subscribed to us on facebook to get latest updates :D

  32. Micky Grey

    I just went through all the steps, had problems removing the old file until i booted up in safemode. I replaced the file with the file on this website (vista), restarted, and I still have 6 rundll32.exe on the task manager screen. Also Malwarebytes keeps giving me an alert that rundll32.exe is trying to access the internet. Any ideas what I have done wrong, or what I can do.

    • Micky Grey

      Forgot to say, when I look for the rundll32exe file, the symbol is still the infected version and not the normal version as your pictures show. Have I just not deleted it correctly? Its still sitting in my recycle bin incase I screwed up….

      • Gautam Doddamani

        hi micky as u said in ur earlier comment…u hav 6 rundll32.exe’s…now that should not happen! only 1 of them should be running in ur task manager at all times. if u hav succeeded in deleting all the other rundll’s then u don’t have to worry if ur original one is a page type icon. some operating system versions come with page type icons as default for some files. only thing you have to take care of is…keep monitoring ur task manager..if more than one rundll32’s are running, try to kill them. the right rundll file will restart back if its a genuine one. :)

  33. Glill

    hi!!!

  34. Mufti

    Brother when this happened i reaplced the rundll32.exe in sys32 from the winsxs and prefetch but from that day when i start my laptop i see rundll32 pop which suddenly comes and goes off, this happens also sometimes when i plu any USB device the laptop or even randomly the suden cmd popu of rundll32 comes and goes and also from that day i get NTVDM.exe has stopped working error i downloaded your rundll32 it turns to page icon and also when i had page icon in my rundll32 some websites used to redirect to my web search with google i found its a virus , when i replaced rundll32 it got fixed but now that problem :'( please help me!!

  35. Mufti

    Hey now i downloaded again ur rundll32.exe and when i extract it its icon is like this and after
    http://i42.tinypic.com/15ov1h2.png
    Thanks :)

  36. Gaurav Garg @ Facebookz.in

    Awesome Article… can i copy this to my blog with your refrnce..? /

  37. tonz scifer

    the only problem that i encountered about the rundll’s when sometimes, i run a program and close it, the rundll32 will stay on taskmanager.. it seems they would not close with the program who open them.. i manually terminate them in the taskmanager,, i have only one rundll32.exe on taskmanger and one rundll32.exe*32 .. no multiple rundlls I observe so far.. but i thnk rundll32 page icon is normal on win7 64 bit?.. its only annoying when it will stay on taskmanager even there are no more programs i execute…

    • Gautam Doddamani

      hi tonz have you checked if you were running google chrome while viewing your task manager?

  38. tonz scifer

    follow up… when i open it in notepad…. the bottom page there are text like…

    PADDINGXXPADDINGXXPADDINGXXPADDING multiple paddings, i read about one article on the net, if the rundll32 is containing this txt, is an infected.. It is true?

  39. Adriano

    i have a small problem of taskhost.exe
    it says for a few seconds after shuting down my pc that it doesn t responds.
    also,about the rundll s…all of them looks like blank pages…but i don t think they re infected,it doesn t happened anything strange,for now. the only strange thing is with taskhost.exe not responding a few sec s before shut down… Suggestions?

    • Gautam Doddamani

      hi adriano sorry for the late reply…i think the problem is with taskhost.exe. try scanning it with a anti-rootkit software, a virus may have corrupted ur taskhost process or try restoring your pc to sometime before and see if that taskhost file works..if it works its well and good. :)

      • Adriano

        rootkits and active malwares…yes,avira has it. Found nothing…
        Also,the “not responding” pop-up shows up only somethimes when i shut down my pc.
        Also,there s nothing to bother me…for now…just that it seemed strange to see it”not resp”
        Also,it s normal to have 2 rundll s ? and to hate them running when there s no program running(in normal mode not bckground?

        • Gautam Doddamani

          which version of avira are you using? personal or premium? its not normal if you have 2 rundlls running in the task manager adriano, you might want to check what application is causing it to start it.

          • Adriano

            let s see… i use avira internet sec 2012,and it WAS premium until some dayz ago,my license expired… and no,i don t have 2 dll s runing for now. only one,sometimes. i also have malwarebytes full ver,RUBotted service,and Browser Guard. Also,what can u tell me about csrss.exe and conhost.exe? i have 2 conhost.exe s and 2 csrss.exe s running at once…
            For exploring the processes i use procexp.exe from microsoft.
            I would say that the problems might be caused by me and my experiments(with trojans,crypters and keyloggers,cracks etc). Its just a hobby i do for curiosity :P.
            One more thing :is it dangerous killing processes from task manager? the useless one? i got like 2 or 3 blocks those weeks,the windows froze up and couldn t do anything,while kill process…so i had to restart. Ty for all ur help .

  40. Adriano

    also,u can give us an answer to MUFTI s questions and problems? i am very intrested.
    “Mufti
    February 12, 2012 at 9:18 pm
    Brother when this happened i reaplced the rundll32.exe in sys32 from the winsxs and prefetch but from that day when i start my laptop i see rundll32 pop which suddenly comes and goes off, this happens also sometimes when i plu any USB device the laptop or even randomly the suden cmd popu of rundll32 comes and goes and also from that day i get NTVDM.exe has stopped working error i downloaded your rundll32 it turns to page icon and also when i had page icon in my rundll32 some websites used to redirect to my web search with google i found its a virus , when i replaced rundll32 it got fixed but now that problem :’( please help me!!

    Mufti
    February 12, 2012 at 9:27 pm
    Hey now i downloaded again ur rundll32.exe and when i extract it its icon is like this and after
    http://i42.tinypic.com/15ov1h2.png
    Thanks “

    • Gautam Doddamani

      answer to mufti: the rundll32 file that you downloaded from my site is not compatible with your pc or you may have not replaced it properly and the registry files have probably been corrupted. a similar problem had arised in my system too. try to perform copy and paste of rundll by following the commands given in the tutorial in safe mode and after that try to fix your system registries with ccleaner or tuneup utilities software. try and tell me if that works out for you :)

  41. clyde

    Aweeeeesome dude. It worked like magic fixing rundll32.exe trouble that I’ve been suffering for months.

    Thank you so much Gautam, your article is godsend!

    • Gautam Doddamani

      it gives me great pleasure that my method has helped you. thanks for stopping by :)

  42. Hoorayman

    Mr. GD – can you tell us where to get the rundll for windows XP?

    • Gautam Doddamani

      hi rogers sorry i dont use xp so i dont hav a rundll for xp os. you can although try installing xp on a virtualbox and copy its rundll32 to your computer :)

  43. Jonah Monson

    I followed the instructions and everything worked fine, but when I downloaded the rundll32.exe file on this page and copied and pasted it into system 32, when I restarted the comp the process multiplied to thousands (about 5k when I shut the comp off) of “rundll32.exe” in the processes. I would really appreciate it if you emailed me the legit version of rundll32.exe for Windows 7.

    • Adriano

      5k processes? are u serious? this looks like an power virus/or strong error/incompatibility…
      i don t know, i m not pro XD. Though,5k processes is…very much… i never saw more than 100 processes in task mngr :D. make sure to make some full scans with Avira full 2012,malwarebytes and iobit malware fighter. And a full sys clean with ADVANCED SYSTEM CARE program. Those things sure works.

  44. Jonah

    Well I finally found a seeemingly legit rundll32.exe file which I pasted into my system 32. On start up nothing goes amiss, But now I’m finding that when I try to play a game called “League of Legends” I get the menu screen, click “play” and then… Rather than it taking me to the screen to log in, it just disappears. I noted that after it disappears it’s still running in my background processes. I really love this game and I can’t play it. :( Back when my browsers were super slow because of the problems with the rundll32.exe file League of Legends still worked… After I deleted it, my surfing speed went back to normal, but my PC’s ability to play LoL–NO– ANY type of online PC game run through a client or program stopped. I really regret deleting that file… Did it really work for all of you? Oh btw, whenever I go sift through my processes and look at the properties “Trusted Installer” owns them and has full control. I know that Trusted Installer is from Microsoft. But whenever I take back ownership of processes and ban Trusted Installer, it slowly takes back the ownership from me! This has to be a fake or infected Trusted Installer.. I want my PC back.. :(

    • Adriano

      u play LOL? wow,me too. When u fix ur PC add me KingNovek . It s a very good game,i like it too :P. So i ll help u fix it. lets see :
      Have u tryed ADVANCED SYS care 5? it helped me a lot ( http://download.iobit.com/asc-setup.exe ) . BTW,i also have trusted installer…but i find nothing wrong with it…
      What windows u have ? i have win 7 64bit . If u have the same,i might send u my copy of rundll32. If u want more help,find me at cocy_adrian@yahoo.com

  45. bill

    I followed your tip hesatently….I have had this problem for about 3 months… Have tryed every anti spyware maleware bot remover and endless we will just say products to fix… After arguing with support people telling me nothing is wrong…7 new installs but nothing wrong I am only showing 1 rundll32 in task manager. I hope this is normal but when I open folder it is in system\wow64…I don’t know what other problems this might still have but..THANKYOU……..

    • Adriano

      Something else:do u have Zone Alarm? if yes,i recomand deleting it forever… it is annoying and disables my games -_-

  46. bill

    Again THANKS…tryed to open my speaker adjustments said could not find the rundll32 file so did sfc /scannow found and fixed many many problems rebooted working great… with all problems i had i imagine probly some more to fix…i am in debted…… THANKS
    Bill

    • Gautam Doddamani

      i am happy that it solved ur problem bill :) thanks for stopping by!

  47. BrentGM

    I followed these instructions in Safe Mode and STILL can’t delete the rundll32.exe file. I’m running Vista Home. I’m about to chuck all this Microsoft sh*t and go to Ubuntu.

    • Adriano

      i recomend using Unlocker. It will stop the processes using that file,and delete it.Or it will auto-delete it,at restart,or next boot. Try it. If not working,i have another solution.

      • BrentGM

        That worked. Thanks. One thing, though. The icon for the rundll32.exe file I downloaded from the link provided above is still a blank sheet of paper with a dog-eared corner. So, is this a problem or not?

      • BrentGM

        Never mind. I think my system just uses that icon. There is only one rundll32 process running on my machine and the downloaded file is exactly the same size as the one I replaced, i.e 43.5 kb, 44.0 kb on Disk.

  48. Bebop

    Hi,

    Could you please send me a backup of the rundll32.exe file? I searched my winsxs folder and found a rundll32.exe but the icon looks an infected file (like a blank sheet icon) and not like a the “normal” icon.

    Thanks!

    • Bebop

      BTW… I have Vista.

    • Bebop

      Hi… Didn’t even realize that you had posted the file to the site. Thank you! This worked for me. I am in your debt :)

      Keep up the great work!

  49. franky

    Great, My PC runs again!

  50. Michele

    Hello I am desperate to get my computer back in good working order and I was so glad to find your site! I am so tired of the “bait & switch” sites where they offer FREE fixes for your computer which turn out to be a free scan then you need to pay $40 – $100 to fix the issues they find which, if you fall for it, never take care of all of the issues.
    Your directions are so easy and straight forward esp for those of us who are computer literate these days, which many of us are even if it is not our career. I am running into a problem similar to another person where as I request the takeown command, I am being told that I do not have rights to the file. I checked the properties on the file and the only rights are to the “trusted installer” I also tried to change my command prompt to “administrator”, even though I do have the administrative rights on the computer, but that did not work.
    I see you e-mailed some steps to another person with similar issues and I was hoping you could assist me as well.
    Thank you! I appreciate any help you have to offer.

    • Gautam Doddamani

      hi michele many people are having the same problem…i suggest you to boot your computer in safe mode and try running the commands again…reply me if you run into problems again :)

  51. Ilias

    Hi!
    I have the same problem with rundll. I cannot update my antivirus, many security settings and the system32 error warning appears every single time i insert a flash drive or external hdd. I followed your instructions, i downloaded from the link the genuine copy for VISTA but when i type takeown…. on cmd it says that i don’t have the privileges and i am not the administrator. But i am!!! Please respond and help me mate. Thanks in advance! NOTE: On task manager it runs only one rundll!!! But in the system32 of Windows the icon is presented as a page and i cannot access basic functions….

    • Gautam Doddamani

      hi ilias please double check if you have logged into your computer as an administrator…more information can be found out in control panel > user accounts. also make sure you run cmd by right clicking and selecting run as administrator. if all is going well maybe there’s a problem on how you wrote the takeown command in the cmd.

      • Ilias

        Great man! That was the answer, i solved the take ownership problem! But to finalize the procedure i have some questions because the notebook with the rundll problem is my brother’s and i don’t want to mess up anything… 1)I don’t find the right backup file in prefetch, it has 20 RUNDLL32.EXE files from 5 up to 35 kb all with page icons. In winsxs there is an x86_microsoft-windows-rundll32_31bf3856ad……. file with a rundll application (page icon) of 44kb, i suppose this is the right one? Do you ensure me that is genuine? 2)After deleting the old one do i have to copy the backup in safe mode or normal mode (stupid question, i know…but i have to be sure!)? 3) The fact that i have only one rundll running on my taskmgr is a sign that maybe there’s not a problem at all? In that case, what the duck is going on???? Thank you again in advance bro, we need guys like you to enlighten us, especially here in Greece!!!

  52. Santhu

    Very good article….
    U write in a very practicle way.
    I too encounter with the same problem but using windows XP Home Edition Service Pack 2
    Can U please upload the genune rundll32.exe file for windows XP.

  53. kmm

    This really helped and sent me in the right direction. I came acres this windows command that you have to run as admin: sfc /scannow. It creates a log in windows/log/cbs [run notepad as admin to open the log]. The log showed that the file was corrupt and that is was replaced. I imagine from either winsxs or prefetch.

    Symantec Endpoint caught rundll32.exe trying to change my DNS…

    Thanks for the article.

    • bill

      Check things very well…Since my post I went and bought a new instal disc was having so much troble….Had a hell of a time trying to load was being told could not run on my version of windows…I wont boher you with details but 2 days a disk wipe program a little dumb luck and safe
      mode got an install to work long enough to find out what I have been thinking for months…I have one mean problem…I dont understand any virtual but everytime i try to check partitions it hooks to virtual disk…the one really really interesting thing i found was windows.old again dumb luck connected to a link to desktop…It is the complete windows that I was using before it crashed the last.. I change computer name and user name every install.. Also many LOCAL_ files HELP….If you want to no just what is on your pc google everyting…. its a search program portable very fast and amazing…PLEASE… If anyone can help

  54. meisam

    hi, when i want to take ownership of rundll32.exe (according above), the sentence “the current logged on user does not have ownership privileges on the file” appears on cmd, pls help me,

  55. Rashad

    I am rashad having same problem about rundll32 ,i was going to format my pc,,then i saw ur post it helped me ,i dont have any backup of rundll32, please send me one,thanks,, e-mail: roy_mohamed2003@yahoo.co.in

  56. tj marules

    i need to get a clean rundll32.exe file for windows 7. i was able to take ownership and do permissions to delete it but i do not have an exe file type in the backup folder u mentioned. all i saw was .pf

    thanks

  57. Luka

    My avast antivirus program always gave me pop up window saying my C:\Windows\system32\rundll32.exe. and my C:\Windows\SysWOW64\rundll32.exe. are trying to access corrupted page. I managed to do everything u wrote but my icon still looks like page type but pop up messages are gone. Am i fine or my system is still corrupted and do I have to change my rundll32.exe file in SysWOW64, too. Sry for my english cause it’s not so well.
    Keep up the good work. There is to little good people like you.

  58. Matt McRae

    Thanks a lot for this, I noticed that when my system was idle, after about 5 minutes my CPU would start up and the fan would start going. I thought this was a bit odd, so I investigated and found that rundll32.exe was causing this.

    There is actually an easier way of deleting the corrupted file – I followed the instructions here and I managed to delete the file without any issue (Though I would be interested to know if you think doing this will compromise my security in the future?) http://helpdeskgeek.com/windows-7/windows-7-how-to-delete-files-protected-by-trustedinstaller/

    I have restarted my computer though and found that there are still two instances of DLL host running. I replaced with the file you supplied. I think the file must have been corrupted before that was in the System32 directory, as there was no icon and it was 48kb. The one in there now is 43.5KB. There is still no icon, but I read in the comments this is fairly normal. Do you think I still have the virus?

    • Gautam Doddamani

      hi matt yes the tutorial you have followed is pretty legit and no need to worry i have taken ownership of a few system files as well…you have no need to be scared and 43.5 kb is the right size of the rundll file..it might not be infected at all although do look out for some suspicious pc behaviour!

      • Matt McRae

        Thanks Gautum – I actually continued to have some issues after I thought I had fixed my Computer. It turns out the increased CPU usage after inactivity was due to a visual runtime optimization tool for 64 bit computers, it was being executed by Windows. A such, I decided to let it do it’s thing instead of interupting it and after about 4 minutes the CPU calmed down and since then I haven’t had any problems. I am pretty sure my dll file was infected though, as it had all the symptoms described in your post.

        Thanks again for all your help.

  59. Rico

    hey. can you send me the new genuine rundll32.exe file?? The one i have is showing that its infected. thanks

    • Gautam Doddamani

      hi rico the link to the rundll file is given below the post. thanks.

      • Rico

        ok so i deleted the old rundll32 and i downloaded the new one an cut it to C:\windows\system32 file an the icon changed to the paper icon like it got infected. I ignored it an closed everything out an restarted my computer and it didnt fix anything. What am i doing wrong??

  60. xdwl

    Hi Gautam, thanks for your sharing. Yes, my rundll32.exe has a blank page icon and I believe it has been compromised. However I can’t access the link provided at the end of the article, so could you kindly please point me to a site that I can download it or if it is much trouble for you, send me one please. My eMail is xdwl@live.hk, thanks.

    Really appreciate it.

    • xdwl

      Sorry Gautam, I forgot to mention that my notebook is running Windows Vista Business. Thanks.

      • Gautam Doddamani

        hi here is the link to download rundll for vista :)

    • Adriano

      The “blank” page doesn t means it s a virus, It s not a virus,even if it s blank,so be careful what are you doing… The best thing to srr if Your rundll32.exe is a virus,is to stop all programs(games,anti virus web browser) and look on Task Manager to see if any rundll is running. If no,then u re safe. If u see rundll3d s running with all programs closed,or when you boot up the PC,you might have a virus. Hope it helps :P

  61. jillybean2011

    I type in the command prompt to take ownership and i get the message
    error:the logged on user does not have ownership privileges on the fiel or folder.
    i am the only user and i am the admin. i am running windows 7 home premium 64-bit.
    please help

  62. jillybean2011

    i also have 3 rundll running that are not showing users :(

  63. matt

    When i try to take ownership it says i don’t have privileges

  64. Sophia L.

    I downloaded the “clean file” from the link in this article and, when installed, it was an infected file, with a blank icon. I emailed the author – so far – no response. I have no idea where my Windows CD is, I think my Vista came pre-installed anyway. Anyone had success with finding a clean rundll32.exe for Vista? I don’t have a clean one anywhere in backup either, so I’m up the creek without it, can’t run many functions at all. Help? :)

    Matt, I found a solution for your problem – I had the same problem. The link will take you to a Windows 7 solution but it worked perfectly fine on my Vista.

    http://support.microsoft.com/kb/308421

    • Gautam Doddamani

      hi sophia :) i was a little busy so couldn’t reply. the files i have given in the download links are perfectly safe to use. as i have explained in the comments above to other users the blank icon is totally normal…after doing a clean install of my windows xp machine i had a page icon too and it was working just perfectly fine. although i m using 7 i see no trouble with my rundll file. unless you see any suspicious behaviour on your computer or see more than two processes of the rundll file in your task manager there is nothing to worry about. and about your last question, what functions are you unable to run??

  65. Sophia L.

    DISASTER. Not with your file – with my computer. Gautam, first – thanks for your response. I did replace the the dll file, plus – I ran every utility and antivirus program I could get my hands on – the computer seemed to be in perfect shape and was back to its normal speed. In the morning it wasn’t working again. I couldn’t use many functions, it was making all kinds of sounds. I downloaded Avast. Regular scan found a couple of minor Trojans and quarantines them. Then I ran Avast’s boot scan – it found Win32 PUP. Avast quarantined it and the laptop seemed OK. This morning – complete disaster again – most keys don’t respond at all, it doesn’t even boot beyond the HP screen, the laptop made ear splitting ringing sound. Ctl-Alt-Del couldn’t get the task manager open. Horrible. I read that this virus hides and brings itself back to life when you turn the computer off. I really don’t know what to do.

    • Gautam Doddamani

      after reading your comment sophia the best possible recommendation i can give you is to perform a complete clean install of your operating system from the scratch. i am pretty sure your computer has been infected fully and thus those malicious programs are running in the background and you can’t even tell that they are running. even if you scan through antivirus software its no use because all its program files will still reside in your c drive so a complete format and reinstall is the way to go right now. i hope you have your OS cd still with you.

  66. Sophia L.

    I lost my disk when I was moving.
    Are you also saying that if I copied some programs to another laptop – it too could alreadybe infected?

    • Gautam Doddamani

      no not necessarily. assuming you already had an antivirus software running whilst copying files to your lappie…there are very less chances that your laptop was infected in the process.

  67. axel

    could you send me plss rundll32.exe for windows 7

    • axel

      the site you have given always saying the server security certificate is not yet valid

      • Gautam Doddamani

        hi the download link i have given is perfectly fine, the file is hosted on trusted box.com servers, you won’t get invalid certificate notifications. i have double checked it for your convenience and i am able to download too. i had suggest you to check your antivirus and browser settings. thank you.

  68. axel

    i cant see any rundll.exe on my task manager

  69. Brandy F

    Hi Gautam. My rundll32exe looks like a light blue text document, instead of the white text document shown in your picture above. It’s a light blue text document in both System 32 and SysWOW 64. It shows up as rundll32 and not as rundll32exe. I’m running Win 7 Home premium 64bits on my Asus notebook. I have latest Avast free 7. Didn’t detect anything unusual. The fact that the file is light blue with a slight shadow under it, does this mean I’m infected? I’m curious.

    • Gautam Doddamani

      hi brandy it doesn’t matter if the file is a light blue text document as long as its the rundll file in the system32 folder. the fact that both the folders show the same type of icon for the rundll file suggests it is normal and it doesn’t mean you are infected. keep ur virus databases up to date and if you want to take extra measures turn on automatic backups for c drive through acronis or some other backup solution, that being said there is nothing to be afraid of :)

      • Brandy F

        Oh my, sorry. I mean a “light blue page type icon.” Not a light blue text document. Sorry. Resembling the white page type icon you showed in the pic at the top of this web page. Located in both my System 32 and SysWOW 64. Sorry for wrong description.

      • Brandy F

        Oh my, sorry. I mean a “light blue page type icon.” Not a light blue text document. Sorry. Resembling the white page type icon you showed in the pic at the top of this web page. Located in both my System 32 and SysWOW 64. Sorry for wrong description. Whew!

        • Gautam Doddamani

          it still doesn’t matter. i have windows vista 32 bit installed on my lappie and it shows me the same page type icon and i am not having any kind of problems. it is perfectly normal :-)

          • Brandy F

            Thanks alot Gautam. What a relief!Whew! I thought I had a Rundll32 virus infection. But I had a feeling it was okay. Whew! Check out Avast free 7. It saved Mac users who got infected by Flashbot malware. I’ll check back,if anything else comes up that looks out of the ordinary. Thanks for your help again. Laters. Peace.

          • Gautam Doddamani

            hehe i am glad! yea i know avast is a great antivirus i have used it and found it to be very efficient. and thanks for bringing that up coz i am not using windows anymore transferred to mac os recently. take care! :)

  70. mhlanga

    Gaudam
    thanks alot man, i just followed ur instructions n my problems where sorted all of them. I also had a missing sndvol.exe i found it also by simply doing what i dd to rundll32.exe
    thank very much

    rox

  71. Mini

    Hello!

    Since I can’t find a backup file in the designated location, and can’t run the task manger, would it be ok if I asked you to send me the rundll32.exe? My OS is XP

    • Gautam Doddamani

      hi mini i currently dont have rundll file for the xp os. if you want you can try copying the rundll file for the vista os onto your xp system, there’s no harm i guess but please take a backup of ur current rundll first and then proceed :)

  72. puneeth

    I’m using windows 7(ultimate, 32-bit). I am running into a problem similar to another person where as I request the takeown command, I am being told that I do not have rights to the file. I checked the properties on the file and the only rights are to the “trusted installer” I also tried to change my command prompt to “administrator”, even though I do have the administrative rights on the computer, but that did not work.
    I see you e-mailed some steps to another person with similar issues and I was hoping you could assist me as well.
    Thank you! I appreciate any help you have to offer.

    • Gautam Doddamani

      hi puneeth sorry for the late reply…pls type the command correctly wit spaces and slashes at the right place…try copy pasting the command into cmd. if that also doesn’t solve the problem…reboot into safe mode and then try executing the command. if that fails too try takeown command for the whole windows directory. let me know how it goes :)

  73. Kevin

    Hi Gautam could you send me the Rundll32 for Windows 7. Thank you so much!

    • Gautam Doddamani

      hi kevin sent it to u:)

  74. rabih

    hello Gautam, i really need your help, my laptop is fucked up, i absolutely know it`s infected, i`ve tried every thing, i`ve read all the comments and all your replies so that i`d find where is the problem, my memory usage is always about 40% or more used, there are about a dozen of .exe.*32 running programs in my task manager, first i went through the procedure exactly as you said till i reached the part where i should remove the file, i could`nt, tried running my pc in safe mode and tried again, and again no luck, i downloaded spyware doctor that found about 200 infection, i changed my antivirus to Avira and tried scanning, and still i`m not able to remove the file from my laptop, please don`t tell me i have to format coz my laptop is brand new, bought it 2 months ago after my other laptop was stolen…i`m desperate and i had enough PC problems….please i really would appreciate ur help…!!!!!!

    • Gautam Doddamani

      hi rabih sorry for the late reply..have you tried taking own of the whole system32 directory or the windows folder..try it and let me now…and what is the error you are getting in cmd?

  75. rabih

    i`m running the cmd as administrator, doing this:

    C:\Windows\system32)takeown /f C:\Windo\System32\rund1132.exe
    SUCCESS: The file (or folder): “C:\Windows\System32\rund1132.exe” now owned by
    “user-HP\user”.
    C:\Windows\system32)cac1s CZ\Windows\System32\rund1132.exe /6 user-HP:F
    are you sure (Y/N)?y
    processed file: C:\Windows\System32\rund1132.exe
    C:\Windows\system32) del C:\Windows\system32\rund1132.exe.
    C:\Windows\system32\rund1132.exe
    access is denied.

    i tried just deleting the “rundll32.exe” from the system 32 folder in the windows folder and it tells me you don`t have the permission to apply changes to the file…!!! so what i am supposed to do??? thank you again for your help…!!!

    • Gautam Doddamani

      i think you have to force the permissions on the file…for some reasons it is locked. try this app GrantAdminFullControl just search for the app on google and download it. it adds an option in the right click menu to take admin control..after install just right click rundll32.exe and click on grant admin full control…see if that works :)

  76. Christopher Augustus

    When you have prefetch files that look like this:
    RUNDLL32.EXE-095C481F.pf
    RUNDLL32.EXE-1304AE86.pf
    RUNDLL32.EXE-AC01A582.pf

    you will need to change the file name to look like this:

    rundll32.exe

    Windows will open a window asking confirmation that you will change the way the file works, just click "yes" and you will be finished.

    Also, the average file size of a rundll32 file is aproximately 56-57kb. When trying to figure out which prefetch file is the correct one, just pick the one closest to 56kb. Anything less than that is corrupt.

    Nice article Gautam! Better than Microsoft could have done. Keep up the good work. =)

    • Gautam Doddamani

      exactly chris thanks for explaining it very neatly to other readers…i had done the same thing to my backup file :D

    • Michael

      One os 5kb. one is 30kn, and one is 96kb. Which one to I change to rundll.exe?

      Also, I just name it rundll32.exe and delete the other 2?

      • Gautam Doddamani

        it should be 34 kb or so michael..dont delete any files just make a backup copy and replace the current rundll32 that way if you end up with a corrupted system u can replace it with the backup copy!

  77. appache

    Hi .could you send me the Rundll32 for Windows 7. Thank you so much!

  78. KS

    I have over 8 rundll32.exe’s in my prefetch folder and can’t find the i386 folder. Should I delete the others and use the latest one?

  79. KS

    Oh also, when I try to set access on the rundll32.exe, it still says access is denied?

    • Gautam Doddamani

      hi have u tried the cmd command given in the tutorial? if so tel me wat error u r getting in cmd so that i can help you…

      • KS

        I’m trying the cmd command in the tutorial, it just keeps saying access is denied.

        • Gautam Doddamani

          hmm hav u tried entering it in safe mode…because the system sometimes has problems giving u admin rights when u r logged into d GUI

  80. blueeyyy

    My rundll32.exe file seem to be infected when I compared it to your pictures. It looks like a page type icon. But I went to check the task manager but there was only one file or rundll32.exe running. Does that mean that it is or is not infected?

    • Gautam Doddamani

      that means its probably not infected…as far as i know if there aren’t malicious activities you are seeing on your computer and you are sure that only 1 rundll process is running in your task manager…you have nothing to worry about :)

  81. Nikan

    Could you send me the rundll32 file pls?

  82. markos

    hi guatam i have 2 rundll processes running in task manager one with my name and one with system.when i checked the file location it says they are both the same file.why would one file be running two processes is this normal? do you think i need to replace the rundll with a new one? thanks bud

    • Gautam Doddamani

      no you dont need to markos..the other one will be running if you have opened up chrome or while installing any new softwares on your pc. if you aren’t seeing any suspicious behaviour on your system such as your cpu usage going above 80% when you are doing nothing then you must probably replace it!

  83. Allyson

    Hi GD,
    Thank you for all your great info! I have the two rundll32 files running in task master. Can the corrupt rundll32 file affect applications? For instance could it affect my DVD drive and applications like burning and verifying discs?

    Also, and this is a stupid question, but is it not possible for me to copy and paste the file from the winsxs file and just replace the corrupt one that way without going through the command prompt? Would this screw things up and corrupt again?

    Thanks!

    • Allyson

      Ok, that was a stupid question. Of course it wouldn’t let me do that. I followed your steps and it seemed to work great. It let me delete the file and copy the new one in however when I just checked task manager there are still two instances of rundll32 running and they don’t have any name attached to them?

      • Gautam Doddamani

        hi allyson its nice to know that you solved ur problem…about the two rundll’s what name are you seeing in front of the processes… like whose it being run by? the user or the system??

        • Allyson

          Thanks GD,
          The strange thing is that there is no name attached to either in task master. Not in the command line or description. It’s just blank where user name or system would be.
          Why would that be?

  84. kwame

    hi, the first command worked perfectly ok bt the when issuing the second command i keep getting “invalid parameter G”…..or cacls is deprecated pls use Icacls

  85. Vagner Zanatta

    Awesome!

    Thank you very much Gautam!

    B.r.

    Vagner.

  86. Muralidhara

    hi, i am unable to take the ownership of rundll32.exe and delete it as i feel its infected. this is the error message i get
    ERROR: The current logged on user does not have ownership privileges on the file (or folder) “C:\Windows\System32\rundll32.exe”.
    Please advice..

  87. Chris O'Keeffe

    Okay, Ive been attempting the steps above and was being denied.

    I have the corrupt page type file for my rundll32.exe in System32.

    I went in task manager and there were 3 rundll32 on there. I Ended the processes of 2 of them, the other was denied.

    Is that now a good thing as I only have 1 rundll32 in task manager now?

    • Gautam Doddamani

      not really if you do some tasks which require the rundll file…they will be initiated again!

      • Chris O'Keeffe

        Thanks. Have you any advice as of what to do next. I can’t get past step 2. I am being denied?

  88. Alex

    Hello, I came to this topic because my antivirus program (Panda Cloud) suddenly deleted a rundll32.exe file in the direction “C:\Users\SYSTEM\AppData\Local\Temp\rundll32.exe”.
    I de-locked it and since this moment some .dll Applications arent running properly.
    For example one application doesnt start, but it started right before the issue with Panda Cloud.
    Tried to replace the locked and de-locked rundll32.exe file with the file I could download here, but the application is still not working.
    I’m searching for 2 days now and cant find anything, please advice…

    Regards.

    • Gautam Doddamani

      hi alex you needn’t worry the temp folder keeps files which are accessed regularly…just restart your system, disable your antivirus program or whitelist the rundll file by specifying temp\*.exe and see if it works now

  89. kwame

    This is wat I see everytym I try the second command

    C:\Windows\system32>cacls C:\Windows\System32\rundll32.exe /G ab:F
    Invalid arguments.
    NOTE: Cacls is now deprecated, please use Icacls.

    Displays or modifies access control lists (ACLs) of files

    CACLS filename [/T] [/M] [/L] [/S[:SDDL]] [/E] [/C] [/G user:perm]
    [/R user [...]] [/P user:perm [...]] [/D user [...]]
    filename Displays ACLs.
    /T Changes ACLs of specified files in
    the current directory and all subdirectories.
    /L Work on the Symbolic Link itself versus the target
    /M Changes ACLs of volumes mounted to a directory
    /S Displays the SDDL string for the DACL.
    /S:SDDL Replaces the ACLs with those specified in the SDDL string
    (not valid with /E, /G, /R, /P, or /D).
    /E Edit ACL instead of replacing it.
    /C Continue on access denied errors.
    /G user:perm Grant specified user access rights.
    Perm can be: R Read
    W Write
    C Change (write)
    F Full control
    /R user Revoke specified user’s access rights (only valid with /E).
    /P user:perm Replace specified user’s access rights.
    Perm can be: N None
    R Read
    W Write
    C Change (write)
    F Full control
    /D user Deny specified user access.
    Wildcards can be used to specify more than one file in a command.
    You can specify more than one user in a command.

    Abbreviations:
    CI – Container Inherit.
    The ACE will be inherited by directories.
    OI – Object Inherit.
    The ACE will be inherited by files.
    IO – Inherit Only.
    The ACE does not apply to the current file/directory.
    ID – Inherited.
    The ACE was inherited from the parent directory’s ACL.

    “C:\Windows\system32>Icacls C:\Windows\System32\rundll32.exe /G ab:F”
    Invalid parameter “/G”

  90. markos

    many thanks for the info gautam kind regards markos

  91. herman

    Its great seing alll those you helped for nothing in return. Thats great character. Would you happen to have the rundl32.exe file for xp, for me? That would be much appreciated.

  92. body

    everytime i double click on any exe file (specially any game), an extra rundll32 process gets added in task manager, and if i doesnt matter if you delete it or not the memory usage for the main process becomes high resulting in heating and terminating my games :(

    provide solutions my witcher 2 is still pending.

  93. Giedrius

    Nice! You did a FULL tutorial. Thanks man, this one was really easy to understand and I think it helped many people including me :) Keep up the good work!

  94. haji

    “THANKS ALOT FOR UR INFORMATION”

  95. JCM45

    So i tried the fix in this tutorial and it resolved the issue for me in terms of extra processes running. However I would get an error on my machine saying RUNDLL couldn’t run a specific module because it couldn;t find it. This happens whenever I restart my machine. I’ve since done a system restore and that fixed the issue but now the process is back again. Has anybody else had this issue? I restored a backup from my own machine, i’m kind of tempted to run the one from the website.

    Great article by the way

  96. indrit

    Hi, I seem to have the same problem with multiple instances of rundll32.exe (currently 2 instances) in the Task Manager as other people in this forum have described. Details aside, can you please help by sending me a clean rundll32.exe file for the following:
    Operating System: Windows 7 Professional 64-bit (6.1, Build 7601) Service Pack 1

    I can see the backup copy of the file in question in my Windows winsxs folder, however that too seems to be a blank page type of file indicating possible corruption.

    I noticed this problem after I started getting pop-ups. Have performed numerous scans with various tools to clean the system. Pop-ups are gone but this issue still persists. When I disable my Lenovo Power Manager in msconfig and reboot, the problem seems to be resolved temporarily.

    Thank you so much.

    • Gautam Doddamani

      hi indrit can you please click on the download link at the bottom of the page..it is for windows 7 only :)

  97. indrit

    Thanks so much, Gutam. I downloaded the file from the link provided above but after unzipping it is shown as a page icon. So, I wasn’t sure of how to proceed. Is this okay?
    One more question regarding the rundll32.exe replacement, are we supposed to just replace the bad file in the Windows/System32 folder and leave it with that or also replace its back-up copy(ies) that are potentially infected?
    Thanks again.

  98. serena

    hi, seems that i have a problems that the others don’t have.
    Whenever i type takeown /f C:WindowsSystem32rundll32.exe . It said ERROR the system cannot find the file specified. I know my laptop is already infected because 3 rundll32.exe were running in taskmanger. Please what should I do?

  99. serena

    i already solved the above problem. Turns out that i was typing the paths without using \. I have already deleted the rundll32.exe by cmd and copied the backup file. But it still show the infected page image and no rundll32.exe is running in taskmanager. Does it mean it is still infected?

  100. Maranda

    I have an XP that my kids use… could you please please send me a verison there?! This is absolute hell! As it seems everyone agrees! You writing this is all so wonderful!
    ~Maranda

    beatlebabe1942@yahoo.com

    • Gautam Doddamani

      hi you can use the rundll file i have provided for xp as well! :)

      • maranda

        I tried and it wouldn’t let me! Any ideas?? Thanks sooo much for your time.

  101. dldfkgldk

    hi
    i tried to downlaod your file for vista. but chrome says it may be harmful and is blocking it in red.

    • Gautam Doddamani

      i am not facing any problems downloading it..can you please tell me which antivirus are you using?

  102. Choon

    Hi Gautam,
    I thinking the problem that some of us are facing is the downloadable file.
    Im windows 7 hence i dwnled the one u provided, however when i extracted it, it is still a blank image file, like the infected dll. So the thing now is, maybe u can upload a newer one? or tell us a solution. thanks!

  103. Larkin

    Thank you so much!!! You saved my sanity (and my computer) :-D

  104. Edmund

    Hi Gautam,

    I really appreciate your kind advice in trying to solve the rundll32.exe problem.
    I have followed every step to the tooth and when I successfully copied over the rundll32.exe aft deleting the corrupted one, i faced 2 problems.

    1) There was a problem starting NVCPL.DLL, the specified module could not be found

    2) The copied/new rundll32.exe still looks like the corrupted version despite being taken from winsxs. I also tried using the rundll32.exe provided by you for Windows 7 but to no avail. This problem occured as well.

    Thanks for your kind help towards people like us and the community.

  105. Angel Rodriguez

    i am entering the take own command and it says ERROR the current logged on user does not have ownership privleges on the file “C\WIndows\System32\rundll32.exe

Comments closed for this thread. If you think you have got something important to share with us, please use the Contact Me page!