Process/task name: Microsoft Rundll32
rundll32.exe is a process that runs DLLs and places their libraries in memory so that they can be used more efficiently by applications.
This program is important for system stability and should not be terminated.
There are reports of malicious programs that use the same name to go unnoticed.
Some malware with the same name are:
W32.Miroot.Worm
Backdoor.Lastdoor
Trojan.StartPage
We have logs from other processes using the same filename:
• File: rundll32.exe – Name: HKCU
The rundll32.exe file and task is usually started together with Windows under the name of HKCU and the rundll32.exe command or file.
Detected by Malwarebytes Anti-Malware security program as the malicious program (backdoor) named Backdoor.HMCPol.Gen.
Note: This is not the legitimate Windows file named rundll32.exe which is located in %Windir% (Me/98) or %System% (8/7/Vista/XP/2K/NT/10).
This malicious file is instead located in the %System%\install folder
More information: http://searchtasks.answersthatwork.com/tasklist.php?File=rundll32.exe.
Tip: The process/program rundll32.exe should NOT be started alongside the system. It can be a threat to system security.
• File: rundll32.exe – Name: HKLM
The rundll32.exe file and task is usually started together with Windows under the name of HKLM and the rundll32.exe file or command.
Detected by Kaspersky security program as Backdoor.Win32.Bifrose.dumi backdoor malware and also by Malwarebytes Anti-Malware as Backdoor.HMCPol.Gen backdoor malware.
Note: Not to be confused with the legitimate rundll32.exe process file of the same name, which is located in the %Windir% (Me/98) or %System% (8/7/Vista/XP/2K/NT) folder.
Instead, this malicious process/file is located in the %Windir%\install folder
More information: http://www.kaspersky.com/
http://searchtasks.answersthatwork.com/tasklist.php?File=rundll32.exe.
Tip: The process/program rundll32.exe should NOT be started alongside the system. It can be a threat to system security.
• File: rundll32.exe – Name: Host-process Windows (Rundll32.exe)
The rundll32.exe file and task is usually started together with Windows under the name of Host-process Windows (Rundll32.exe) and the command or file rundll32.exe.
Detected by Dr.Web security program as Trojan.DownLoader6.47266 and also by Malwarebytes Anti-Malware as Trojan.Agent.SF.
Note: Not to be confused with the legitimate rundll32.exe process file of the same name, which is located in the %Windir% (Me/98) or %System% (8/7/Vista/XP/2K/NT) folder.
Instead, this malicious process/file is located in the %AppData%\System32 folder
More information: http://vms.drweb.com/virus/?i=1986166
http://searchtasks.answersthatwork.com/tasklist.php?File=rundll32.exe.
Tip: The process/program rundll32.exe should NOT be started alongside the system. It can be a threat to system security.
• File: rundll32.exe – Name: Ljx
The rundll32.exe file and task is usually started together with Windows under the name of Ljx and the rundll32.exe command or file.
Detected by Sophos security software as Troj/Lineag-ABD Trojan malware.
Note: Not to be confused with the legitimate rundll32.exe process file of the same name, which is located in the %Windir% (Me/98) or %System% (8/7/Vista/XP/2K/NT) folder.
Instead, this malicious process/file is located in the %Windir%\inf folder
More information: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Lineag-ABD.aspx
http://searchtasks.answersthatwork.com/tasklist.php?File=rundll32.exe.
Tip: The process/program rundll32.exe should NOT be started alongside the system. It can be a threat to system security.
• File: rundll32.exe – Name: Microsoft Setup Initializazion
The rundll32.exe file and task is usually started together with Windows under the name of Microsoft Setup Initializazion and rundll32.exe file or command.
Detected by Symantec security program as W32.Randex.gen and also by Malwarebytes Anti-Malware as Backdoor.Bot malware.
Note that this malicious program modifies or changes the rundll32.exe file that belongs to Windows.
More information: http://www.threatexpert.com/report.aspx?md5=501fb3069cc33fd27d636a9a8488ae4b
http://searchtasks.answersthatwork.com/tasklist.php?File=rundll32.exe.
Tip: The process/program rundll32.exe should NOT be started alongside the system. It can be a threat to system security.
• File: rundll32.exe – Name: Microsoft Update checker
The rundll32.exe file and task is usually started together with Windows under the name of Microsoft Update checker and the rundll32.exe command or file.
Detected by Malwarebytes Anti-Malware security program as Trojan-type malware named Trojan.Agent.
Note: Not to be confused with the legitimate rundll32.exe process file of the same name, which is located in the %Windir% (98/ME) or %System% (NT/2K/XP) folder.
Instead, this malicious process/file is located in the %Windir% folder
More information: http://searchtasks.answersthatwork.com/tasklist.php?File=rundll32.exe
http://camas.comodo.com/cgi-bin/submit?file=c8b29343e6f6202b2eff2c227f022572ea35f0f58ea8b5494c88c3259c791a57.
Tip: The process/program rundll32.exe should NOT be started alongside the system. It can be a threat to system security.
• File: rundll32.exe – Name: rundll32
The rundll32.exe file and task is usually started together with Windows under the name of rundll32 and the command or file rundll32.exe.
Detected by Kaspersky security program as the Trojan-type malware named Trojan-Dropper.Win32.Injector.pmb and also by Malwarebytes Anti-Malware as the Trojan-type malware named Trojan.Agent.
Note: Not to be confused with the legitimate rundll32.exe process file of the same name, which is located in the %Windir% (Me/98) or %System% (8/7/Vista/XP/2K/NT) folder.
Instead, this malicious file/process is located in the %UserTemp% folder
More information: http://old.securelist.com/en/descriptions/Trojan-Dropper.Win32.Injector.pmb
http://searchtasks.answersthatwork.com/tasklist.php?File=rundll32.exe.
Tip: The process/program rundll32.exe should NOT be started alongside the system. It can be a threat to system security.
• File: rundll32.exe – Name: rundll32
The rundll32.exe file and task is usually started together with Windows under the name of rundll32 and the command or file rundll32.exe.
Detected by Intel Security/McAfee security program as Generic BackDoor.xa and also by Malwarebytes Anti-Malware as Backdoor.Agent.DCEGen backdoor malware.
Note: Not to be confused with the legitimate rundll32.exe process file of the same name, which is located in the %Windir% (Me/98) or %System% (8/7/Vista/XP/2K/NT) folder.
Instead, this malicious process/file is located in the %Windir%\MSDCSC folder
More information: http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=1729666
http://searchtasks.answersthatwork.com/tasklist.php?File=rundll32.exe.
Tip: The process/program rundll32.exe should NOT be started alongside the system. It can be a threat to system security.
• File: rundll32.exe – Name: rx
The rundll32.exe file and task is usually started together with Windows under the name of rx and the rundll32.exe file or command.
Process added by the malicious program named LINEAGE-BP TROJAN!
Note: Not to be confused with the legitimate rundll32.exe process file of the same name, which is located in the %Windir% (98/ME) or %System% (NT/2K/XP) folder.
Instead, this malicious process/file is located in the %Windir% folder
More information: http://www.sophos.com/security/analyses/viruses-and-spyware/trojlineagebp.html
http://searchtasks.answersthatwork.com/tasklist.php?File=rundll32.exe.
Tip: The process/program rundll32.exe should NOT be started alongside the system. It can be a threat to system security.
• File: Rundll32.exe – Name: UPDATEHOOK
The Rundll32.exe file and task is usually started together with Windows under the name of UPDATEHOOK and the Rundll32.exe file or command.
Tip: We do not have enough information about the Rundll32.exe process. It could be a threat.
• File: rundll32.exe – Name: WindowsRundll
The rundll32.exe file and task is usually started together with Windows under the name of WindowsRundll and the command or file rundll32.exe.
Detected by Malwarebytes Anti-Malware security program as backdoor-type malware named Backdoor.Agent.
Note: Not to be confused with the legitimate rundll32.exe process file of the same name, which is located in the %Windir% (Me/98) or %System% (8/7/Vista/XP/2K/NT) folder.
Instead, this malicious process/file is located in the %AppData%\Microsoft folder.
More information: http://searchtasks.answersthatwork.com/tasklist.php?File=rundll32.exe.
Tip: The process/program rundll32.exe should NOT be started alongside the system. It can be a threat to system security.
Do you want to know if rundll32.exe is a virus or malware? See: Is rundll32.exe a virus?
Errors or problems with the rundll32.exe file?
Write to us and we will reply as soon as possible. IMPORTANT: remember to say the version of your operating system, the time and/or place where the error appears, and any other information that you think is relevant to help find the solution.