If you’re unsure, you can always do a search in Google on the dll file name. You’ll probably see a lot of modules being displayed which are the internal Windows dll’s and it takes a little knowledge from an experienced user to identify any dangerous dll on the list.
The dll modules are displayed on the right side of the tasklist result. If you want the Tasklist tool for XP Home you can download it from this link: It is built into all versions of Windows Vista and 7. Tasklist /m /fi "IMAGENAME eq rundll32.exe"ĭo take note that by default, Windows XP Home edition does not have the tasklist.exe utility, only Professional. Then type or paste the command below into the prompt and hit Enter. Open a Command Prompt by pressing WinKey+R and type cmd. Here is a manual way of identifying DLL files in rundll32.exe. As you can see from the image, this rundll32.exe is executing the nVidia tray icon.ĭownload Process Explorer Identify Loaded DLL Files through Command Prompt
Simply run the Process Explorer tool and you will be presented with a Task Manager type list of processes.Īll you have to do is hover your mouse over the Rundll32.exe entry and it will show you in a tool tip what command is being launched and which dll is being executed. Process Explorer is a great Task Manager replacement made by SysInternals which can display a lot more detailed information about what the Rundll32 process is loading. Identify Loaded DLL Files Using Process Explorer Open Task Manager -> View menu -> Select Columns…, click the Command line box and then OK.Ī new column will now be available and you should be able to identify which dll is being executed. This function is only available in Vista and above, and what it does is show an extra column in Task Manager which tells you what the command line currently used by the process is. Use Task Manager to Identify the Rundll32.exe Command in Use Here’s how to identify what DLL files are being loaded in rundll32.exe on Windows XP, Vista and 7. As you can see if you open the Task Manager and you have a Rundll32.exe present, you can’t actually see by default what the dll is it’s launching. Rundll32 is also commonly used by spyware to launch its own code. Names such as rundII32.exe (actually using 2 uppercase i letters) or rundll.32.exe are not uncommon and you should always study the rundll32 (and svchost) file names in Task Manager if you suspect you have malware on your system. A lot of malicious software can also use this name or similar names to fool you into thinking the virus is actually a legitimate Windows file.
0 kommentar(er)
