Rundll32.exe Trojan

7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

*Source of claim SH can remove it.


Rundll32.exe is a Trojan horse that can secretly compromise a computer and launch multiple malicious activities on it. For the time it stays on a computer, Rundll32.exe can destroy important data, steal passwords and banking details, and provide hackers with remote access to the system.

Rundll32.exe Trojan

The Rundll32.exe Trojan infection might be programmed to steal some information from the compromised computer

If your computer has been infected with Rundll32.exe, it is important to stay calm and do what you need to remove the virus safely and effectively.  If you don’t know exactly what to do, it is good that you landed on this page because here we have prepared a detailed removal guide, with the help of which you can locate and remove Rundll32.exe together with all its hidden components. 

The real Rundll32.exe from Microsoft is legitimate and dependable file of Windows, but frequently causes problems. Authors of malicious programs, such as malwares and Trojans, intentionally give their processes the same file name to flee recognition. The program has no seeable window. If rundll32.exe is located in subsequent subfolders C:\Users\YOUR_USERNAME\, C:\Document and Settings\YOUR_USERNAME\ C:\Users\YOUR_USERNAME\AppData\Local\Temp\ , C:\Documents and Settings\YOUR_USERNAME\Local Settings\Temp\, C:\Program Files\, security rating is 75% unsafe.

The first and most obvious thing you probably want to know is, however, is what Rundll32.exe is doing on your computer and how harmful are the consequences of its attack. Sadly, we cannot give a concrete answer to these questions because there are too many possible malicious tasks a single Trojan horse can perform. Everything depends on what the hackers have decided to use their malicious creation for. 

The Rundll32.exe trojan

Perhaps an infection like the Rundll32.exe trojan might be programmed to steal some information from the compromised computer. This can be done in many ways. For instance, the Rundll32.exe Trojan may scan the system for specific files that are of interest to the offenders and send them to remote servers.

Or, it can register your keystrokes and record everything you type through your keyboard. In this way, cyber criminals could have access to passwords, financial details, and other sensitive information in a matter of minutes.

Another common thing Trojans are often programmed to do is to spy on their victims. There are many advanced methods to do that but, in general, infections like Rundll32.exe and Wup.exe can hack your camera and microphone, share your screen with the hackers, track your location, capture screenshots of your activities and more. In this way, the crooks who are in control of the Trojan can easily track down your every move and use all the illegally acquired information about as a foundation for popular cybercrimes such as theft, fraud, and even physical burglary. In many cases, a single Trojan can serve as a backdoor to other malware such as Ransomware. That’s why it is extremely important that you remove Rundll32.exe from your system before it manages to invite some other malware without your knowledge.

After you are sure you have removed everything that could possibly pose a security threat, you should also take some security measures to make sure your machine doesn’t get compromised again. We highly recommend that you start with updating your system and downloading a reliable antivirus program. These two steps are crucial for patching the existing system vulnerabilities and providing future protection of the OS. Also, be mindful when browsing the web and try to keep away from known transmitters of Trojans, such as low-quality websites, pirated content and adult pages, spam messages, and sketchy online ads. Don’t be a victim of flashing pop-ups and too-good-to-be-true offers that appear on your screen randomly and stick only to reliable web locations with high-quality content.



Detection Tool

anti-malware offerOFFER Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.

*Source of claim SH can remove it.

Remove Rundll32.exe Trojan

If you hare here to learn how to remove Rundll32.exe, we suggest you start with checking your installed applications list for rogue and potentially unwanted apps and uninstall anything you find suspicious:

  1. Click on the Start menu button (bottom left) and open Control Panel.
  2. Next, in Control Panel navigate to Programs and Features and select the option Uninstall a Program.
  3. In the list, search for Rundll32.exe or other programs that look suspicious to you, and you can’t remember installing on your PC.
  4. As soon as you find such a program (or programs) select each one of them and click on the Uninstall button at the top bar.
  5. Follow all the uninstallation steps and make sure you uninstall any additional components related to that program.

If the instructions above can’t rid you of Rundll32.exe completely, know that the Trojan might have added some other entries in the system. In this case, you need to use a detailed removal guide, like the one that you can find below and carefully repeat its steps to remove all traces of Rundll32.exe.


Attention! A system restart may be required during some of the steps in the guide below. With this in mind, we recommend that you bookmark the page with these Rundll32.exe removal instructions before you proceed any further. Alternatively, you can open the guide on a separate device and follow the steps from there.

Next, enter the Safe Mode on your PC. This is recommended for limiting the Trojan’s malicious processes from running and disturbing you during the completion of the guide.

If you need assistance to boot your computer in Safe Mode, please use the provided link.



Call up the Windows Task Manager window on the screen by pressing together the CTRL, SHIFT and ESC keys from the keyboard.

Next, in the Processes Tab carefully search for processes that have odd names, look unfamiliar to you and eat up more of your CPU and RAM resources than normal. Keep in mind tough, that it is not necessary that the Rundll32.exe processes are named after the Trojan. In many cases, the malicious processes may be named after a legitimate program, only with a few minor changes in the letters.

Here you need to use your own judgement and all the information you could get online in order to decide if a given process that looks to you like a threat is really dangerous.

If you are sure that a particular process is related to Rundll32.exe, right-click on in and select the Open File Location option.


Next, it is best to use a professional and reliable file scanner, like the one that we have posted below, to check the files of that process for malicious code.

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    If one or more of the scanned files turn out being dangerous, end the process that is related to them (right-click on it ->End Process), and delete the dangerous files and their folders. 


    Next, you need to open System Configuration and check if Rundll32.exe has added some dangerous Startup Items there. For that, type msconfig in the windows search bar under the Start menu and select the first result.

    Next, in the Startup Tab, carefully search for entries that could have any relation to Rundll32.exe and disable anything that looks suspicious by removing its related checkmark from the checkbox.


    Make sure that you click OK before you close the window to save the changes that you have made.

    Important! Rundll32.exe might have made changes in the Hosts file of your computer. To check that, press the Windows Key and R together and  copy/paste the next line in the Run dialog box that appears:

    notepad %windir%/system32/Drivers/etc/hosts

    Hit the Enter keyboard key next.

    You will see a notepad file named Hosts open on your screen.

    In the text, find where it is written Localhost. It should be somewhere at the end of the file and check if any suspicious-looking IP addresses have been added there.

    hosts_opt (1)

    If you detect any manipulations in the IP addresses written on your Hosts file below “Localhost“, please write to us in the comments with a copy of the IPs in question. We will take a look at them and will tell you if any actions from your side are required.


    Next, you need to check for and uninstall any bogus applications linked to Rundll32.exe that you detect inside your Programs and Features list. The quickest way to do that is to press together the Windows Key and R from the keyboard and type appwiz.cpl in the Run box that opens. Next, click OK and you will find yourself in Control Panel>>>Programs and Features.


    Carefully search for apps that have been installed around the time the Trojan was detected. If a given app looks suspicious, try to search as much information as you could get about it online and determine if it is part of the threat.

    Once you are sure about that, uninstall the app in question by selecting it from the list and clicking on the Uninstall button at the top. Follow all the steps from the uninstallation wizard.

    If a pop-up like the one below appears when you click Uninstall, make sure you click NO:



    Rundll32.exe might have made changes in the Registry of your computer. That’s why if you want to ensure that Rundll32.exe is removed completely, you need to search for and remove any entries that have been added by the Trojan without your knowledge.

    For this, in this final step you will open the Registry Editor by typing Regedit in the windows search bar and selecting the regedit.exe icon at the top.

    Once the Registry Editor window opens, use the CTRL and F keyboard key combination to call up a Find dialog box on the screen. Carefully write the name of the Trojan in the Find box and click on the Find Next button on the right.

    A search in the Registry will be performed. If any results are found with the Rundll32.exe’s name, make sure you delete them with a right-click. Then, repeat the search as many times as needed until no more results are found.

    Finally, from the left panel, manually navigate to these three directories:

    • HKEY_CURRENT_USER-Software-Random Directory.
    • HKEY_CURRENT_USER-Software-Microsoft-Windows-CurrentVersion-Run-Random
    • HKEY_CURRENT_USER-Software-Microsoft-Internet Explorer-Main-Random

    In each of them, search for sub-folders that have long and unusual names with random characters and if you detect anything dangerous, delete it.

    Attention! Delete only items you are 100% sure that are part of the threat. Any wrong deletions and changes in the registry may have a serious impact on the overall stability and performance of your system.

    If you have any questions or concerns regarding any of the steps in this guide, we would love to know about them in the comments below. Also, if you face any difficulties with removing Rundll32.exe through the manual method, please note that you can download the anti-virus program we recommend on this page and remove the Trojan and all of its hidden components with it.


    About the author


    Brandon Skies

    Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1