Identify Loaded DLL Files Using Process Explorer Open Task Manager -> View menu -> Select Columns…, click the Command line box and then OK.Ī new column will now be available and you should be able to identify which dll is being executed. This function is only available in Vista and above, and what it does is show an extra column in Task Manager which tells you what the command line currently used by the process is. Use Task Manager to Identify the Rundll32.exe Command in Use
Here’s how to identify what DLL files are being loaded in rundll32.exe on Windows XP, Vista and 7. As you can see if you open the Task Manager and you have a Rundll32.exe present, you can’t actually see by default what the dll is it’s launching. Rundll32 is also commonly used by spyware to launch its own code. Names such as rundII32.exe (actually using 2 uppercase i letters) or rundll.32.exe are not uncommon and you should always study the rundll32 (and svchost) file names in Task Manager if you suspect you have malware on your system. A lot of malicious software can also use this name or similar names to fool you into thinking the virus is actually a legitimate Windows file.
0 kommentar(er)
