Microsoft Windows host process (Rundll32)

[Will Fleenor]

OS: Windows VISTA Business - 32 bit

RAM: 6GB RAM (only 3 able to be fully utilized because of OS limitations) -

Processor: Dual Core, Workstation class machine, experience index 5.0,
Intel® Xeon® CPU 5130 @ 2.00 GHZ 1.99 GHz. 3 months old.



Problem (or perceived problem): The following Microsoft Windows service
appears (i.e. inside Windows Defender) to be running 3 times. All three
instances show the exact same file name and version - Microsoft Windows host
process (Rundll32), File Version: 6.0.6000.16386 (vista_rtm.061101-2205).



Is this reasonable or should I try to find and disable the starting of the
last two instances of this?



The machine has been sluggish (considering the hardware) and I am trying to
clean it up by removing unnecessary services and applications and related
DLLs. This service appears to be running 3 times and I am not sure whether
this is correct or the remnant of something I have removed.



Thanks, Will

 

[Mr. Arnold]

OS: Windows VISTA Business - 32 bit

RAM: 6GB RAM (only 3 able to be fully utilized because of OS
limitations) -

Processor: Dual Core, Workstation class machine, experience index 5.0,
Intel® Xeon® CPU 5130 @ 2.00 GHZ 1.99 GHz. 3 months old.



Problem (or perceived problem): The following Microsoft Windows service
appears (i.e. inside Windows Defender) to be running 3 times. All three
instances show the exact same file name and version - Microsoft Windows
host process (Rundll32), File Version: 6.0.6000.16386
(vista_rtm.061101-2205).



Is this reasonable or should I try to find and disable the starting of the
last two instances of this?

If Rundll32 is running out of the System32 directory then it's legit, and if
it's not running out of the System32 directory, then it's a Trojan.

http://www.neuber.com/taskmanager/process/rundll32.exe.html

The machine has been sluggish (considering the hardware) and I am trying
to clean it up by removing unnecessary services and applications and
related DLLs. This service appears to be running 3 times and I am not
sure whether this is correct or the remnant of something I have removed.

run32dll.exe will be call upon it to host dll(s) for the application. It's
being used all over the place in running applications to host Dll(s) the
applications needs.

http://www.liutilities.com/products/wintaskspro/processlibrary/rundll32/

You want to see what is happening, then run Process Explorer to see what a
process is hosting. View menu Show lower pane and Lower pane view/dll will
show everything that being hosted for a process in the upper pane when you
click on it. You can right-click and go to Properties for more info, and you
can do the same thing in the lower pane.

http://www.pcworld.com/downloads/file/fid,23780-page,1-c,downloads/description.html
http://www.microsoft.com/technet/sysinternals/default.mspx

 

[David Dickinson]

Problem (or perceived problem): The following Microsoft Windows service
appears (i.e. inside Windows Defender) to be running 3 times. All three
instances show the exact same file name and version - Microsoft Windows
host process (Rundll32), File Version: 6.0.6000.16386
(vista_rtm.061101-2205).

Hi, Will,

Rundll32 is not exactly a "service". It's a program that is used to run
lots of other programs. You'll need to look in Task Manager's Processes list
to find the command line (use View\Show Columns to show that column -- a
WONDERFUL new feature in Vista) used to call rundll32 in order to learn
exactly what rundll32 is doing. There might be several instances of
rundll32 there, so you'll have to diagnose from there.