DLLs contain code for various functions of a program and are commonly used by Windows processes and third-party apps.

Rundll32.exe is not normally malware, but it can be used to execute malicious code.

You open up Task Manager only to find countless instances of rundll32.exe running all at once.

WindowsSettings2-_0002_DSC_0503

Jason Fitzpatrick / How-to Geek

But what is rundll32.exe?

Here’s everything you gotta know.

What Is Rundll32?

Click File > Show Details For All Processes in Process Explorer.

Rundll32.exe is used to runDynamic Link Library (DLLs)on the Windows operating system.

Most programs you install also use DLLs.

Is Rundll32.exe a Virus?

Right-click a process and select "Properties."

Rundll32.exe is a normal part of Windows.

There are a few legitimate copies of the rundll32 executable contained in a Windows install.

Sometimesmalwarewill use the same executable name and run from a different directory to disguise itself.

The "Properties" window on the "Image" tab.

However, antivirus programs are not perfect, and occasionally malware that runs with rundll32 will avoid detection.

Related:What Are DLL Files, and Why Is One Missing From My PC?

It is small, doesn’t need to be installed, and works with any version of Windows.

Right-click a process and click "Kill Process" to end it immediately.

Here, we’re going to use it to investigate the activity of rundll32.exe.

It doesn’t mean you have a virus.

You don’t have to launch Process Explorer as admin, but it is better if you do.

The Image tab, with various attributes of the rundll32 instance highlighted.

Some processes might not display all of their information without admin privileges.

It’ll show you the full pathname, the parent process, the user, and more.

In this case, our rundll32.exe is associated with something named “localserver 22d8c27b-47a1-48d1-ad08-7da7abd79617.”

A scheduled GeForce Experience auto update.

So, what exactly is “-localserver 22d8c27b-47a1-48d1-ad08-7da7abd79617”?

It seems to be involved in presenting images in the user interface somehow.

It can be used to perform malicious operations.

Can You Delete Rundll32.exe?

You cannot safely delete rundll32.exe if you want Windows to function properly.

It’s a normal, critical part of the Windows operating system.

It’s like asking whether you could open up your microwave and start removing various components.

Odds are deleting rundll32.exe will break tons of things and make running your PC normally a headache.

Don’t delete rundll32.exe from your system.

Deleting it from within Linux bypasses those protective measures completely.

You might break something accidentally.

This can sometimes be a bit complicated, depending on what exactly you want.

Here is how you might do that, starting from the ground up.

That tells us a lot.

If you don’t recognize the folder name, try searching on the internet.

Usually, you’ll be able to find several results that explain what program created the folder.

How do you know which one it is?

The subfolder name — nvstreamsrv — provides some helpful insight.

Most of the things you’ll encounter will be well-documented.

We’ve can now reasonably guess that GeForce Experience is most likely responsible for this instance of rundll32.exe.

Now you better actually turn it off so that rundll32 won’t just fire up again.

We had to entirely disable GeForce Experience.

You should usually take a stab at be as targeted as possible when disabling things.

Just be careful — you don’t want to uninstall or delete something important by accident.