Tech Stocking Stuffers: 18 awesome gifts under $50

Best program to see what svchost and rundll32 are doing?

By Vigilante · 4 replies
Jan 19, 2006
  1. Hey guys, what do you use to see what modules are loaded by rundll32 and svchost?

    Because these 2 things are just containers for other things, I need the best way to see what the actual program running is.

    For examples, let's say you have a plain old computer that, as far as you know, is not infected with anything and is clean. BUT, here is rundll32 in task manager, and when you close it, it comes right back. And if you wait long enough, you may get more then one copy running.

    In my experience, I know various parts of Windows that use rundll32, and when I close the process, so closes the thing I'm running. But in this case, nothing closes, but rundll32 comes right back.

    So what do you use to see what process is behind this? I've used a program called Prcvr but it is slightly cryptic.
  2. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

    You want the Process Explorer utility from Sysinternals. Enable lower pane and tell it to show DLLs. The tooltip tells you the exact library file path.
  3. Vigilante

    Vigilante TechSpot Paladin Topic Starter Posts: 1,666

    I believe that is the one I use. Didn't know there was a lower pane.

    I'll check it out again. thx
  4. Vigilante

    Vigilante TechSpot Paladin Topic Starter Posts: 1,666

    The sysinternals tool is alright, I can browse through all the modules and see the bad ones running. But that doesn't help much in figuring out which program runs which module.
    If I right-click the programs one by one by one and view modules, the one I seek is not there. But when I view all the modules, it is there.

    The program is good, bar hardly a quick and dirty way.

    I'm still interrested to know if there is any utilities where I could see what is running, view the modules under it. As you know, there can be upwards of 3 to 5 or so SVCHOST.exe running even in Safe Mode. Some can be stopped but if you stop the wrong one the system will restart.
    It is just annoying because I can SEE the "bad" dll running, but still have no way to stop it.
  5. iss

    iss TechSpot Chancellor Posts: 1,994

Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...