I found a file on my machine that I don’t recognize called “________.exe,”
what is it? Can I delete it?
My computer keeps crashing with a problem in “________.dll,” but I’ve never
heard of this file and have no idea what it does. How do I find out?
This is actually an update to an article that I originally wrote in 2003, and
it’s just as relevant today as it was back then.
In the years since, I’ve received various forms of this question quite
literally hundreds of times – the two above are simply examples where the
“________” is the name of some file – often obscure – that someone has
discovered for various reasons and doesn’t recognize.
Most often, the question “what is this?” is really just a replacement for the
real question, “Is this malware?”
Maybe. Maybe not.
Here are the steps I take, ranging from easy to obscure, to try and track down
just what the DLL is going on. This approach actually works for EXEs and many
other types of files, if you’re trying to track one of those down.
Become a Patron of Ask Leo! and go ad-free!
Location, location, location
One of the best clues for identifying at least the source of a file is its
location on on your hard disk.
By that, I mean the full path of the folder in which the file resides.
For example, if the folder you’ve found a file “scrubber.dll” in:
c:\Program Files (x86)\Toothbrush Magic\scrubber.dll
Then, there’s a pretty reasonable chance that the is somehow related to the
program “Toothbrush Magic,” and was probably placed on your computer when you
installed that program.
Unfortunately, that doesn’t always work for folders that are common, such as
any of the Windows folders. For example, if you find that “scrubber.dll” is
…there’s really not much you can say. While applications shouldn’t install
things into the Windows folders, many do. The result is that the file could be a
part of Windows, it could be part of an application you’ve installed, or it
could be malware.
Most DLLs and EXEs have embedded version information. The easiest way to see
the version information is to do this: in Windows Explorer, right-click on the file,
select Properties, and then select the Details or Version tab.
In the example above, I randomly chose the file “pnidui.dll” in
C:\Windows\System32. The version information in the file gives at least a
hint of what the file is for and who produced it.
There are problems with version information:
Not all DLLs or EXEs may have version information.
If version information is present, it might be obscure and/or vague.
Malware may include intentionally misleading version information.
While it might not always be an absolute source, version information can
often be very useful, even if it’s only as a clue to your investigation.
Consult the source
If you can identify the manufacturer of a file, either by file location or
version information, you might ask them.
Different companies offer widely varying levels of online functionality, so
it’s hard to know what to expect here, but searching the company’s support site
might well take you to very specific information about the file in
Support has a huge collection of information.
Even if the DLL or EXE isn’t actually from Microsoft, it’s still worth
searching the knowledgebase and forums, especially if the file is causing your
system problems. Quite often, articles or posts will reference third-party files
and describe issues and/or resolutions.
While Microsoft’s support isn’t always the most clearly written information,
it’s been improving over the years and can often add valuable information and
clues to help your search. I still consider Microsoft’s support site to be one
of the internet’s more under-utilitized resources.
You probably already know how powerful Google can be. Search on the
DLL or EXE file name and you will likely get a number of hits.
Unfortunately, Google results for random filename searches seem to be an area
where serious caution is required.
Many, and for some files even most, of the search results provide only the
minimum of information and instead attempt to sell you a product to help
“protect” your system. The worst will classify just about anything as potential
malware in an effort to scare you into purchasing software that is typically
either sub-par, ineffective, or in some cases, completely bogus.
The rule’s pretty simple: if you’re just doing research, don’t spend a dime.
If the site holds information hostage until you buy something, move on to
In amongst the noise, however, will often be interesting discussions or
even Q&A – not unlike the articles here on Ask
Leo! that might well mention and provide more information on the DLL.
In one sense, using Google is a long shot and you’ll need to spend some time
separating the wheat from the chaff. A Google search might display 25 hits,
only the last of which might be an reasonable/reliable source.
On the other hand, it can be quite educational to read through some of the
interesting material that results.
It’s a research project
When you’re faced with an executable file – a DLL or EXE – that you don’t
recognize, it can sometimes be a bit of a research project to identify it.
Sometimes, it’ll be quick and obvious, other times not so much.
Particularly given the nature of malware attempting to disguise itself as
something else, it’s often difficult to know with certainty that what you have
is what you think you have.
(This is an update to an article originally published September 5, 2003.)