Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What’s this file that ends in “.dll” or “.exe”?

Question:

I found a file on my machine that I don’t recognize called “________.exe,”
what is it? Can I delete it?

My computer keeps crashing with a problem in “________.dll,” but I’ve never
heard of this file and have no idea what it does. How do I find out?

This is actually an update to an article that I originally wrote in 2003, and
it’s just as relevant today as it was back then.

In the years since, I’ve received various forms of this question quite
literally hundreds of times – the two above are simply examples where the
“________” is the name of some file – often obscure – that someone has
discovered for various reasons and doesn’t recognize.

Most often, the question “what is this?” is really just a replacement for the
real question, “Is this malware?”

Maybe. Maybe not.

Here are the steps I take, ranging from easy to obscure, to try and track down
just what the DLL is going on. This approach actually works for EXEs and many
other types of files, if you’re trying to track one of those down.

Become a Patron of Ask Leo! and go ad-free!

Location, location, location

One of the best clues for identifying at least the source of a file is its
location on on your hard disk.

By that, I mean the full path of the folder in which the file resides.

For example, if the folder you’ve found a file “scrubber.dll” in:

c:\Program Files (x86)\Toothbrush Magic\scrubber.dll

Then, there’s a pretty reasonable chance that the is somehow related to the
program “Toothbrush Magic,” and was probably placed on your computer when you
installed that program.

Unfortunately, that doesn’t always work for folders that are common, such as
any of the Windows folders. For example, if you find that “scrubber.dll” is
here:

c:\windows\system32\scrubber.dll

…there’s really not much you can say. While applications shouldn’t install
things into the Windows folders, many do. The result is that the file could be a
part of Windows, it could be part of an application you’ve installed, or it
could be malware.

Version information

Most DLLs and EXEs have embedded version information. The easiest way to see
the version information is to do this: in Windows Explorer, right-click on the file,
select Properties, and then select the Details or Version tab.

File Version Information

In the example above, I randomly chose the file “pnidui.dll” in
C:\Windows\System32. The version information in the file gives at least a
hint of what the file is for and who produced it.

There are problems with version information:

  • Not all DLLs or EXEs may have version information.

  • If version information is present, it might be obscure and/or vague.

  • Malware may include intentionally misleading version information.

While it might not always be an absolute source, version information can
often be very useful, even if it’s only as a clue to your investigation.

Consult the source

If you can identify the manufacturer of a file, either by file location or
version information, you might ask them.

Different companies offer widely varying levels of online functionality, so
it’s hard to know what to expect here, but searching the company’s support site
might well take you to very specific information about the file in
question.

Ask Microsoft

Microsoft
Support
has a huge collection of information.

Even if the DLL or EXE isn’t actually from Microsoft, it’s still worth
searching the knowledgebase and forums, especially if the file is causing your
system problems. Quite often, articles or posts will reference third-party files
and describe issues and/or resolutions.

While Microsoft’s support isn’t always the most clearly written information,
it’s been improving over the years and can often add valuable information and
clues to help your search. I still consider Microsoft’s support site to be one
of the internet’s more under-utilitized resources.

Ask Google

You probably already know how powerful Google can be. Search on the
DLL or EXE file name and you will likely get a number of hits.

Unfortunately, Google results for random filename searches seem to be an area
where serious caution is required.

Many, and for some files even most, of the search results provide only the
minimum of information and instead attempt to sell you a product to help
“protect” your system. The worst will classify just about anything as potential
malware in an effort to scare you into purchasing software that is typically
either sub-par, ineffective, or in some cases, completely bogus.

The rule’s pretty simple: if you’re just doing research, don’t spend a dime.
If the site holds information hostage until you buy something, move on to
another source.

In amongst the noise, however, will often be interesting discussions or
even Q&A – not unlike the articles here on Ask
Leo!
that might well mention and provide more information on the DLL.

In one sense, using Google is a long shot and you’ll need to spend some time
separating the wheat from the chaff. A Google search might display 25 hits,
only the last of which might be an reasonable/reliable source.

On the other hand, it can be quite educational to read through some of the
interesting material that results.

It’s a research project

When you’re faced with an executable file – a DLL or EXE – that you don’t
recognize, it can sometimes be a bit of a research project to identify it.
Sometimes, it’ll be quick and obvious, other times not so much.

Particularly given the nature of malware attempting to disguise itself as
something else, it’s often difficult to know with certainty that what you have
is what you think you have.

That’s one of the (many) reasons why it’s important to not only run
appropriate security software
, but also know how to
stay safe on the internet
in general.

(This is an update to an article originally published September 5, 2003.)

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

49 comments on “What’s this file that ends in “.dll” or “.exe”?”

  1. For all of these types of problems I’ll refer you to http://ask-leo.com/askleo.html to ask your questions. Regardless of where you ask (me or elsewhere), make sure that you include the full text of any error message, as well as the versions of the operating system and any other software that might be involved (like Works, for example).
    Best of luck,
    Leo

    Reply
  2. whenever I try to open text files saved in ms-works I get an error message”can not find file wksole.dll needed to open this file”.
    Where do I get this file? I’ve tried several dll file databases and it dosn’t seem to exist.

    Reply
  3. Problem is can’t get link to work from websites, and found CSSeqChk.dll is shown as error. I have the dll already from separate download, and have re downloaded IE6.sp1 also and re installed it, but still can not get link to work from website. How do I correct the problem? Any help appreciated. Norm

    Reply
  4. I had gone to virtualdr and tried to generate a link by clicking on the mail icon, then trying to send link – it wouldn’t – so I tried sending a file from my system and received error msg ‘missing CSSEQchk.dll.’ Then went online and downloaded that dll onto desktop and afterwards went to MSN website and downloaded IE6,sp1 and reinstalled it, but still prob – can’t send link on website. Hope this clarifies. Norm

    Reply
  5. I’m getting “can’t load pronics9x.dll everytime I restart the computer. I’m using a wireless card and windows 98 SE.

    Reply
  6. pronics9x.dll is related to the Linksys WMP54G wireless card, but I don’t know what it does. I have the same problem as sheizelle ever since I reinstalled the wireless software.

    Reply
  7. I am trying to fix an internet connection on another computer of mine that has win98 on it. I am connecting through a cable modem. A friend of mine gave me the computer and said it worked fine before he sent it to me. Everytime I try to connect to IE v5.50.4522.1800 I get a second or two of ‘detecting proxy setting’ then it goes to ‘res://c:windows\system\shdoclc.dll/dnserror.htm.’ It doen’t even give me ‘the page cannot be displayed’ error that anyone would get if they were not connected to the internet. I did a SFC and everything is fine. I cannot ping (with a response) anything except for the IP that I get of course from ipconfig. If I try to ping any website I get an unknown host error. I tried to update IE with a new update but I can not, it needs to connect with Microsoft. I have looked all through the internet and still have had no luck.

    Reply
  8. It sounds like you’ve got a much more fundamental problem. Are you certain that you’re connected with that cable modem at all? It really sounds like you have no connection at all, which isn’t necessarily something that the PC side software will be able to address. I’d check with the ISP and try diagnosing the cable connection.

    Good luck!

    Leo

    Reply
  9. when i shut down fatal exception oe has occured at 0028:c02a0948 in vxd vwin32(05)t000012do. will be terminated Program vender How do I cantact them

    Reply
  10. I have a similar problem Leonard had on April 26, 2004. I am working on a laptop using Windows 2000 Pro. I have the same ‘res://c:windows\system\shdoclc.dll/dnserror.htm’ error msg on top but i also have a cannot be displayed msg on the screen as well. I am using a dialup connection. I was going to update the antivirus but now can’t. I checked for sasser, as well as mcafee stinger all to no avail. I even contacted the ISP, and they are saying it’s the PC. but the pc worked fine up until this point for the other person working on it.

    Reply
  11. My Microsoft Word used to have Internet Explorer as its browser. Now when I click on a hyperlink it goes to Composer. I think this is Netscape. How do I get it back to Internet explorer?

    Reply
  12. My browser has recently been Hijacked, However I have managed to fix the problem at least for the mean time. I still cannot delete Searchextender or shoppingWizard or HomeSearchAssistent from my hard-drive. I do have my homepage back after running SpyBot. Ad-aware, Hijackthis, uninstaller-pro, McAfee, and CWShredder. Q: Is this normal or how do delete it from my hard-drive?
    Thank you

    Reply
  13. I’m in a tight spot. I just found out that i not only have SearchExtender, but also Home Search Assistent, and now Google Toolbar is also a problem. I tried to delete each one, but they dont want to die. What can I do to get rid of these pests? Thank you for your time.

    Reply
  14. LEO!! i used almost every recommendation that u posted for me to use, but these little pests are still annoying me extremely. It seemed that they were deleted, but they would come back. I still believe that Google Toolbar for Internet Explorer is the one controling Home Search Assistent, Shopping Wizard, and Search Extender, which i cant delete…

    Reply
  15. While working on my computer I suddenly got the blue screen error in Windows 95 Operatng System i.e.

    A fatal exception OE has occured at 0028:C0020666 in VXD VWIN32(01).
    The current application will be terminated.

    After restrating the computer now it is fine.Please also let me know the reason of coming
    fatal errors in computer.
    Yours sincelely,
    Ashish Chawla

    Reply
  16. I have Win XP and I removed a yahoo toolbar from the programs list and it caused my internet connection to not work, even though my network connection still works. I’ve tried to repair XP but I still can’t get online. Is there something I can do without having to reinstall XP?

    Reply
  17. Leo,

    I am trying to install a copier to print to via a rip from my Windows 2000 Professional computer. I get stopped during install because it is asking for a pscriptui.dll!? I read that it should be on my Windows disk, but Windows explorer can’t find it. Do you know where I can get a copy of this dll?

    Thanks,
    Mary

    Reply
  18. Hello, Good day
    My name is Chirag Daryanani.
    Please Pardon my language.
    Hello you dumb ****,
    yeah you Joe Serrano!
    EVERYONE IN THE WORLD GETS THE TOOLBAR PROBLEM!
    NEVER USE ADAWARE FOR TOOLBARS,
    you will Kill your PC if your
    Internet Explorer stops working!
    It’s a Microsoft flaw!
    Slap your PC with this solution,
    First Download the Full Internet Explorer.
    If you can’t find it just email me!
    Open the Folder where you Installed the
    Internet Explorer!
    Then second Uninstall the toolbars “One by One”.
    Open a window where you downloaded the FULLL Internet Explorer 4, 5 or 6: Ie6.exe
    (around 30+MB? It’s not 500KB!)

    If you “have to”!!!
    (the third step is done Manually & MIGHT/WILL cause your Internet Explorer to stop working!)
    Third Delete the toolbar folder from your Pc’s Dir. i.e. C:\Program Files\Google Delete the Google Folder. DO NOT EMPTY THE RECYCLE BIN!
    If you have a problem
    you can restore the recycle bin!

    You deleted all the Toolbars, etc.?
    Now you just Install your browser back!
    Hurry before it’s too late…
    Now restart your PC after you ARE DONE!!!

    MAKE SURE YOU DON’T RESTART YOUR PC
    IN BETWEEN THE STEPS!!!
    Otherwise you might have to reformat or restore!

    PS I am not responsible for any problems encountered by doing all of this.
    Email me if you have any questions:
    chiragdaryanani@gmail.com
    Questions Only!
    Btw Google Toolbar is completely safe!

    The day I got the xxx toolbar, I had to do this! But instead I just REFORMATED!
    Go to the main site to Uninstall these toolbars!
    You people are noobs in a room full of idiots;
    Please Visit the Cnet Forums,
    they have much better support!

    * Please forgive my bad language Leo. (:
    You should tell these guys this is not the place for Adware trouble & to get a life!

    Reply
  19. hi
    i m trying to register a dll named SEE32.dll but i m receiving this message. Plz help me out of this problem.

    “Unable to find an entry point named ‘receive_email’ in DLL ‘C:\Windows\SEE32.DLL'”

    Reply
  20. Three phrases should be among the most common in our daily usage. They are: Thank you, I am grateful and I appreciate.

    Reply
  21. How to find External DLL’s in Access 97 Application programmatically?

    Is there any way to use “Dll provider name”,”Version number”,”OLE self register” to find out whether it’s an external one….

    P.S. External DLL: DLL’s which we create & use by registering in the system.

    Reply
  22. I want to install a webcam on my PC that will give both me and the person on the other end a FULL SCREEN display. I’m told that it depends on the hardware and also it depends on the software but no where can I find specifics, e.g., manufacturer, model, etc. Sincerely appreciate any help. Thank you.

    Reply
  23. My uncle has a gateway labtop and for sum reason it’s not working csuse it says restoer the DLL in order for it to work. But i don’t have a clue what a DLL is. He haven’t run his computer in a lone may be about almost a year.

    Reply
  24. I have a problem with a rogue DLL which I suspect is malware. It is listed as a IE “add-on” but keeps re-enabling itself after I disable it. The name of the file is:

    c:\windows\system32\vtUlJBTn.dll

    Reply
  25. I’m using See32.dll file for a product to send the mails to my predefined emails and server. But now I use this product with McAfee installed on that machine and active, then the product is not sending the mails but on deactivating its sending the mails. please help me how I can avoid this problem.

    Reply
  26. I was just curious. I recently uninstalled this ask.com folder that came bundled in with another program I downloaded. Then I deleted the folder but before deleting it I opened it and the only file inside it is this .dll file. Now that implies to me that this .dll is designed to be called upon by an already existing .exe that I have on my computer. How does that work? Or am I way off?

    Reply
  27. DLL or EXE? Now I’m beginning to get confused. I heard from one site that dll and exe are two different things. But I’ve also heard about explorer.dll.exe….I’ve read from a site discussing about dll exe that dlls cannot be directly executed…So how’s that?

    Reply
  28. Thank you, Leo, for all the help you have provided over the years. I really enjoy reading your newsletter. However, reading the mostly ungrateful and demanding comments on this thread makes me sometimes wonder why you bother.

    It was Good Advice to use Google to find information on suspicious file names. This will usually pop up a half-dozen or so forum sites to peruse for more information. A savvy user can filter through the garbage to find them.

    To help identify unknown files, my personal favorite for the past few years has been Bill P’s WinPatrol PLUS. There is a “freeware” version of WinPatrol as well as an upgrade to the PLUS paid version. Both come with no-cost periodic updates. I ran with the free version for many years before deciding to make a one-time purchase of the PLUS upgrade. No regrets, and I now have instant access to a Bill P webpage with information, if available, on the mystery file. Highly recommended.

    I’m a fan of WinPatrol also, and probably should have included it above. WinPatrol – Get alerts to important changes to your computer

    Leo
    04-Oct-2012
    Reply
  29. A couple of little tips to supplement Leo’s excellent advice:
    ● If you have IE toolbars you don’t want, in addition to spyware removers and add/remove programs, try “Manage Add-ons” in the Tools menu
    ● If you have a suspicious file, subject it to an on-line scan such as Jotti http://virusscan.jotti.org
    or Vius Total
    http://www.virustotal.com .
    These subject the file to multiple scans: observing the extent to which findings differ from one anti-virus scan to another demonstrates graphically how much malware detection is an art rather than a science!

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.