Helping people with computers... one answer at a time.

When given just a file name, it's often difficult to know exactly where it came from or what it does. I'll look at a few approaches to identifying .exe and .dll files.

I found a file on my machine that I don't recognize called "________.exe," what is it? Can I delete it?

My computer keeps crashing with a problem in "________.dll," but I've never heard of this file and have no idea what it does. How do I find out?

This is actually an update to an article that I originally wrote in 2003, and it's just as relevant today as it was back then.

In the years since, I've received various forms of this question quite literally hundreds of times - the two above are simply examples where the "________" is the name of some file - often obscure - that someone has discovered for various reasons and doesn't recognize.

Most often, the question "what is this?" is really just a replacement for the real question, "Is this malware?"

Maybe. Maybe not.

Here are the steps I take, ranging from easy to obscure, to try and track down just what the DLL is going on. This approach actually works for EXEs and many other types of files, if you're trying to track one of those down.

Location, location, location

One of the best clues for identifying at least the source of a file is its location on on your hard disk.

By that, I mean the full path of the folder in which the file resides.

For example, if the folder you've found a file "scrubber.dll" in:

c:\Program Files (x86)\Toothbrush Magic\scrubber.dll

Then, there's a pretty reasonable chance that the is somehow related to the program "Toothbrush Magic," and was probably placed on your computer when you installed that program.

Unfortunately, that doesn't always work for folders that are common, such as any of the Windows folders. For example, if you find that "scrubber.dll" is here:

c:\windows\system32\scrubber.dll

...there's really not much you can say. While applications shouldn't install things into the Windows folders, many do. The result is that the file could be a part of Windows, it could be part of an application you've installed, or it could be malware.

Version information

Most DLLs and EXEs have embedded version information. The easiest way to see the version information is to do this: in Windows Explorer, right-click on the file, select Properties, and then select the Details or Version tab.

File Version Information

In the example above, I randomly chose the file "pnidui.dll" in C:\Windows\System32. The version information in the file gives at least a hint of what the file is for and who produced it.

There are problems with version information:

  • Not all DLLs or EXEs may have version information.

  • If version information is present, it might be obscure and/or vague.

  • Malware may include intentionally misleading version information.

While it might not always be an absolute source, version information can often be very useful, even if it's only as a clue to your investigation.

Consult the source

If you can identify the manufacturer of a file, either by file location or version information, you might ask them.

Different companies offer widely varying levels of online functionality, so it's hard to know what to expect here, but searching the company's support site might well take you to very specific information about the file in question.

Ask Microsoft

Microsoft Support has a huge collection of information.

Even if the DLL or EXE isn't actually from Microsoft, it's still worth searching the knowledgebase and forums, especially if the file is causing your system problems. Quite often, articles or posts will reference third-party files and describe issues and/or resolutions.

While Microsoft's support isn't always the most clearly written information, it's been improving over the years and can often add valuable information and clues to help your search. I still consider Microsoft's support site to be one of the internet's more under-utilitized resources.

Ask Google

You probably already know how powerful Google can be. Search on the DLL or EXE file name and you will likely get a number of hits.

Unfortunately, Google results for random filename searches seem to be an area where serious caution is required.

Many, and for some files even most, of the search results provide only the minimum of information and instead attempt to sell you a product to help "protect" your system. The worst will classify just about anything as potential malware in an effort to scare you into purchasing software that is typically either sub-par, ineffective, or in some cases, completely bogus.

The rule's pretty simple: if you're just doing research, don't spend a dime. If the site holds information hostage until you buy something, move on to another source.

In amongst the noise, however, will often be interesting discussions or even Q&A - not unlike the articles here on Ask Leo! that might well mention and provide more information on the DLL.

In one sense, using Google is a long shot and you'll need to spend some time separating the wheat from the chaff. A Google search might display 25 hits, only the last of which might be an reasonable/reliable source.

On the other hand, it can be quite educational to read through some of the interesting material that results.

It's a research project

When you're faced with an executable file - a DLL or EXE - that you don't recognize, it can sometimes be a bit of a research project to identify it. Sometimes, it'll be quick and obvious, other times not so much.

Particularly given the nature of malware attempting to disguise itself as something else, it's often difficult to know with certainty that what you have is what you think you have.

That's one of the (many) reasons why it's important to not only run appropriate security software, but also know how to stay safe on the internet in general.

(This is an update to an article originally published September 5, 2003.)

Article C1838 - October 1, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

49 Comments
joe
October 30, 2003 5:24 PM

i cant get my router to work.
i keep getting error when i put in the address the shdoclc.dll will show up in the error line

David
November 2, 2003 10:41 AM

I can't load computer games error = "ddraw.dll"
anyway of fixxing this problem???

Cindy Jo
November 6, 2003 6:42 PM

When I try to open MSWorks this message appears cannot find WKSOLE.DLL, can you help me? Cindy Jo

Leo
November 6, 2003 7:34 PM

For all of these types of problems I'll refer you to http://ask-leo.com/askleo.html to ask your questions. Regardless of where you ask (me or elsewhere), make sure that you include the full text of any error message, as well as the versions of the operating system and any other software that might be involved (like Works, for example).
Best of luck,
Leo

phillip kokinos
January 15, 2004 1:16 PM

whenever I try to open text files saved in ms-works I get an error message"can not find file wksole.dll needed to open this file".
Where do I get this file? I've tried several dll file databases and it dosn't seem to exist.

Norm H.
March 1, 2004 10:20 PM

Problem is can't get link to work from websites, and found CSSeqChk.dll is shown as error. I have the dll already from separate download, and have re downloaded IE6.sp1 also and re installed it, but still can not get link to work from website. How do I correct the problem? Any help appreciated. Norm

Leo
March 1, 2004 10:45 PM

Not exactly sure what you're describing, Norm. Could you clarify?

Thanks,

Leo

Norm H.
March 2, 2004 9:32 AM

I had gone to virtualdr and tried to generate a link by clicking on the mail icon, then trying to send link - it wouldn't - so I tried sending a file from my system and received error msg 'missing CSSEQchk.dll.' Then went online and downloaded that dll onto desktop and afterwards went to MSN website and downloaded IE6,sp1 and reinstalled it, but still prob - can't send link on website. Hope this clarifies. Norm

sheizelle
March 31, 2004 8:41 AM

I'm getting "can't load pronics9x.dll everytime I restart the computer. I'm using a wireless card and windows 98 SE.

Mike C
April 8, 2004 2:43 AM

pronics9x.dll is related to the Linksys WMP54G wireless card, but I don't know what it does. I have the same problem as sheizelle ever since I reinstalled the wireless software.

Leonard
April 26, 2004 1:40 PM

I am trying to fix an internet connection on another computer of mine that has win98 on it. I am connecting through a cable modem. A friend of mine gave me the computer and said it worked fine before he sent it to me. Everytime I try to connect to IE v5.50.4522.1800 I get a second or two of 'detecting proxy setting' then it goes to 'res://c:windows\system\shdoclc.dll/dnserror.htm.' It doen't even give me 'the page cannot be displayed' error that anyone would get if they were not connected to the internet. I did a SFC and everything is fine. I cannot ping (with a response) anything except for the IP that I get of course from ipconfig. If I try to ping any website I get an unknown host error. I tried to update IE with a new update but I can not, it needs to connect with Microsoft. I have looked all through the internet and still have had no luck.

Leo
April 26, 2004 5:06 PM

It sounds like you've got a much more fundamental problem. Are you certain that you're connected with that cable modem at all? It really sounds like you have no connection at all, which isn't necessarily something that the PC side software will be able to address. I'd check with the ISP and try diagnosing the cable connection.

Good luck!

Leo

fuller
May 20, 2004 9:53 AM

when i shut down fatal exception oe has occured at 0028:c02a0948 in vxd vwin32(05)t000012do. will be terminated Program vender How do I cantact them

Leo
May 20, 2004 3:09 PM

I found this page: http://ask-leo.com/d-40520b that lists several vwin32 errors, and includes an entry, with possible causes, for the error you list. Good luck!

Angela
May 21, 2004 9:45 AM

I have a similar problem Leonard had on April 26, 2004. I am working on a laptop using Windows 2000 Pro. I have the same 'res://c:windows\system\shdoclc.dll/dnserror.htm' error msg on top but i also have a cannot be displayed msg on the screen as well. I am using a dialup connection. I was going to update the antivirus but now can't. I checked for sasser, as well as mcafee stinger all to no avail. I even contacted the ISP, and they are saying it's the PC. but the pc worked fine up until this point for the other person working on it.

laf
June 17, 2004 3:45 PM

My Microsoft Word used to have Internet Explorer as its browser. Now when I click on a hyperlink it goes to Composer. I think this is Netscape. How do I get it back to Internet explorer?

jason
July 5, 2004 8:56 AM

My browser has recently been Hijacked, However I have managed to fix the problem at least for the mean time. I still cannot delete Searchextender or shoppingWizard or HomeSearchAssistent from my hard-drive. I do have my homepage back after running SpyBot. Ad-aware, Hijackthis, uninstaller-pro, McAfee, and CWShredder. Q: Is this normal or how do delete it from my hard-drive?
Thank you

Harlan
July 17, 2004 10:22 PM

12frared.dll ?

Joe Serrano
August 9, 2004 12:05 PM

I'm in a tight spot. I just found out that i not only have SearchExtender, but also Home Search Assistent, and now Google Toolbar is also a problem. I tried to delete each one, but they dont want to die. What can I do to get rid of these pests? Thank you for your time.

Leo
August 10, 2004 2:58 PM

What leads you to believe Google's a problem? I love it. Anyway, you need to run some anti=spyware software. Recommendations here: http://ask-leo.com/d-recommend

Joe Serrano
August 14, 2004 4:54 PM

LEO!! i used almost every recommendation that u posted for me to use, but these little pests are still annoying me extremely. It seemed that they were deleted, but they would come back. I still believe that Google Toolbar for Internet Explorer is the one controling Home Search Assistent, Shopping Wizard, and Search Extender, which i cant delete...

Anonymous
October 5, 2004 10:37 PM

While working on my computer I suddenly got the blue screen error in Windows 95 Operatng System i.e.


A fatal exception OE has occured at 0028:C0020666 in VXD VWIN32(01).
The current application will be terminated.

After restrating the computer now it is fine.Please also let me know the reason of coming
fatal errors in computer.
Yours sincelely,
Ashish Chawla

bishaz2001
October 13, 2004 9:55 AM

Cannot remove home search extender, shoppin wizard. I need Help. Seems that the only way is formatting the PC.

Leo
October 13, 2004 10:01 AM

Get and run a spyware checker. Recommendations here: http://ask-leo.com/d-recommend

beerslayer
November 8, 2004 2:19 PM

If the problem involves something executing on your system (i.e. you see a process in Task Manager that you do not recognize), one good place to check for information is the AnswersThatWork Tasklist (http://www.answersthatwork.com/Tasklist_pages/tasklist.htm). While not everything is there (they can't possibly know about every background printer driver or video driver), quite a lot is.

Scott Gillespie
January 7, 2005 9:09 AM

I have Win XP and I removed a yahoo toolbar from the programs list and it caused my internet connection to not work, even though my network connection still works. I've tried to repair XP but I still can't get online. Is there something I can do without having to reinstall XP?

Mary wagoner
February 4, 2005 8:23 AM

Leo,

I am trying to install a copier to print to via a rip from my Windows 2000 Professional computer. I get stopped during install because it is asking for a pscriptui.dll!? I read that it should be on my Windows disk, but Windows explorer can't find it. Do you know where I can get a copy of this dll?

Thanks,
Mary

Chirag Daryanani
October 13, 2005 5:44 AM

Hello, Good day
My name is Chirag Daryanani.
Please Pardon my language.
Hello you dumb ****,
yeah you Joe Serrano!
EVERYONE IN THE WORLD GETS THE TOOLBAR PROBLEM!
NEVER USE ADAWARE FOR TOOLBARS,
you will Kill your PC if your
Internet Explorer stops working!
It's a Microsoft flaw!
Slap your PC with this solution,
First Download the Full Internet Explorer.
If you can't find it just email me!
Open the Folder where you Installed the
Internet Explorer!
Then second Uninstall the toolbars "One by One".
Open a window where you downloaded the FULLL Internet Explorer 4, 5 or 6: Ie6.exe
(around 30+MB? It's not 500KB!)

If you "have to"!!!
(the third step is done Manually & MIGHT/WILL cause your Internet Explorer to stop working!)
Third Delete the toolbar folder from your Pc's Dir. i.e. C:\Program Files\Google Delete the Google Folder. DO NOT EMPTY THE RECYCLE BIN!
If you have a problem
you can restore the recycle bin!

You deleted all the Toolbars, etc.?
Now you just Install your browser back!
Hurry before it's too late...
Now restart your PC after you ARE DONE!!!

MAKE SURE YOU DON'T RESTART YOUR PC
IN BETWEEN THE STEPS!!!
Otherwise you might have to reformat or restore!

PS I am not responsible for any problems encountered by doing all of this.
Email me if you have any questions:
chiragdaryanani@gmail.com
Questions Only!
Btw Google Toolbar is completely safe!

The day I got the xxx toolbar, I had to do this! But instead I just REFORMATED!
Go to the main site to Uninstall these toolbars!
You people are noobs in a room full of idiots;
Please Visit the Cnet Forums,
they have much better support!

* Please forgive my bad language Leo. (:
You should tell these guys this is not the place for Adware trouble & to get a life!

John J Suknaic
January 27, 2006 12:09 PM

I can't find this DLL anywhere: SRS3MEZ8.dll
does anyone know what it could be?

rizwan
February 15, 2006 4:23 AM

hi
i m trying to register a dll named SEE32.dll but i m receiving this message. Plz help me out of this problem.

"Unable to find an entry point named 'receive_email' in DLL 'C:\Windows\SEE32.DLL'"

penis enlargement
March 14, 2006 2:50 PM

Three phrases should be among the most common in our daily usage. They are: Thank you, I am grateful and I appreciate.

john
March 15, 2006 1:39 PM

SEE32.DLL is an email product from MarshallSoft.

It does NOT require REGISTERING because it is accessed directly in the WINDOWS folder.

Thiagu
April 24, 2006 5:20 AM

How to find External DLL's in Access 97 Application programmatically?

Is there any way to use "Dll provider name","Version number","OLE self register" to find out whether it's an external one....

P.S. External DLL: DLL's which we create & use by registering in the system.

Carl G.
April 28, 2006 6:35 PM

There is a site at: http://www.dll-files.com/ . Just plug in the missing .dll filename into the box, and it downloads for free. Saved my bacon a few times!

Brummpa
May 12, 2006 1:36 AM

I want to install a webcam on my PC that will give both me and the person on the other end a FULL SCREEN display. I'm told that it depends on the hardware and also it depends on the software but no where can I find specifics, e.g., manufacturer, model, etc. Sincerely appreciate any help. Thank you.

Mike
June 3, 2006 2:06 PM

Does anyone know what deskpan.dll is for and if it is needed.

Anthony
July 13, 2006 11:06 AM

My uncle has a gateway labtop and for sum reason it's not working csuse it says restoer the DLL in order for it to work. But i don't have a clue what a DLL is. He haven't run his computer in a lone may be about almost a year.

Jackie Sorenson
August 27, 2007 5:48 PM

A great resource for DLL Information is here:

http://www.corruptedfilerepair.com/File-Information/File-Information-Index-A.asp

Brad Grove
April 14, 2008 4:52 AM

I have a problem with a rogue DLL which I suspect is malware. It is listed as a IE "add-on" but keeps re-enabling itself after I disable it. The name of the file is:

c:\windows\system32\vtUlJBTn.dll

SpiritDevSS
July 1, 2008 5:25 AM

I'm using See32.dll file for a product to send the mails to my predefined emails and server. But now I use this product with McAfee installed on that machine and active, then the product is not sending the mails but on deactivating its sending the mails. please help me how I can avoid this problem.

Angie Lines
April 18, 2009 10:30 AM

I was just curious. I recently uninstalled this ask.com folder that came bundled in with another program I downloaded. Then I deleted the folder but before deleting it I opened it and the only file inside it is this .dll file. Now that implies to me that this .dll is designed to be called upon by an already existing .exe that I have on my computer. How does that work? Or am I way off?

surendar
May 9, 2009 5:53 AM

wat is surendar.exe.dll error , it is shown when system shutdowns saying system failed

James Fox
October 9, 2010 3:56 AM

DLL or EXE? Now I'm beginning to get confused. I heard from one site that dll and exe are two different things. But I've also heard about explorer.dll.exe....I've read from a site discussing about dll exe that dlls cannot be directly executed...So how's that?

Dick Swanson
October 2, 2012 9:18 AM

Hi Leo; Just a line to thank you for all your informative news letters. You are my IT Guru!

Howard B. Evans, Jr.
October 2, 2012 1:29 PM

Thank you, Leo, for all the help you have provided over the years. I really enjoy reading your newsletter. However, reading the mostly ungrateful and demanding comments on this thread makes me sometimes wonder why you bother.

It was Good Advice to use Google to find information on suspicious file names. This will usually pop up a half-dozen or so forum sites to peruse for more information. A savvy user can filter through the garbage to find them.

To help identify unknown files, my personal favorite for the past few years has been Bill P's WinPatrol PLUS. There is a "freeware" version of WinPatrol as well as an upgrade to the PLUS paid version. Both come with no-cost periodic updates. I ran with the free version for many years before deciding to make a one-time purchase of the PLUS upgrade. No regrets, and I now have instant access to a Bill P webpage with information, if available, on the mystery file. Highly recommended.

I'm a fan of WinPatrol also, and probably should have included it above. WinPatrol - Get alerts to important changes to your computer
Leo
04-Oct-2012
richard Lovejoy
October 2, 2012 2:49 PM

I strongly recomment Win Patrol (paid ver) to gwt answers to many strange files and extensions

James Abuda
October 3, 2012 2:20 AM

I always read your article Leo, but how you earn money from doing this?

Mark J
October 3, 2012 2:49 AM

@James Abuda
Ask Leo! is an advertising supported website.
This article explains how it works.

BAW30s
October 3, 2012 3:34 AM

A couple of little tips to supplement Leo's excellent advice:
● If you have IE toolbars you don't want, in addition to spyware removers and add/remove programs, try "Manage Add-ons" in the Tools menu
● If you have a suspicious file, subject it to an on-line scan such as Jotti http://virusscan.jotti.org
or Vius Total
http://www.virustotal.com .
These subject the file to multiple scans: observing the extent to which findings differ from one anti-virus scan to another demonstrates graphically how much malware detection is an art rather than a science!

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.