spoolsv.exe

G

Guest

Hi,

I know that some trojans present themselves as "spoolsv.exe." My firewall
very frequently asks if I want "spoolsv.exe" to access the internet. If this
is used to spool things out to the printer, is it supposed to access the
internet?

I have four instances of this file; I'd like to know what I should have
under SP2. Here are my files which I discovered:

C:\\windows\$ntservicePacUninstall$
C:\\windows\prefetch\spoolsv.exe-282f76a
C:\\windows\system32
C:windows\ServicePackFiles\i386

Is this normal? My AV does not find these files problematic...

Thanks
 
C

Curtis Koenig [MSFT]

Hi John,
These are all normal locations for the spoolsv.exe to reside. It is alos
somewhat normal for the spoolsv.exe process to make requests of the
netwrok, especially when network printers are used. The best course of
action is to check the digital signature of the files and use the
PortReporter (available on the MS download site) to monitor your traffic
patterns from this computer to get a better idea of if the behavior is
truely normal.

--
Curtis Koenig
Security Support Engineer
Product Support Services, Security Team
MCSE, MCSES, CISSP

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!

--------------------
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

spoolsv.exe Accessing the Internet 2
Print Spooler Service Dies 0
spoolsv.exe application Error that just will not go away 12
spoolsv.exe generating error 1
ZoneAlarm and spoolsv.exe 2
Abuse of spoolsv.exe? 1
What is spoolsv.exe? 7
Windows explorer in overdrive, again 14

Top