Application error : "spoolsvc.exe"

[Guest]

I was trying to convert FLAC (audio) files and downloaded FLAC Frontend,
which suggested I download a free version of Winamp. I did this and converted
the files successfully. At some point later (several hours) I started to
receive an application error “spoolsvc.exeâ€. This causes the computer to slow
right to a standstill and the mouse is extremely sluggish. I ran Spybot,
Adaware and McAfee and eventually removed both audio programs but to no
avail. I reset the bios to default settings, still no joy. While
investigating I have written down the following “mclsp.dll†and
“c:\windows\system32\dllcache\spoolsvc.opt†but now cannot remember the
context (fool). I am not sure that the audio programs are the offending
agents but that was the last major change I made. Any advise please?
Rgds

 

[DatabaseBen]

you might be able to go into safe mode and either restore to a funtional
date or uninstall those questionables programs.... Should get you back
operational.

Another would be to access the dllcache folder via safe mode and delete or
rename those files like "mclsp.dl_" "spoolsvc.op_"

Funny the .opt file is not a dll.....

 

[Wesley Vogel]

spoolsvc.exe is a process which is registered as W32.SXTB.A Trojan. This
Trojan allows attackers to access your computer from remote locations,
stealing passwords, Internet banking and personal data. This process is a
security risk and should be removed from your system.

If a process named spoolsvc.exe is running on your computer, you may have
been infected with a strain of the Sdbot.Uk worm.

Troj/SXTB-A

Spoolsvc.exe is a worm W32.Linkbot.M.

Troj/Dropper-AT

No matter what name it goes by, you don't want spoolsvc.exe.

I have no idea what spoolsvc.opt is, probably malware also.

UPDATE your antivirus software and run a full system scan.

UPDATE whatever anti-spyware applications that you have and run a full
system scan with each one.

You might want to start in Safe Mode to run your antivirus and anti-spyware
software.

Running a full system antivirus scan or anti-spyware scan in Safe Mode can
be a good idea. Some viruses and other malware like to conceal themselves
in areas Windows protects while using them. Safe mode will prevent those
applications access and therefore unprotect the viruses or other malware
allowing for easier removal.

How to start Windows in Safe Mode Windows XP
http://www.bleepingcomputer.com/forums/index.php?showtutorial=61#winxo

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Guest]

Thanks Wes (& Ben),
at least I now know what I am up against.
After your helpful advice I did some searching on "spoolsvc.exe" and learned
that it was relatively old virus. One site mentioned that it was often
associated with Winamp so I suppose that was the source of infection (other
readers take note). What I don't understand is why McAfee did not pick it up
when I did the download as I have the virus scanner running all the time.
McAfee even updated its database yesterday and I ran it immediately but it
still did not identify it. I also ran adaware again.
I'll go through your suggestions tonight, when I am back home.

Please note, your replies are very much appreciated, Thank you.

rgds,
Chris

 

[databaseben]

i'm glad you found the problem with that file. But you have also
discovered, as we have, that infections do get pass us and softwares too. I
have used mcafee and norton and trend in the past as well.

As a suggestion that I use for myself as well, is to have and use several
antiviruls. For example, I currently have microsoft defender installed in
real time and a freeware called spyware terminator in real time too.
SpywareTerminator also has an addin called ClamAntivirus which runs by
spyware terminator. I think between them I get really good results.
Spyware terminator and with all the settings turned on, will ask for
permission(s) whenever a program is installed. I also beeps me when ever it
has blocked something from the internet. I am pleased with it.

Also, I have other antiviruls, like spybot, etc..., that I run on occassion
and manually, that way they can get updated and catch anything that may have
been missed. Although defender runs in the background, i also open it and
check out anything it discovered, ensure it is updated and for the sake of
it run a complete check anyways. If you choose to go the freeware way and
or get other antiviruls, keep in mind that when you run them manually to
disable the others that are in real time. That way you won't get an
antivirus running in real time checking the antivirus you are running in
manual mode.

Also, as a precaution, whenever you download freeware from a freeware site,
double check to see if the freeware still has a parent site offering the
freeware. For example, if you go to say downloads.com and you find
something interesting. Then check out the ratings and comments. Or check
out the parent website of the freeware and see if it is still offering their
program for free. If the parent website doesn't exist, but the freeware is
still being made available off the net somewhere, you should consider not
downloading it as it could have been tampered with.......