spoolsv.exe

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

I know that some trojans present themselves as "spoolsv.exe." My firewall
very frequently asks if I want "spoolsv.exe" to access the internet. If this
is used to spool things out to the printer, is it supposed to access the
internet?

I have four instances of this file; I'd like to know what I should have
under SP2. Here are my files which I discovered:

C:\\windows\$ntservicePacUninstall$
C:\\windows\prefetch\spoolsv.exe-282f76a
C:\\windows\system32
C:windows\ServicePackFiles\i386

Is this normal? My AV does not find these files problematic...

Thanks
 
Hi John,
These are all normal locations for the spoolsv.exe to reside. It is alos
somewhat normal for the spoolsv.exe process to make requests of the
netwrok, especially when network printers are used. The best course of
action is to check the digital signature of the files and use the
PortReporter (available on the MS download site) to monitor your traffic
patterns from this computer to get a better idea of if the behavior is
truely normal.

--
Curtis Koenig
Security Support Engineer
Product Support Services, Security Team
MCSE, MCSES, CISSP

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!

--------------------
 
Back
Top