Spoolsv.exe

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

what is spoolsv.exe (taking up 6.040 K and listed as SYSTEM in my Processes
list) and why is it trying periodically to access the internet?
I have denied his access for know.

Thanks,

Henning
 
Hi,

what is spoolsv.exe (taking up 6.040 K and listed as SYSTEM in my Processes
list) and why is it trying periodically to access the internet?
I have denied his access for know.

Thanks,

Henning
Click to expand...

Henning,

The process itself is a system component.
<http://www.liutilities.com/products/wintaskspro/processlibrary/spoolsv/>

It may point to a malware infection however.
<http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ciadoor.b.html>
http://www.dslreports.com/forum/remark,8734856

How current is your virus protection? Try one or more of these free online
virus scans, which should complement your current protection:
<http://www.bitdefender.com/scan/license.php>
<http://www.pandasoftware.com/activescan>
<http://www.ravantivirus.com/scan/>
<http://security.symantec.com/ssc/home.asp>
<http://housecall.trendmicro.com/housecall/start_corp.asp>

Now check for, and learn to defend against, additional problems - adware,
crapware, spyware.

Start by downloading each of the following additional free tools:
AdAware <http://www.lavasoftusa.com/>
HijackThis <http://www.majorgeeks.com/download.php?det=3155>
LSP-Fix <http://www.cexx.org/lspfix.htm>
WinsockXPFix <http://www.spychecker.com/program/winsockxpfix.html>
Spybot S&D <http://www.safer-networking.org/index.php?page=download>
Stinger <http://us.mcafee.com/virusInfo/default.asp?id=stinger>

Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. AdAware and Spybot S&D have install routines - run them.
The other downloaded programs can be copied into, and run from, any convenient
folder.

First, run Stinger. Have it remove any problems found.

Next, run AdAware. First update it, configure for full scan
(<http://forums.spywareinfo.com/index.php?showtopic=11150>), then scan. When
scanning finishes, remove all Critical Objects found.

Next, run Spybot S&D. First update it, then run a scan ("Check for problems").
Trust Spybot, and delete everything ("Fix Problems") that is displayed in Red.

Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<http://forums.spywareinfo.com/index.php?showtopic=227>
<http://forums.spywareinfo.com/index.php?showtopic=11150>

Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts, here):
Aumha: <http://forum.aumha.org/index.php>
Net-Integration: <http://forums.net-integration.net/>
Spyware Info: <http://forums.spywareinfo.com/>
Spyware Warrior: <http://spywarewarrior.com/index.php>
Tom Coyote: <http://forums.tomcoyote.org/>

If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.
 
Hi Chuck

thanks for your elaborate explanation and links. I had hours of 'fun'
reading up on the spoolsv issue. I found that my laptop was already good,
dare I say over-, protected. Several spyware and virusscans revealed nothing,
nada. Neither does it show any signs of a Trojan when checking foor trojan
signatures. The only thing I can conclude after the quest is that we have to
live with spoolsv.exe and keep on blocking it, although it takes up system
resources.
Here's what Sygate tells me when I trace the IP address that spoolsv is
trying to access: 30.30.32.205 port 1041

OrgName: DoD Network Information Center
OrgID: DNIC
Address: 7990 Science Applications Ct
Address: M/S CV 50
City: Vienna
StateProv: VA
PostalCode: 22183-7000
Country: US

NetRange: 30.0.0.0 - 30.255.255.255
CIDR: 30.0.0.0/8
NetName: ARPAX25-TEMP
NetHandle: NET-30-0-0-0-1
Parent:
NetType: Direct Allocation
Comment: Defense Information Systems Agency
Comment: Washington, DC 20305-2000 US
RegDate:
Updated: 2002-10-07

OrgTechHandle: MIL-HSTMST-ARIN
OrgTechName: Network DoD
OrgTechPhone: +1-703-676-1051
OrgTechEmail: (e-mail address removed)

# ARIN WHOIS database, last updated 2004-11-29 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.


Is this big brother watching me???? :)

Anyone?
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Print Spooler Service Dies 0
spoolsv.exe Accessing the Internet 2
spoolsv.exe process on win xp sp2 keeps hanging 2
Required Startup Programs 3
spoolsv.exe 1
Windows Vista: spoolsv.exe hangs on startup 1
ZoneAlarm and spoolsv.exe 2
What is spoolsv.exe? 7

Back
Top