1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Spoolsv.exe (Spooler Subsystem Application) question please

Discussion in 'Virus & Other Malware Removal' started by Cookiegal, Oct 4, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator Thread Starter

    Joined:
    Aug 27, 2003
    Messages:
    111,477
    Hello again,

    This morning for the first time my firewall asked me if I wanted to allow the "Spooler Subsystem Application" to access the Internet. It also said that the program had changed and if I had made any changes then I should allow it access to update but otherwise, it could be the result of a trojan.

    Since this has never happened before, I denied access. I am not aware of making any changes and from what I understand with research I've done, this is related to the process "spoolsv.exe" which controls the printer.

    I'm running Windows 2000 Professional. Also, this is a standalone computer at home, not connected to any networks.

    I would appreciate it anyone can tell me what this is and if I should allow my firewall to let it through.

    I have run both Ad-aware and Spybot and come up clean. Last evening Norton found 3 files infected with W32.HLLW.Moega and deleted them. I have no idea if this is related but wanted to mention it just in case. They were are in C:\RECYCLERS.

    I can post a Hi-Jack this log is if might help. I'm going to run a Micro Trend virus scan and another Norton one and see if anything comes up. Then I will post a Hijack This log which could be important.

    Thanks for any help on this.

    Cookie
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Somebody else asked this very same question about spoolsv.exe in Win 2k yesterday.

    Have you installed any recent updates or other programs that might account for it? It is a standard spooler service used in both 2k and XP

    I'd do a file search for spoolsv.exe and right click and select Properties. Is there more than one file found, are they the same?

    Is there a very recent modified or created date? If not I would just mark it up to a quirk in ZA and let it go.
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator Thread Starter

    Joined:
    Aug 27, 2003
    Messages:
    111,477
    Thanks for replying Rollin' Rog,

    I'm trying to find that post you mentioned on the other forum and haven't been able to yet. I'll keep looking though because though I went back 5 pages, I haven't read each and every post.

    There are three programs called spoolsv.exe, one is in System 32 and has been there a long time. The other two are both related to service pack files, the one to uninstall was created on September 14th, which is when I downloaded several Microsoft critical updates and Service Pack 4, so it looks legit. The other was created a long time ago.

    Do you think I should let this have access and see what happens?

    Thanks again for all your help. I really appreciate it.

    Cookie
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    The other one I mentioned seeing here was the tail end of webzster's thread....

    http://forums.techguy.org/editpost.php?s=&action=editpost&postid=1156807

    I also noticed a couple in Google > Groups.

    The active file will be in the system32 directory.

    Just make sure it has a Microsoft copyright. There should not be any others in the Windows "path" c:\windows\...... "

    I really wouldn't fear letting it connect as long as it is coming from a "protected" directory -- system32. Viruses usually do not overwrite these files as Windows file protection would spot it. They tend to try to load from other directories or use slightly different names to avoid detection.
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator Thread Starter

    Joined:
    Aug 27, 2003
    Messages:
    111,477
    O.K. Rog, I've let it through as it looks legit. I read the end of that other thread, thanks for finding it for me.

    Once again you've come to my rescue. I really appreciate your taking the time to help me with this.

    I just sent a donation by snail mail to Tech Support Guy to show my appreciation for all the assistance I've received at this wonderful site. You people generously give so much of your time to help us with all kinds of computer problems and I'm grateful for that.

    Thanks again,

    Cookie
     
  6. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    You're most welcome Cookiegal, and I know Mike and all of us appreciate your contribution to the support of the site.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/169467

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice