Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows VistaWindows XPWindows MeWindows 98Windows 95Virtual PCInternet ExplorerOutlook ExpressWindows MediaSecurity
Related Topics
MS Server ProductsMS OfficePC HardwareMore Topics ...
Windows Forum / Windows XP / Networking and Web / November 2004

Tip: Looking for answers? Try searching our database.

Spoolsv.exe

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
hlowyck - 30 Nov 2004 14:11 GMT
Hi,

what is spoolsv.exe (taking up 6.040 K and listed as SYSTEM in my Processes
list) and why is it trying periodically to access the internet?
I have denied his access for know.

Thanks,

Henning
Reply to this Message
Chuck - 30 Nov 2004 15:19 GMT
>Hi,
>
[quoted text clipped - 5 lines]
>
>Henning

Henning,

The process itself is a system component.
<http://www.liutilities.com/products/wintaskspro/processlibrary/spoolsv/>

It may point to a malware infection however.
<http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ciadoor.b.html>
http://www.dslreports.com/forum/remark%2C8734856

How current is your virus protection?  Try one or more of these free online
virus scans, which should complement your current protection:
<http://www.bitdefender.com/scan/license.php>
<http://www.pandasoftware.com/activescan>
<http://www.ravantivirus.com/scan/>
<http://security.symantec.com/ssc/home.asp>
<http://housecall.trendmicro.com/housecall/start_corp.asp>

Now check for, and learn to defend against, additional problems - adware,
crapware, spyware.

Start by downloading each of the following additional free tools:
AdAware <http://www.lavasoftusa.com/>
HijackThis <http://www.majorgeeks.com/download.php?det=3155>
LSP-Fix <http://www.cexx.org/lspfix.htm>
WinsockXPFix <http://www.spychecker.com/program/winsockxpfix.html>
Spybot S&D <http://www.safer-networking.org/index.php?page=download>
Stinger <http://us.mcafee.com/virusInfo/default.asp?id=stinger>

Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there.  AdAware and Spybot S&D have install routines - run them.
The other downloaded programs can be copied into, and run from, any convenient
folder.

First, run Stinger.  Have it remove any problems found.

Next, run AdAware.  First update it, configure for full scan
(<http://forums.spywareinfo.com/index.php?showtopic=11150>), then scan.  When
scanning finishes, remove all Critical Objects found.

Next, run Spybot S&D.  First update it, then run a scan ("Check for problems").
Trust Spybot, and delete everything ("Fix Problems") that is displayed in Red.

Then, run HijackThis ("Scan").  Do NOT make any changes immediately.  Save the
HJT Log.
<http://forums.spywareinfo.com/index.php?showtopic=227>
<http://forums.spywareinfo.com/index.php?showtopic=11150>

Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts, here):
Aumha: <http://forum.aumha.org/index.php>
Net-Integration: <http://forums.net-integration.net/>
Spyware Info: <http://forums.spywareinfo.com/>
Spyware Warrior: <http://spywarewarrior.com/index.php>
Tom Coyote: <http://forums.tomcoyote.org/>

If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.

Signature

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

Reply to this Message
hlowyck - 30 Nov 2004 21:39 GMT
Hi Chuck

thanks for your elaborate explanation and links. I had hours of 'fun'
reading up on the spoolsv issue. I found that my laptop was already good,
dare I say over-, protected. Several spyware and virusscans revealed nothing,
nada. Neither does it show any signs of a Trojan when checking foor trojan
signatures. The only thing I can conclude after the quest is that we have to
live with spoolsv.exe and keep on blocking it, although it takes up system
resources.
Here's what Sygate tells me when I trace the IP address that spoolsv is
trying to access: 30.30.32.205 port 1041

OrgName:    DoD Network Information Center
OrgID:      DNIC
Address:    7990 Science Applications Ct
Address:    M/S CV 50
City:       Vienna
StateProv:  VA
PostalCode: 22183-7000
Country:    US

NetRange:   30.0.0.0 - 30.255.255.255
CIDR:       30.0.0.0/8
NetName:    ARPAX25-TEMP
NetHandle:  NET-30-0-0-0-1
Parent:    
NetType:    Direct Allocation
Comment:    Defense Information Systems Agency
Comment:    Washington, DC 20305-2000 US
RegDate:    
Updated:    2002-10-07

OrgTechHandle: MIL-HSTMST-ARIN
OrgTechName:   Network DoD
OrgTechPhone:  +1-703-676-1051
OrgTechEmail:  HOSTMASTER@nic.mil

# ARIN WHOIS database, last updated 2004-11-29 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

Is this big brother watching me???? :)

Anyone?

> >Hi,
> >
[quoted text clipped - 64 lines]
> spyware builds itself into the network software, and its removal may damage your
> network), run LSP-Fix and / or WinsockXPFIx.
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.