Spoolsv.exe trying to access the internet

Recently have been getting request from spoolsv.exe to access via ZA.

I understand this might have something to do with printer software but coincedentally the computer has crashed a time or two which it hasn't done before.

BTW running xp sp2.

Searched for files and found a few starting with that file name but they had been on the system for awhile. One however, SPOOLSV.EXE-282F76A7.pf shows it was created a few days ago and I can't find where it links to any file.

Anyone seen this before. I am trying to figure out if I should just delete or what. I have run a system scan with norton, and three spyware programs and appears clean.

Reply to
Loading thread data ...

"Jim" wrote in news: snipped-for-privacy@individual.net:

Well, let it connect and see what happens if anything. Then you'll know for sure.

You can use the tools in the link like Process Explorer and Active Ports and see if you come up with anything.

formatting link
Duane :)

Reply to
Duane Arnold

The usual complaint with the REAL spoolsv.exe after a crash is that it starts running away with the cpu utilization. It's part of yuor print spooler system.

You should find the real exe in c:\\winnt\\system32. If you find it in c:\\winnt or c:\\windows then you are probably looking at one of the many backdoor.ciadoor trojans, for which Symantec has a nice writeup at:

formatting link



You wrote:

Reply to

Also, to add to these comments, if this is trying to make a socket connection or is listening for socket connections, you'll see it and it's path using Active Ports.

Reply to
Munpe Q

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.