spoolsv.exe

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi,

I know that some trojans present themselves as "spoolsv.exe." My firewall
very frequently asks if I want "spoolsv.exe" to access the internet. If this
is used to spool things out to the printer, is it supposed to access the
internet?

I have four instances of this file; I'd like to know what I should have
under SP2. Here are my files which I discovered:

C:\\windows\$ntservicePacUninstall$
C:\\windows\prefetch\spoolsv.exe-282f76a
C:\\windows\system32
C:windows\ServicePackFiles\i386

Is this normal? My AV does not find these files problematic...

Thanks
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi John,
These are all normal locations for the spoolsv.exe to reside. It is alos
somewhat normal for the spoolsv.exe process to make requests of the
netwrok, especially when network printers are used. The best course of
action is to check the digital signature of the files and use the
PortReporter (available on the MS download site) to monitor your traffic
patterns from this computer to get a better idea of if the behavior is
truely normal.

--
Curtis Koenig
Security Support Engineer
Product Support Services, Security Team
MCSE, MCSES, CISSP

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!

--------------------
>From: "=?Utf-8?B?Sm9obiBCYXJsZXk=?=" <John
Barley@discussions.microsoft.com>
>Subject: spoolsv.exe
>Date: Sun, 20 Feb 2005 19:21:03 -0800
>
>Hi,
>
>I know that some trojans present themselves as "spoolsv.exe." My firewall
>very frequently asks if I want "spoolsv.exe" to access the internet. If
this
>is used to spool things out to the printer, is it supposed to access the
>internet?
>
>I have four instances of this file; I'd like to know what I should have
>under SP2. Here are my files which I discovered:
>
>C:\\windows\$ntservicePacUninstall$
>C:\\windows\prefetch\spoolsv.exe-282f76a
>C:\\windows\system32
>C:windows\ServicePackFiles\i386
>
>Is this normal? My AV does not find these files problematic...
>
>Thanks
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom