spoolsv.exe - Dangerous
%windir%\spoolsv.exe
Manual removal instructions:
Antivirus Report of %windir%\spoolsv.exe:
%windir%\spoolsv.exe
Spoolsv.exe is a worm W32.Linkbot.M.
Spoolsv.exe opens a back door through IRC.
Spoolsv.exe spreads by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (Microsoft Security Bulletin MS04-011).
Spoolsv.exe tries to terminate antiviral programs installed on a user computer.
Related files:
%System%\lssas.exe
%System%\Isass.exe
%System%\csrs.exe
%System%\logon.exe
%System%\winlogon.exe
%System%\explorer.exe
%System%\winamp.exe
%System%\firewall.exe
%System%\spoolsvc.exe
%System%\spoolsv.exe
%System%\algs.exe
%System%\iexplore.exe
Adds the value:
"Local Security Authority Service" = "%System%\lssas.exe"
"Local Security Authority Service" = "%System%\Isass.exe"
"Client Server Runtime Process" = "%System%\csrs.exe"
"Windows Logon Application" = "%System%\logon.exe"
"Windows Logon Application" = "%System%\winIogon.exe"
"Windows Explorer" = "%System%\explorer.exe"
"Winamp Agent" = "%System%\winamp.exe"
"Windows Network Firewall" = "%System%\firewall.exe"
"Spooler SubSystem App" = "%System%\spoolsvc.exe"
"Spooler SubSystem App" = "%System%\spooIsv.exe"
"Application Layer Gateway Service" = "%System%\algs.exe"
"Microsoft Internet Explorer" = "%System%\iexplore.exe"
to the Windows startup registry keys.
Removal:
Kill spoolsv.exe process and remove spoolsv.exe from Windows startup.
%windir%\spoolsv.exe | Malware |
%windir%\spoolsv.exe | Dangerous |
%windir%\spoolsv.exe | High Risk |
Spoolsv.exe opens a back door through IRC.
Spoolsv.exe spreads by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (Microsoft Security Bulletin MS04-011).
Spoolsv.exe tries to terminate antiviral programs installed on a user computer.
Related files:
%System%\lssas.exe
%System%\Isass.exe
%System%\csrs.exe
%System%\logon.exe
%System%\winlogon.exe
%System%\explorer.exe
%System%\winamp.exe
%System%\firewall.exe
%System%\spoolsvc.exe
%System%\spoolsv.exe
%System%\algs.exe
%System%\iexplore.exe
Adds the value:
"Local Security Authority Service" = "%System%\lssas.exe"
"Local Security Authority Service" = "%System%\Isass.exe"
"Client Server Runtime Process" = "%System%\csrs.exe"
"Windows Logon Application" = "%System%\logon.exe"
"Windows Logon Application" = "%System%\winIogon.exe"
"Windows Explorer" = "%System%\explorer.exe"
"Winamp Agent" = "%System%\winamp.exe"
"Windows Network Firewall" = "%System%\firewall.exe"
"Spooler SubSystem App" = "%System%\spoolsvc.exe"
"Spooler SubSystem App" = "%System%\spooIsv.exe"
"Application Layer Gateway Service" = "%System%\algs.exe"
"Microsoft Internet Explorer" = "%System%\iexplore.exe"
to the Windows startup registry keys.
Removal:
Kill spoolsv.exe process and remove spoolsv.exe from Windows startup.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.