spoolos.exe - Dangerous
spoolos.exe
Manual removal instructions:
Antivirus Report of spoolos.exe:
spoolos.exe
Added as a result of the Torvel worm!
W32.HLLW.Torvel@mm is a worm that spreads itself through Microsoft Outlook, Outlook Express, and through file-sharing networks.
It adds the value:
"Service Host" = "%windir%\spoolos.exe"
to the registry key:
KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Copies itself to the default sharing folder of the KaZaA file-sharing program. The file names of the copies contain the strings, such as:
ACDSee32 v2.41, Adobe Encore DVD 1.0, BearShare Pro v4.0.1 etc.
Emails itself to addresses in the Microsoft Outlook address book.
The email messages have the following characteristics:
Subject: The subject is composed of combinations of the following text strings: Hi, Hello, FW: RE: Undeliverable mail--, and other.
Message Body: Hello, You should apply this fix which solves the newest Internet Explorer Vulnerability described in MS05-023. It's important that you apply the fix now since
we estimate the Buffer Overflow is at a Critical Level. Sincerely Yours The Security Team
Attachment: The attachment can have any of these file names:
document.pif
thank_you.pif
her_details.pif
funny_guy.pif
wicked_screensaver.scr
movie0045.pif
torvil.pif
Q723523_W9X_WXP_x86_EN.exe
Automatic removal:
Use RegRun Startup Optimizer to remove it from startup.
| spoolos.exe | Malware |
| spoolos.exe | Dangerous |
| spoolos.exe | High Risk |
W32.HLLW.Torvel@mm is a worm that spreads itself through Microsoft Outlook, Outlook Express, and through file-sharing networks.
It adds the value:
"Service Host" = "%windir%\spoolos.exe"
to the registry key:
KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Copies itself to the default sharing folder of the KaZaA file-sharing program. The file names of the copies contain the strings, such as:
ACDSee32 v2.41, Adobe Encore DVD 1.0, BearShare Pro v4.0.1 etc.
Emails itself to addresses in the Microsoft Outlook address book.
The email messages have the following characteristics:
Subject: The subject is composed of combinations of the following text strings: Hi, Hello, FW: RE: Undeliverable mail--
Message Body: Hello, You should apply this fix which solves the newest Internet Explorer Vulnerability described in MS05-023. It's important that you apply the fix now since
we estimate the Buffer Overflow is at a Critical Level. Sincerely Yours The Security Team
Attachment: The attachment can have any of these file names:
document.pif
thank_you.pif
her_details.pif
funny_guy.pif
wicked_screensaver.scr
movie0045.pif
torvil.pif
Q723523_W9X_WXP_x86_EN.exe
Automatic removal:
Use RegRun Startup Optimizer to remove it from startup.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.