spoolserv.exe - Dangerous

spoolserv.exe

Manual removal instructions:

Antivirus Report of spoolserv.exe:
spoolserv.exe Malware
spoolserv.exeDangerous
spoolserv.exeHigh Risk
spoolserv.exe
W32.Dinfor.Worm is a worm that spreads across network shares.
It exploits weak passwords and uses the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-039) to create user accounts on remote computers.
Joins an IRC channel and waits for commands from a remote attacker.
The attacker can:
Retrieve information about the infected host, such as the operating system version and the computer's hardware
Upload and download files
Execute files
Use the computer to perform Denial of Service (DoS) attacks on other computers

Copies itself as the following files:
%System%\Spoolserv.exe
%System%\Cmst32.exe
%System%\Smshost.exe
%System%\Svhost32.exe.

Attempts to delete the following files:
X:\Program Files\Norton AntiVirus\navapsvc.exe
X:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

Use RegRun Startup Optimizer to remove this worm.
And manually changes some values in the system registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
set the DWORD value:
"restrictanonymous" = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
Set the value:
"EnableDCOM" = "Y"

Remove spoolserv.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.