RE: spoolsv.exe

From: Curtis Koenig [MSFT] (curtisko_at_online.microsoft.com)
Date: 02/21/05

• Next message: Curtis Koenig [MSFT]: "RE: help to reenable program that I accidentally blocked"
• Previous message: Cudedog: "Problems after configuring custom Security Templates"
• In reply to: John Barley: "spoolsv.exe"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 21 Feb 2005 22:03:41 GMT

Hi John,
These are all normal locations for the spoolsv.exe to reside. It is alos
somewhat normal for the spoolsv.exe process to make requests of the
netwrok, especially when network printers are used. The best course of
action is to check the digital signature of the files and use the
PortReporter (available on the MS download site) to monitor your traffic
patterns from this computer to get a better idea of if the behavior is
truely normal.

--
Curtis Koenig
Security Support Engineer
Product Support Services, Security Team
MCSE, MCSES, CISSP
This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit.  Thanks!
--------------------
>From: "=?Utf-8?B?Sm9obiBCYXJsZXk=?=" <John 
Barley@discussions.microsoft.com>
>Subject: spoolsv.exe
>Date: Sun, 20 Feb 2005 19:21:03 -0800
>
>Hi,
>
>I know that some trojans present themselves as "spoolsv.exe."  My firewall 
>very frequently asks if I want "spoolsv.exe" to access the internet.  If 
this 
>is used to spool things out to the printer, is it supposed to access the 
>internet?
>
>I have four instances of this file; I'd like to know what I should have 
>under SP2.  Here are my files which I discovered:
>
>C:\\windows\$ntservicePacUninstall$
>C:\\windows\prefetch\spoolsv.exe-282f76a
>C:\\windows\system32
>C:windows\ServicePackFiles\i386
>
>Is this normal?  My AV does not find these files problematic...
>
>Thanks
>

---

• Next message: Curtis Koenig [MSFT]: "RE: help to reenable program that I accidentally blocked"
• Previous message: Cudedog: "Problems after configuring custom Security Templates"
• In reply to: John Barley: "spoolsv.exe"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Office 2003 not responding after SP2 update ... Requests for assistance by email can not and will not be acknowledged. ... going in a loop but excluded BHO files and all worked fine. ... Once I connect to internet they "hang" ... (microsoft.public.officeupdate) Re: Office 2003 not responding. ... Requests for assistance by email can not and will not be acknowledged. ... Once I connect to internet they "hang" ... Both of these cleared after running chkdsk. ... (microsoft.public.office.misc) Re: Why is the server accessing the LAN nic to POP mail, given this summary? ... broadband, then why is the IP address on your external NIC a class A? ... from where are your POP3 requests coming? ... requests intended for the Internet are forwarded to the DNS ... the modem gets that info from the service connection but holds it internally, ... (microsoft.public.windows.server.sbs) Re: Activation Wizard ... Requests for assistance by email can not and will not be acknowledged. ... I have the trial of Office 2007 installed on my new laptop. ... Internet" then I hit "next". ... After 1-2 minutes a message pops up saying "A communication error has ... (microsoft.public.office.setup) Re: Is there a MSN member services phish circulating? ... As part of the Roadrunner Broadband service, We got a year of EZ firewall and ... When using internet explorer I ... now get requests from 3 seperate programs for interenet access, ... (microsoft.public.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)