Information and startup locations can be examined on this page: verify all your files to make sure that they are legitimate, digitally signed and from the company Microsoft Corporation to which they should belong.
spoolsv.exe security and file info
Spooler SubSystem App
- Microsoft® Windows® Operating System
- Microsoft Corporation
 |
|
 |
| Filetype : executable |
An executable file is a program that can be executed in your windows environment.
|
|
What is spoolsv.exe?
Spoolsv.exe is the Windows Print Spooler service. Its function is to manage spooled print jobs and handle the print queue.
This process is not essential to the operation of the system; however, if you use a printer, the Print Spooler service must be enabled and spoolsv.exe must be running. If you do not have a printer, it is safe to kill this process and disable the Print Spooler service.The screenshot below illustrates how it should appear in the task manager:
Notice that spoolsv.exe always runs as SYSTEM. A process with this name running as a different user may be indicative of a malware infection.
Dangers of spoolsv
As this is a ubiquitous system process that runs on most Windows machines, it is common for virus writers and spyware vendors to disguise their malware as the genuine one.
Some malicious files will have the same name but will be stored somewhere other than in %SystemRoot%\System32. Other malware will use a name that appears similar to it but with slight differences in spelling or with appended digits. The following malware is known to disguise itself as the Print Spooler:
- Backdoor.Ciadoor.B (%SystemRoot%)
- This is a backdoor trojan horse that gives an attacker control of the system. It opens port 1987 to accept commands.
- Troj/Bancban-NP (%ProgramFiles%\MSN Messenger)
- Troj/Gunboun-A (%SystemRoot%)
- W32.Rbot-AHP (%SystemRoot%)
- This is a backdoor trojan that runs an IRC server to accept commands.
There will typically be only one copy of this process running at a given time on a system. If multiple copies are running, one or more of the instances may be malware.
Common problems
- "Spoolsv.exe has encountered a problem and needs to close"
- This is often caused by faulty printer drivers or third-party software. Ensure your printer drivers are up to date. If they are, try reinstalling them.
- Spoolsv.exe wants access to port 1987
- Your system is probably infected with Backdoor.Ciadoor.B. See Backdoor.Ciadoor.B above.
- High CPU usage
- This is often caused by print jobs being left in the spool. To remove them, disable the print spooler and then delete the contents of %SystemRoot%\System32\spool\PRINTERS\. Once the contents are deleted, restart the Print Spooler.
- If the problem persists, ensure your printer drivers are up to date. If they already are, try reinstalling them.
|
|
|
|
|
|
| MD5 File security rating |
A MD5 hash is a unique fingerprint of a file.
Different files/versions can have the same filenames. The MD5 hash verifies that the legitimate file is not altered.
Runscanner (Freeware) can help you checking the file's MD5 hashes
| Spoolsv.exe files in Runscanner database |
 |
|
152 different item(s) in database |
|
|
1 different item(s) in database |
 |
|
4 different item(s) in database |
|
|
187 different item(s) in database |
|
|
Green items are verified safe to use |
|
Unrated items are not yet checked for safety. |
 |
Red items are not safe (typically virusses, spyware or other malware) |
|
This file is digitally signed by it's publisher.
This means that the file is from the company claiming to created it, this does not mean by default that the file is safe
|
|
|
|
| General file info |
| Product name: |
Microsoft® Windows® Operating System
|
| Description: |
Spooler SubSystem App
|
| Company: |
Microsoft Corporation
|
| Fix SPOOLSV.EXE errors: Free registry scan |
|
|
|
| Pacman startup database |
|
Added by the BAITAP-A WORM! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file |
|
Added by the CIADOOR.121 VIRUS! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file |
|
Added by the CIADOOR.B TROJAN! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file |
| info provided by sysinfo.org |
|
|
|
Automatic startup locations
 |
| |
 |
001 Running Processes |
| |
 |
002 Autorun registry entries local machine |
| |
|
003 Autorun registry entries Current User |
| |
 |
010 Installed services |
| |
 |
035 Active Setup Installed Components |
| |
|
065 Image File Execution Options (debugger) |
| |
|
073 %windir%\Tasks |
 User comments for this file
More system processes
|
|
| Filename / Process |
|
| Guid / CLSID |
|
| MD5 hash |
|
|
|
344 MD5 version(s) found
only top 10 displayed
|
|
|
| Check your autostart files
|
|
|
|
