Spoolsv

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
X	firewall	spoolsv.exe	"Added by the DIZAN.F VIRUS!"
X	load=	Spoolsv.exe	"Added by the CIADOOR.B TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir%"
X	Microsoft MSUPDATE	SpoolSvc.exe	"Added by the SXTB-A TROJAN!"
X	Microsoft Spool Svc	spoolsvc32.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Microsoft Spooler Services	Spoolsv.exe	"Added by a variant of the SPYBOT WORM! See here"
X	PolicyRun	spoolsv32.exe	"Added by the BACKDOOR-DNV TROJAN!"
X	Print Spooler	Spoolsv.exe	"Added by the CIADOOR.B TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir%"
X	Print Spooler	spoolsvc32.exe	"Added by the SDBOT.BB TROJAN!"
X	Print Spooler	spoolsv32.exe	"Added by the RBOT.SW WORM!"
X	PrintSpoolSv	System.exe	"Added by the BDOOR-S BACKDOOR!"
X	Run Services as Application	spoolsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Service Host Process	spoolsvc.exe	"Added by the GAOBOT.GEN!POLY WORM!"
X	Services Administrator	spoolsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	SPOOL Configuration	spoolsvc.exe	"Added by the SDBOT-KD WORM!"
X	Spooler SubSystem App	spoolsvc.exe	"Added by the POEBOT-J WORM!"
X	Spooler SubSystem Application	spoolsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Spooler Subsytem App	spoolsvc.exe	"Added by the SDBOT-MM WORM!"
X	Spoolsv	Spoolsv.exe	"Added by the CIADOOR.121 VIRUS! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir%"
X	spoolsv	scvhosts.exe	"Added by the SMALL-AW TROJAN!"
X	spoolsv	svchost.exe	"Added by the DLOADER-FI TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\HELP"
X	spoolsv	spoclsv.exe	"Added by the FUJACKS-M WORM!"
X	spoolsv	spoolsv.exe	"Added by the ZAPCHAS-EE TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir%\Temp\spoolsv"
X	spoolsv	spoolvs.exe	"Added by the AGENT-HNV TROJAN!"
X	spoolsv	spoolsv.exe	"Added by the ANTINNY-BH WORM! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %ProgramFiles%\Messenger"
X	spoolsv	spoolsv.exe	"Added by the OURXIN.C TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in a ""spoolsv"" subfolder"
X	Spoolsv	spoolsv.exe	"Added by the ANTINNY.F WORM! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Program Files%\Lotus"
X	spoolsv manager	SpoolMgr.exe	"Added by the ASSIRAL WORM!"
X	spoolsv service	spoolsv32.exe	"Added by the RBOT-AHP WORM!"
X	spoolsv.exe	[random filename]	"Added by the RBOT-JB WORM!"
X	SPOOLSV32	SPOOLSV32.EXE	"Added by the CWS-I or HAZIF-B TROJANS!"
X	SPOOLSV32.exe	SPOOLSV32.exe	"Added by the STARTPAGE.O TROJAN!"
X	spoolsvc	spoolsvc.exe	"Added by the DROPPER-AT TROJAN!"
X	spoolsvr	SPOOLSVR.EXE	"Added by the RAYROB.A TROJAN!"
X	spoolsvr32	csmss.exe	"Added by the AGENT-AU TROJAN!"
X	spoolsvr32	csmss32.exe	"Added by a variant of the AGENT-AU TROJAN!"
X	spoolsvs	wintre.exe	"Added by the SDBOT.EGQ WORM!"
X	spoolsvs	wincfy.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	spoolsvs.exe	spoolsvs.exe	"Added by the DLOADER-RK TROJAN!"
X	SPOOLSVU	SPOOLSVU.EXE	"Added by the STARTPAGE.K hijacker"
X	spoolsvv	spoolsvv.exe	"Searchcentrix hijacker"
X	SunJavaUpdatSched	spoolsv.exe	"Added by the BANCBAN-NP TROJAN! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %ProgramFiles%\MSN Messenger"
X	SVCHOST	SPOOLSV.EXE	"Added by the BAITAP-A WORM! Note - this is not the legitimate spoolsv.exe which is always located in %System%. This one is located in %Windir%"
X	Systems	spoolsvc.exe	"Added by the DLOADR-SW TROJAN!"
X	Tcp Application Manager	spoolsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Vital Load Process	Spoolsvr.exe	"Added by the RBOT.AIF WORM!"
X	Win32 System Spool	spoolsvc.exe	"Added by the SDBOT.UK WORM!"
X	Windows .Net Manager	spoolsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Local Services	spoolsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Service Manager	spoolsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Services	spoolsvc.exe	"Added by the SDBOT.CPZ WORM!"
X	Windows Spooler	spoolsv32.exe	Added by an unidentified WORM or TROJAN!
X	WINDOWS SYSTEM MANAGER	spoolsvc.exe	"Added by the MYTOB-LY WORM!"
X	Windows SYStry	spoolsvr.exe	"Added by the SDBOT.GN BACKDOOR!"
X	Windows Web Services	spoolsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Winspool	spoolsvr.exe	"Added by a variant of the SDBOT WORM!"
X	[random name]	spoolsv.exe	"PurityScan adware. Note - this is not the legitimate spoolsv.exe which is always located in %System%"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.