Tech Support banner

Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter #1
Hey,

I apologize if this has been dealt with somewhere already, but I tried doing a search for "spoolsv.exe" and nothing really related came up, so I figured I'd ask in my own thread.

Last night, a friend of mine (I live on residence at school, most of us have each other on MSN) sent me a message saying "Heh, is this really you?" with a link with my e-mail in it...I thought it was a bit odd, but clicked it anyway...got the prompt to download a program, which is one helluva telltale sign in and of itself, did so, and a virus (unsure of what) got in to my system, along with several others. It first managed to render unusable my antivirus software (Trend Micro PC-Cillin) so I couldn't scan and/or disable it, so the first thing I did was get the CD from soemone else and re-installed...oddly, that worked on my computer but not anyone else's.

Anyway, at that point while it was scanning, I went into ctrl-alt-delete to look at the processes I didn't recognize...I didn't recognize some, and googled up each..I arrived at 'spoolsv.exe' which, while a windows process for printing apparently, is prone to worms...I deleted the process, and the site I went to that explained to me what it was (http://www.liutilities.com/products/wintaskspro/processlibrary/spoolsv/) told me to remove the file itself..so I did so, thinking I'd be able to re-install my printer drivers (odd notion, I know) and be on my way printing again. I also deleted the file itself that was downloaded.

So the .exe has been deleted from my system, and it's kind of dawned at me that deleting something from the WINDOWS folder is not something that can be fixed by re-downloading drivers, as I'm assuming from whatever limited computer knowledge I have that it isn't a driver...made a rather large mistake, methinks, and I'm hoping it can be fixed without me having to re-install Windows, which would be a giant pain in the ***...

Sorry for the rather...elementary mistake and question, and any help is much appreciated.
 

·
Registered
Joined
·
3 Posts
Discussion Starter #2
Well, my friend's uncle came by, who is a tech-support guy, and apparently he had to take her comp away as well as several others on campus as this is spreading like wildfire...so I figure I'll may as well buy an assload of blank CD's, save everything I got and re-install Windows, since by the sounds of it that simple act won't get rid of it.

Thanks anyways (unless there is a solution)
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
spoolsv.exe is a legit windows file. While many virus's/adware/spyware install a simular file....it won't be in the legit location windows uses. If you deleted the LEGIT windows file...we can still replace that file. What OS do you have?

If XP..the LEGIT spoolsv.exe resides in C:\WINDOWS\system32

If you deleted it from C:\Windows...thats fine as it's a bad guy anyway and you should have no spoolsv.exe file in the Windows directory.
 

·
Registered
Joined
·
3 Posts
Discussion Starter #4
Yeah, I have XP...I did delete it from the system32 folder, but I took alook at task manager and spoolsv.exe is apparently running, though I deleted it..I just tried printing, and it worked, though I haven't done anything since then...granted, I installed the drivers, but that didn't fix it the first time..

I am confused...scan still doesn't show any virus coming up, but contrasting my results with my friend's uncle taking her comp away because this virus is the worst he's seen in awhile...I doubt it'd be as easy to get rid of as I did, but..I dunno.. :4-dontkno
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top