Hi,

Zonealarm has just given me a changed program alert for spoolsv.exe.

According to zonelabs alertadvisor:



The dates on spoolsv.exe don't show a program change for any reason:

Created 28 March 2004
Modified 22 July 2002

Does anyone have any ideas what this could mean?

Thanks.

Sppolsv has to do with your printer drivers. BUT there are viruses out there that use it!!! So if you haven't updated your printer drivers I'd be wary



Spoolsv processes

Viruses that use Spool

If you are running XP and have done a Windows update, you may encounter a problem. Microsoft is aware of it. On the other hand, why is your Spooler Subsystem trying to access the Net? Might be a virus.

Thanks for replying and the hints and links.

I'm running win2k. This machine was built and given to me in March this year. The hard drive was new.

I'm really confused about the dates on spoolsv.exe, it was created March 2004, and modified July 2002 - doesn't this imply that it hasn't been changed since installation? I didn't have internet access until May 2004 - so I'm assuming that anything on the HDD from before then would be from the windows installation.

I've run AVG and the cleaner today and they haven't found anything. There's no other suspicious processes running.

A few days ago I ran AVG, the cleaner, trojanhunter and TDS-3 and removed anything that they found. Plus an extra exe file that none of these marked as unsafe. But it had a creation date within the same 5 minute window as all those that were marked as viruses.

I haven't installed a printer, and can't think why it would want to access the internet.

Thanks again.

Spoolsv will try to connect to NET if you are using Network Printer.If u deny your network printer is not working.
Let them access to NET if you are using Network Printer.
I have same configurate with you. WIN2k,ZL, and 1 network printer.
If you don't have NW Printer you infected a virus. I don't remember it's name but it access other PP through NETBIOS