TechSpot

Spoolsv.exe crashing internet connection

By Flash19
Nov 6, 2008
  1. Recently I've been getting prompted from the AVG firewall that spoolsv.exe is trying to access an outbound TCP connection. The problem is that if I deny it access then my computer fails to access the web and Firefox and IE will crash, displaying a blank page and any other application that uses the net crashes too. I've scanned the file with my anti-virus and a few online tools and they all tell me that it's clean but I'm not so sure as it continually re-runs itself and takes up a fair amount of memory (~90MB). Does anybody have any ideas why it might be doing this? I'm reluctant to allow it internet access at the moment as I'm pretty sure it's doing something it shouldn't.
     
  2. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,491   +183

    You're wise to be cautious

    Take a look through this thread. They also ran XP SP2 so you can follow same instructions to at least determine if you have a "virgin" spoolersv.exe which exists in the correct directory.
     
  3. Flash19

    Flash19 TS Rookie Topic Starter Posts: 29

    Hi, thanks for replying. Malwarebytes cleaned up a few things and I've not had the problem since - touch wood. However on a related note, it also deleted something called 'resycled\boot.com' (which is obviously an undesirable given the misspelling) and now I can't open my C drive properly anymore. When double clicking it, an error spews up saying 'Windows cannot find resycled\boot.com' and it fails to open. I can still explore, but not open. Is there a resolution to this? I tried a command prompt resolution regarding a corrupt C:\autorun.inf file but it tells me no such file exists.

    (I know this is a different problem, but I didn't think it was worth starting a new thread)
     
  4. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,491   +183

    Common side effect from
    - malware that changes your Userinit (executed each time you Windows logon)
    - antivirus that does only partial cleanup

    see here
     
  5. JudaZ

    JudaZ TS Enthusiast Posts: 284

    Can you boot into safe mode? Then you could try this wonderful program called autoruns from Systernals (now unfortunally owned by microsoft, but their programs still rock) Will let you see what starts with windows, you should be able to find where the missing file is beeing loaded and remove that entry. Check all the entries, if its not Microsoft Corporation or a comany you know, be suspicios
     
  6. Flash19

    Flash19 TS Rookie Topic Starter Posts: 29

    In relation to the resolution there, the path

    "Userinit"="C:\WINDOWS\system32\userinit.exe,"

    was already correct in my registry.
     
  7. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,491   +183

    autoruns is a great program, agree :grinthumb

    but you needn't boot into safe mode to use it
    and for a handy method to prune out what you might be suspicious about try this sometime
    • When Autoruns starts, hit ESC key (your upper left on keyboard) to stop scanning
    • Click Options Check Verify Code Signatures. Other options should be unchecked
    • Click File->Refresh to start scanning
    • Wait for status in lower left says Done
    • Now all digitally signed Microsoft entries aren't displayed (as you can NOW be confident who they are from) as seeing signatures of some others

    /**** EDIT ***********/
    Copied/pasted incorrectly from other post. Meant to also indicate to also select Options->Hide Signed MS Entries
     
  8. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,491   +183

    Then let's go down the Autoruns path!

    See if finds if a different logon start file has been changed. You can download here. Then just follow instructions i happened to just give in prior post. When done be sure to look at Winlogon and Logon tabs in particular. Or just click File->Save to save in a text file, attach it to next TS post (use paper clip icon) and i can take a look at it
     
  9. JudaZ

    JudaZ TS Enthusiast Posts: 284

    Great, the part about "Verify Code Signatures" I have completly missed in that program :)
    Even if i have used hundreds of times at least...thanx for the tip
     
  10. Flash19

    Flash19 TS Rookie Topic Starter Posts: 29

    OK, I've attached the text file.

    Update: Well after restarting my system the problem seems to have gone and I've run numerous scans and checks and everything seems fine now. Hopefully it'll stay that way!

    Thanks for helping :)
     

    Attached Files:

  11. mflynn

    mflynn TS Rookie Posts: 2,655

    Go into Services.

    Find Spooler service rt click for properties then click dependencies.

    Now confirm these dependencies are starting.

    What printers do you have or have had and uninstalled perhaps a Brother or LexMark ?

    Mike
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...