Recently I've been getting prompted from the AVG firewall that spoolsv.exe is trying to access an outbound TCP connection. The problem is that if I deny it access then my computer fails to access the web and Firefox and IE will crash, displaying a blank page and any other application that uses the net crashes too. I've scanned the file with my anti-virus and a few online tools and they all tell me that it's clean but I'm not so sure as it continually re-runs itself and takes up a fair amount of memory (~90MB). Does anybody have any ideas why it might be doing this? I'm reluctant to allow it internet access at the moment as I'm pretty sure it's doing something it shouldn't.
Spoolsv.exe crashing internet connection
- Thread starter Flash19
- Start date
- Status
LookinAround
Posts: 6,429 +186
You're wise to be cautious
Take a look through this thread. They also ran XP SP2 so you can follow same instructions to at least determine if you have a "virgin" spoolersv.exe which exists in the correct directory.
Take a look through this thread. They also ran XP SP2 so you can follow same instructions to at least determine if you have a "virgin" spoolersv.exe which exists in the correct directory.
Hi, thanks for replying. Malwarebytes cleaned up a few things and I've not had the problem since - touch wood. However on a related note, it also deleted something called 'resycled\boot.com' (which is obviously an undesirable given the misspelling) and now I can't open my C drive properly anymore. When double clicking it, an error spews up saying 'Windows cannot find resycled\boot.com' and it fails to open. I can still explore, but not open. Is there a resolution to this? I tried a command prompt resolution regarding a corrupt C:\autorun.inf file but it tells me no such file exists.
(I know this is a different problem, but I didn't think it was worth starting a new thread)
(I know this is a different problem, but I didn't think it was worth starting a new thread)
LookinAround
Posts: 6,429 +186
Can you boot into safe mode? Then you could try this wonderful program called autoruns from Systernals (now unfortunally owned by microsoft, but their programs still rock) Will let you see what starts with windows, you should be able to find where the missing file is beeing loaded and remove that entry. Check all the entries, if its not Microsoft Corporation or a comany you know, be suspicios
In relation to the resolution there, the path
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
was already correct in my registry.
LookinAround
Posts: 6,429 +186
autoruns is a great program, agree :grinthumb
but you needn't boot into safe mode to use it
and for a handy method to prune out what you might be suspicious about try this sometime
- When Autoruns starts, hit ESC key (your upper left on keyboard) to stop scanning
- Click Options Check Verify Code Signatures. Other options should be unchecked
- Click File->Refresh to start scanning
- Wait for status in lower left says Done
- Now all digitally signed Microsoft entries aren't displayed (as you can NOW be confident who they are from) as seeing signatures of some others
/**** EDIT ***********/
Copied/pasted incorrectly from other post. Meant to also indicate to also select Options->Hide Signed MS Entries
LookinAround
Posts: 6,429 +186
Then let's go down the Autoruns path!
See if finds if a different logon start file has been changed. You can download here. Then just follow instructions i happened to just give in prior post. When done be sure to look at Winlogon and Logon tabs in particular. Or just click File->Save to save in a text file, attach it to next TS post (use paper clip icon) and i can take a look at it
- Status
Similar threads
