Asked By
CarolineO
330 points
N/A
Posted on - 06/08/2011
Spools.exe is a virus or not?
I was fixing my sister's computer and when it opened up and something popped up and it is spools.exe but its not responding. So I clicked Ok button in order to remove it from my screen because I was trying to fix something and going to play later.
When its gone I did what I have to do but after 15 minutes of using, it pops up again. I don't know what to do anymore. The Antivirus cannot detect even removed it permanently from the computer.
I'm so clueless on how to remove the spools.exe from my sister's computer. Please help me to remove it?
Spools.exe, a virus or not?
Spools.exe and Spoolsv.exe are two different processes in your Windows system files. Now the Spoolsv.exe is a Microsoft Windows process that is responsible in print and fax task on your computer.
It is not a virus when its location is under Windows System32 system files. To open the location of a certain process go to the task manager by pressing ctr+alt+delete on your keyboard.
Under the “Processes” tab you will see all the processes that are running in your computer (Click “show processes from all users) right click the process then select “Open file location”. If not found on Windows system files then it is a virus.
Now the Spools.exe.If you are using Norton Antivirus then Spools.exe is a safe running process in you computer otherwise it is a Trojan that has gotten in your computer.
You can find the location of Spools.exe in C: WindowsSystem32drivers, if not then you should delete it from your computer.
Spools.exe is known as W32/Kassbot-C Trojan, this Trojan allows the intruders to steal your identity like passwords and even online banking leaving 0 on your balance.
This process imitates the Microsoft’s Spoolsv.exe that is responsible for printer activity or the task manager. You should remove it from your computer system to prevent further damage not only to your personal information but the computer system itself.
The behavior of Spools.exe is that, it will load itself during your Windows start up. It opens a backdoor to which the intruder will use this to steal important information from you by logging your keystrokes and sending then probably to the creator of this Trojan.
You will notice that your surfing activity becomes slow and sometimes your browser crashes.
Removing Spools.exe requires only a simple task. First, you must end the process from the task manager. Access the task manager by pressing ctrl+alt+delete as I have said earlier or by right clicking the task manger and selecting the task manager from the pop up menu.
On the list of processes, locate the Spools.exe and right click it and select “End process”. You must show all the processes that are running on your computer to be sure that you find this Trojan.
If you are using Windows XP just check the box below the task manager, on windows 7 and Vista just click the command button “Show Processes from all users”.
If your Antivirus cannot remove it, then you should try another Antivirus. I suggest you to use the "Microsoft Security Essentials", this is a free Antivirus that comes from Microsoft.
You can download it directly from "Microsoft Windows Download Center". Scan your computer using this Antivirus, this will remove the Spools.exe from your computer.
You can also use AVG and Malwarebyte’s Anti-Malware to remove this Trojan. These two programs remove tough viruses and other kinds of malware that infects your computer system.
To protect your system from this kind of Viruses, Trojans, Spyware etc. use Antivirus that has superb scanning engine that can detect and remove any kind of malware and you can also use anti spyware for additional security to your computer system.
Answered By
dan00
0 points
N/A
#108334
Spools.exe, a virus or not?
Hi! Carol,
spools.exe is a system file but if you are really suspicious of this you can try scanning it using an online scanner. Because some viruses/ worms can inject malicious codes into system files or create a same file type so that it wont be discoverable by some Anti viruses.
Maybe that program is stuck somewhere on your registry. That's why even when it is deleted, it still functions over and over again. Try using a "Registry Cleaner" and also do a full system scan in "Safe Mode" .
Hope this helps!
Regards
Spools.exe, a virus or not?
Dear Carolineo,
Spools.exe is the default Windows file and not a virus, but can be infected with a virus. Spools.exe is one of the executable file is assigned to perform all the commands to the printer.
Although this file is not very important in running Windows, but if the file is corrupted or has an error, then you cannot print the document. In general.
This problem occurs because of the many mistakes / errors in the file. SHD and .SPL in the spool directory. File.
SPL itself is a file containing the command to print a document / file. While .SHD is a file that contains information about the settings of the document to be printed.
So if both files has errors, then the printer will not run. To overcome this, you should try to do the following:
-
Open the RUN menu, then type "services.msc" then enter.
-
Find a service called Print Spooler, by default the file will automatically start when Windows starts up, then that service must be stopped, and then click STOP, then OK.
-
Then open the folder C: Windows System32 Spool Printers, then you will find the file .SHD and .SPL. then delete all the files. (This can be done if the number Step2 is completed, because if it doesn't, don't expect to delete these two files without the help of additional software like Unlocker)
-
If in the Printer's folder exists TMP folder, delete all contents.
-
Run back to "Print Spooler" from the Services Management Console like before,double click it and press Start.
If this does not work, you better do a restore on your system, system restore can restore your computer settings back to normal before the problem occurred.
Hopefully helpful!
