I used limewire recently (yes, I know, It's a dangerous program. i stopped using it now.) to download music, only to get 3 trojans that were luckily blocked by our antivirus program. However, one day I logged off and saw the "trying to end program" thing, only it was for winspooler.exe. I'd never seen it before, and I was curious, so I looked it up on the internet (nerdy, no?). It turns out (if http://www.bleepingcomputer.com/startups/WinSpooler.exe-21894.html is right) that it's malware. I tried a McAfee antivirus scan, but nothing showed up. My dad decided that it was probably a false alarm, but I'm not sure (my dad's a computer programmer, so he's pretty reliable), but I can't help but think that it might still be a virus. Does anyone know if it is or isn't, and if it is, how to get rid of it? (i found file, so I can delete it if it helps)
Winspooler.exe certainly sounds like a malware or trojon, there is a legiet windows service called spooler.exe which is used for printing. Winspooler.exe looks like someone has injected code and now trying to pretend to be a valid program. have a look at this page
I would recommend updating your software, have a strong antivirus/antispyware/firewall in place to deal with these things.
1. WinClam (Free Antivirus) or Avast (Free)
2. Spybot (Free Antispy removal)
3. Windows firewall should do the trick, you can also use zonealarm standard version which is free
well, we do have a strong firewall/antivirus thing. We have at least 2 firewalls and a proxy server, which at least helps in preventing any information being sent out by a program unless we okay it. We'll try those programs if adaware doesn't do the trick.
*edit* adaware found a few things, but none of them were winspooler. We've decided that it's not that dangerous, and it doesn't even appear to be doing anything (it's not being run at any time).
Mcaffe is absolute trash. Dont go by what it says.
Download Avira Antivir Classic Edition (Free) or the Personal Premium Edition (30day free trial) and run a full computer scan. See if it detects anything.
If you want a free antivirus, use AVG Antivirus Free Edition (http://www.free.grisoft.com) . If you want complete protection, use AVG Internet Security or ESET NOD32 Smart Security. I recently heard that Norton, Avast, and worst of all, McAfee were just resource hogs that would slow down your computer even worse than getting a virus.
Use Process Explorer and see what processes are running.
Compare with a non-infected computer with a similar configuration and see what extra programs are running in your computer.
Then kill the Abnormal processes (from Process Explorer) and then see if the computer works fine. If it doesn't, you probably killed an important system process, but don't worry, just restart the computer and everything is back to the way it was.
If the computer speed improves then it looks like the process you ended was either a CPU or RAM hogging virus or useless program. Keep a backup of the file and delete the thing. The backup is just in case you later learn that something is not working properly (like maybe ctfmon.exe controlling Advanced Text Services or stimon.exe for Still Images)
Put the file back if such a problem comes up.
Then check the registry for suspicious entries by pointing to the process name (use the search function in regedit.exe)
\Hope this helps
okay, thanks. I'll try some of those things.
*edit* actually, it occured to me that we're going to be formatting our hard drive soon, as windows is suffering from some pretty bad bit rot. As long as the virus doesn't do anything until then, it'll work out ok.
Winspooler.exe could be benign malware, as it only takes up your RAM.
|We've decided that it's not that dangerous, and it doesn't even appear to be doing anything (it's not being run at any time) |
If you have an unidentified process on your computer, its no reason to freak and call in the cavalry. However, many people on this forum, including yourself mentioned that it might be malware. In any case, bad policy to let it be. Malware, spyware, and viruses are words that are usually thrown around quite a bit. Just because something isn't "doing" anything, doesn't mean that it isn't. It could be sending your personal information out (don't scoff, I used to as well). It could be logging activity on your PC, or corrupting your data.
The article you posted lists it as unknown malware, which basically means that it has no buisness on your computer. Locate the file and delete it. Check your registry for a timed startup, check your startup folder, and run MSCONFIG. I also reccommend Avira AntiVir (Free) as a good Antivirus software.