PDA

View Full Version : ? re: replacing a spoolsv.exe file



gordonla1
2008-11-04, 03:42
Hi!

Spybot found a delf.spool.cn trojan on my computer and fixed the problem except the directions in the sidebar told me to "restore the original spoolsv.exe file from the c:\windows\system32\dllcache folder to the c:\\windows\system32 folder." The problem is I can't find the dllcache folder to retreive the spoolsv.exe file from the system32 folder. Is it hidden? Did it get removed by the trojan? I know some about computers, but not in this case.

Thanks so much!!

Zenobia
2008-11-04, 09:53
The dllcache folder may be hidden:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

What version of Windows do you have?

How are things with your computer now?

jcody777
2008-11-07, 02:48
I can't find the spoolsv.exe in the dllcache file, where would it be?
Do you think the spoolsv.exe in the system32 file is still part of the trojan spyware?

gordonla1
2008-11-07, 21:09
Thanks for your response! I'm running Windows XP Pro and I haven't had a chance to fiddle with the PC until today. It seems to be running OK but when I did as you instructed there wasn't a spoolsv.exe file in the dllchache folder. I found one in the system32 folder but I'm not sure if that's the one that is corrupted or not. Any advice?

Thanks again!

md usa spybot fan
2008-11-08, 07:11
gordonla1:

Try scanning the file with one or both of these online scanners and see what you get:
Online malware scan (http://virusscan.jotti.org/) (virusscan.jotti.org)
VIRUSTOTAL - Free Online Virus and Malware Scan (http://www.virustotal.com/en/indexf.html) (Virustotal.com)

Zenobia
2008-11-08, 22:20
I've seen here and elsewhere that spoolsv.exe wasn't in the dllcache folder.Do you have the file in yours,md?

md usa spybot fan
2008-11-09, 00:35
Zenobia:

No I don't.

gordonla1
2008-11-09, 01:35
This is what it came up with:

Scanner Malware name
A-Squared Trojan.Win32.StartPage.bma!IK
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure Generic.W32
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
G DATA X
Ikarus Trojan.Win32.StartPage.bma
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 Trojan.Win32.StartPage.bma

md usa spybot fan
2008-11-09, 06:11
gordonla1:

I suspect that you have a problem with your spoolsv.exe file.

My Jotti's malware scan:


File: spoolsv.exe
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: d8e14a61acc1d4a6cd0d38aebac7fa3b

Scan taken on 09 Nov 2008 04:04:47 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

gordonla1
2008-11-09, 18:08
ahh, I'm an idiot. This is what the correct scan came up with...so I guess my spool file is OK?

A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
G DATA
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Thanks again!

BTW - I am a new mac user as well...do you all have any recommendations for anti-spyware progs for it?

Zenobia
2008-11-11, 00:33
To md:I looked on the XP,and I don't have spoolsv.exe in the .dllcache folder either.Wonder if spoolsv.exe is on the Windows XP install cd?Or if there are other places people could get it?

md usa spybot fan
2008-11-11, 00:55
Zenobia:

I have seven (7) copies in four (4) different versions on my system ranging from the original (XP SP1 to XP SP3) in various folders (I386, uninstall backups as well as WINDOWS\system32):
Version: 5.1.2600.0
Version: 5.1.2600.2180
Version: 5.1.2600.2696
Version: 5.1.2600.5512

gordonla1
2008-11-11, 04:02
Ok, new problem. Any ideas why my computer has now decided that I no longer have a D drive?

thanks!