Do you have a question? Post it now! No Registration Necessary. Now with pictures!
February 16, 2007, 10:08 pm
rate this thread
The culprit was found to be spoolsv.exe.
After a little reasearch I found that this is the official windows print
Following advice from http://torque.oncloud8.com/archives/000384.html , I
temporarily disabled it to get some breathing space and set out to
investigate why it had been so busy.
In C:\WINDOWS\system32\spool\PRINTERS I found two files, 00006.SHD and
00006.SPL, one of which showed itself as a Macromedia Flash file (?)
I deleted them (completely-sorry, collectors), restarted the spooler service
and all is now OK.
I have heard in the past of spoolsv.exe being replaced by a backdoor trojan,
but in this case it is not so.
Is there any record of malware abusing the spooler? I had no print jobs