1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Winlogon.exe? spoolsv.exe?

Discussion in 'Malware and Virus Removal Archive' started by cv1615, 2007/12/03.

  1. 2007/12/03
    cv1615

    cv1615 Inactive Thread Starter

    Joined:
    2007/12/03
    Messages:
    1
    Likes Received:
    0
    I have just found the Packed.Win32.Tibs Virus (Full description here: http://www.avira.com/en/threats/section/fulldetails/id_vir/1841/tr_small.ciw.5.html) and only recently became aware of it. I have my task manager items memorized for reasons like this, and suddenly winlogon.exe began showing up. Soon it was followed by spoolsv.exe. These are normal processes, but they should not be on your task manager unless they are corrupted. The Trojan sneaks in, edits the registry, creates malicious .dlls, and hides in normal applications. Few, if any, Anti-virus programs detect this. It hacks the Windows Installer and the Windows Updater making its downloads seem rational. When you try to get online help, it directs you to this site: http://support.microsoft.com/kb/936181. This is a misdirection, and the site offers no help to your problem. Luckily, it creates a log and leaves it in c:\windows\msxml4-KB936181-enu as a notepad file. I am embarrassed to find that the date it installed was 8/23/07, as now it is 12/3/07. Please spread the word and try to help anybody else that is having this problem. If you have any questions, you can email me at [removed by Christer]
     
    cv1615,
    #1
  2. 2007/12/04
    Christer

    Christer Geek Member Staff

    Joined:
    2002/12/17
    Messages:
    6,585
    Likes Received:
    74
    Hello cv1615,
    welcome to WindowsBBS ... :) ... !

    I took the liberty of removing your email addy. It might get harvested by bots and all of a sudden, your quota of spam increases. Other users will post questions and other comments in the thread.

    Christer
     
    Christer,
    #2


  3. to hide this advert.

  4. 2007/12/04
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    cv1615, don't be alarmed by the 'date', as this is a very popular tactic by the scum who write these infections to try to trick users into thinking the files are 'ok'.

    I routinely get infections via Sandboxie and have had dates modified to reflect years and years of age.
     
    TeMerc,
    #3
  5. 2007/12/05
    Arie

    Arie Administrator Administrator Staff

    Joined:
    2001/12/27
    Messages:
    15,174
    Likes Received:
    412

    Eh? Sorry, but that is not true. Once you run a 16-bit program on XP, winlogon.exe will show in TaskMan. spoolsv.exe is the Spooler service which manages spooled fax and print jobs.

    If you see spoolsv.exe constantly running, it is usually an indication that you have a corrupt spool file in your Windows printers folder. This can be caused by an unexpected shutdown or a power failure while the printer was attempting to print, or a bad driver spooled a printout to disk that was in a format Windows didn't understand and the print spooler service crashed.

    To fix this, you can follow these steps:

    • Open Control Panel > Administrative Tools > Services
    • Find the Print Spooler service
    • Right-Click Print Spooler and click Stop
    • Click Start > Run, type %systemroot%\System32\spool\printers, and click OK
    • Delete everything in that folder and close the window.
    • Right-Click Print Spooler and click Start.
     
    Arie,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...