Author Topic: SPOOLSV.EXE connects to 74.54.130.66  (Read 1479 times)

0 Members and 1 Guest are viewing this topic.

Offline barbal

  • Newbie
  • *
  • Posts: 1
SPOOLSV.EXE connects to 74.54.130.66
« on: September 21, 2010, 09:43:56 PM »
Hi all,

My firewall (ZoneAlarm) detects that the process spoolsv.exe tries to communicate with the ip 74.54.130.66. If I look the domain name of this ip is a944sm.avast.com. Could you please confirm me that it is right that spoolsv.exe tries to contact with this server?

Thanks in advance

Lluís

Offline Llanziel

  • Sr. Member
  • ****
  • Posts: 365
  • “Life is not fair; get used to it.”
Re: SPOOLSV.EXE connects to 74.54.130.66
« Reply #1 on: September 22, 2010, 01:30:27 AM »
Are not supposed to connect with the avast server.

This is a Printer Spooler Service. Information about spoolsv.exe

http://www.neuber.com/taskmanager/process/spoolsv.exe.html

 But in some case, it can be a malware. I recommend to find the application and upload to virustotal and put the results here. Is the letter "s" is uppercase, it is a malware.  

Check this:

http://www.symantec.com/security_response/writeup.jsp?docid=2003-112315-1255-99&tabid=2
« Last Edit: September 22, 2010, 01:37:01 AM by Llanziel »
Windows 7 64-bit SP1
avast! free 6, windows firewall, ie9 & firefox, proxpn, keepass 2, visual c# 2010 express

Offline SafeSurf

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5203
Re: SPOOLSV.EXE connects to 74.54.130.66
« Reply #2 on: September 22, 2010, 11:07:22 AM »
Hi Lluís,

According to WhoIs: http://tools.whois.net/whoisbyip/, enter the IP and you will find out more information about this.

Have you run any Avast scans since this incident?  If not, make sure your definitions are up to date and run a Full, and Boot-time (if you have a 32-bit) scan.

Then check your computer for malware with Malwarebytes’ Anti-Malware (MBAM).
·    Download free http://www.malwarebytes.org/ for an on-demand scanner.
·    Double Click mbam-setup.exe to install the application.
·    After install, click update so you have latest database before scanning.
·    Under Settings:
o    General: Automatically Save File After Scan Completes is checked off
o    Scanner SettingsCheck all boxes
o    Updater: Download and install update if available is checked off
·    Once the program has loaded, select "Perform FULL Scan", then click Scan.
·    The scan may take some time to finish, so please be patient.
·    When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
·    Click the “remove selected” button to quarantine anything found.  You will find the infection details under the Quarantine tab.
·    The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
·    Copy & Paste the entire report in your next reply.

Please let me know if you have any questions.  Thank you.
Mac 10.9.4 /Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Premium)/ Mobile MBAM.