Is spoolsv.exe a Virus?

I have been looking up the ip addresses each time my Zone Alarm shows spooler subsystem app has tried to access the internet. The addresses are different microsoft addresses. The one that shows up the most is the hotmail logon page. I run norton with auto updates and daily scans as well as spy sweeper daily and so I am skeptical that I have any infection. I do not have a network printer. I would just like to know what I have to do to get that service to stop trying to access the internet?

EDITOR'S NOTE: If you really want to block it from internet access, do so with Zone Alarm. But it won't make you any more secure.

Same or similar problems here with the spoolsv.exe, it seems. Started when I installed a new printer, HP tri function. I often have problems that smell of back door vulnerability, such as I just went online for banking transfer of funds. Not only did I get a pop up saying something that did not reflect what the actual web site indicated was happening after some delay. But when I had to relog in (why?) after entering password and user name, the process hung and engaged major CPU. Similar problems on other pages when ordering that didin't used to be a problem. Like I'm beeing spied on in secure pages. WHat to do??!!! HP installed a totally megabite rediculous weight of files on my computer, many seem on when I don't need them slowing things down and doing way too much snooping. - Ysha

EDITOR'S NOTE: You may well have a spyware problem... but it has nothing to do with either SPOOLSV (the microsoft windows component) or the HP printer driver. Search this site for X-RAYPC and scan with it.

Had the same problem spoolsv.exe running 100% CPU - resolved by cancelling all print jobs and re-booting. Thanks for your helpful site Bob.

so everyone keeps asking if its a virus, i dont hear a yes or no, and since i am not seeing a flat out no, i can assume its a virus.

EDITOR'S NOTE: This is as clear as I can make it... In MOST cases, it's just a harmless part of the Windows operating system. But it's POSSIBLE that someone has (or will) create a virus with the same name. Your anti-virus software should be the true test.

If your spoolsv.exe is tring to acces the internet, for sure, it is a hazardous worm it is a keyloger, I got it and the only antivirus (except for the zone alarm you mention) detect's it. The pc-cillin 2007 can stop it from sending such e-mails and will let you know which program is doine this(in this case . the Avast will manualy allow or deny the e-mail sending but is nos telling you which program is doing this.

Tring to stop this program vua taskmanager is not possible some other program is calling very quickly to the spoolsv.exe file, but there is one utility called "process" that can kill the process and then you can rename or delete it. But this is not the end of the problem because as told there is a program that will revive the spoolsv.exe.

EDITOR'S NOTE: Ummm, no. The REAL spoolsv DOES access the Internet, and poses no threat. Always run an A/V scan if you suspect a rogue version.

Spoolsv.exe MAY be a virus/trojan!!!!

I was unable to get Intenet/email access. While on phone with ISP tech support, Zone Alarm alerted me that mIRC was trying to act as a server. I denied. I've never had/used IRC. Ctrl+Alt+Dlt showed NO applications running. Full scan with AVG antiVirus found NOTHING. Usesd Start/Find to search for *mIRC*.* (asterisks being wildcards) Found a folder in Windows/System/dcache/scan containing numerous BAD files (One mirc.reg file with a REGEDIT4 HKEY....Username of 'Cracks_boy'. Hmmm.

Another file in the folder, 'start.bat' basically tells your computer to stop spoolsv.exe, UNinstall spoolsv.exe (which, I THINK should be in System 32 folder), and then REinstall cracks_boy's version of spoolsv.exe and RUN files called 'hiderun.exe, spoolsv.exe and mirc.exe...

All-in-all, this piece of crap runs IRC letting the jerk have full-access to your computer AND it's invisable to you and most antivirus programs.

EDITOR'S NOTE: Well, yes... a virus can be named ANYTHING, and as you've seen, the virus writers sometimes pick the name of a Windows system file.

Hello Bob, thanks for offering your service! I got a problem with my lexmark usb printer x8350. It works normally but only without zonealarm. Even if I set zonealarm to idle it blocks the normal print procedure. To make the printer work normally it has to be shut down completely. Do you know how to adjust zonealarm or other windows services (spooler.exe) in zonealarm to make it work together with my printer?

EDITOR'S NOTE: Simplest way: Remove ZoneAlarm. The hardware firewall (in the network router) and/or the built-in Windows firewall does the job just fine for me.

I had a problem on that spoolsv.exe and found this site to be useful. Check it out -- http://torque.oncloud8.com/archives/000384.html

HI.Its Not a virus..this is problem woth printer.so, u can delete/uninstall the all the printers and install again.it will work,.before unistall the printer u should statr the printer spool service in services.msc.
Aftre install the printers start the printer spool service from service.msc.

My PC had 15 or so printers installed, but only two constituted valid links. As in the suggestion above, I deleted all of the dormant printers and spoolsv stopped consuming resources ... wmiprsve also settled down. These two processes were previously throttling the CPU bandwidth between 0 and 50% on a 10 second interval. Thanks for the useful posts!