Is spoolsv.exe a Virus?

Try telling ZA to deny without letting it remember the choice. If you have no printing problems over the course of several sessions, make it permanent. If it hoses your printing, change to allow and make that permanent.

I realise I'm seriously late on this topic, but I just found your website (and I love it!) advertised with Randy's This is True. Anyway, my question about this topic is this: I don't have a printer on my home computer but spoolsv.exe still tries to access the internet for some unknown reason. I have McAfee Virus Scan/Adaware Free/and Spybot S/D (amoung others). None of these have found viruses or other malicious files. Have you ever heard of spoolsv.exe requesting outbound access w/o a printer installed?

Thanks so much and THANK you again for your great website.

EDOTOR'S NOTE: My understanding is that SPOOLSV occasionally polls to check for networked printers. If you're worried about this, you can safely block it with a software-based firewall. But I don't think that's necessary.

Just type `net stop spooler` on command line. When you need to print any thing, type `net start spooler` and after finishing, type `net stop spooler` again.

EDITOR'S NOTE: Okay... but why? Seems like a hassle, and there's nothing to indicate that leaving spooling ON is a problem.

I have had similar experiences and allowing the firewall to block access does not stop my Canon printer operating. However I have found a duplicate spoolsv.exe file in Windows\ServicePackFiles\i386 but it is a different version - 2180 as opposed to 2696. Could this be a Trojan? None of my virus control or add-aware programs spot it.

EDITOR'S NOTE: If your A/V scan didn't flag it, I wouldn't be concerned.

I was able to fix this error on Win XP SP2 by uninstalling McAfee Privacy Service.

Hi, spoolsv.exe was given permission to access the internet via Zonealarm earlier today. Since then I have been unable to access the internet, although my email still works. When I went into the control panel to access the Printer and Fax info, my computer hung. A search for spoolsv.exe (including hidden and system folders) did not come up with anything unusual. Spyware software picked up nothing, but ant virus software picked up a Trojan. Deleting this trojan has not restored my internet access, hence I am using my laptop. This is a work in progress.

EDITOR'S NOTE: I would get rid of ZoneAlarm... it's completely unnecessary and often causes problems like this one. See http://askbobrankin.com/do_i_need_a_firewall.html

Hi, Cool site. I have this same problem, BUT I DO NOT have a printer hooked up to this computer. Why should spoolsv.exe try to access the internet on a computer without a printer and the printing port is disabled. Thanks for in advance.

EDITOR'S NOTE: I think spoolsv is occasionally polling on the network to see if there are any (new) network-attached printers.

i do not have printer attached to my pc.however, i have deleted the printer file in the spool file which located at system 32...the file keep appearing again and again...even i have deleted the file..the wording appear like this SPOOLSV.EXE -- pls insert disk to drive A as the drive is empty.help me....

EDITOR'S NOTE: Did you delete the SPOOLSV.EXE file? That's not advised...

The spoolsv.exe is running on my machine (WinXP Pro) but I do not have a printer. Does that mean it's a virus?

EDITOR'S NOTE: No, see the earlier comments. It runs on all XP computers, regardless of any printers that may be installed.

I have been looking up the ip addresses each time my Zone Alarm shows spooler subsystem app has tried to access the internet. The addresses are different microsoft addresses. The one that shows up the most is the hotmail logon page. I run norton with auto updates and daily scans as well as spy sweeper daily and so I am skeptical that I have any infection. I do not have a network printer. I would just like to know what I have to do to get that service to stop trying to access the internet?

EDITOR'S NOTE: If you really want to block it from internet access, do so with Zone Alarm. But it won't make you any more secure.

Same or similar problems here with the spoolsv.exe, it seems. Started when I installed a new printer, HP tri function. I often have problems that smell of back door vulnerability, such as I just went online for banking transfer of funds. Not only did I get a pop up saying something that did not reflect what the actual web site indicated was happening after some delay. But when I had to relog in (why?) after entering password and user name, the process hung and engaged major CPU. Similar problems on other pages when ordering that didin't used to be a problem. Like I'm beeing spied on in secure pages. WHat to do??!!! HP installed a totally megabite rediculous weight of files on my computer, many seem on when I don't need them slowing things down and doing way too much snooping. - Ysha

EDITOR'S NOTE: You may well have a spyware problem... but it has nothing to do with either SPOOLSV (the microsoft windows component) or the HP printer driver. Search this site for X-RAYPC and scan with it.

Had the same problem spoolsv.exe running 100% CPU - resolved by cancelling all print jobs and re-booting. Thanks for your helpful site Bob.

so everyone keeps asking if its a virus, i dont hear a yes or no, and since i am not seeing a flat out no, i can assume its a virus.

EDITOR'S NOTE: This is as clear as I can make it... In MOST cases, it's just a harmless part of the Windows operating system. But it's POSSIBLE that someone has (or will) create a virus with the same name. Your anti-virus software should be the true test.

If your spoolsv.exe is tring to acces the internet, for sure, it is a hazardous worm it is a keyloger, I got it and the only antivirus (except for the zone alarm you mention) detect's it. The pc-cillin 2007 can stop it from sending such e-mails and will let you know which program is doine this(in this case . the Avast will manualy allow or deny the e-mail sending but is nos telling you which program is doing this.

Tring to stop this program vua taskmanager is not possible some other program is calling very quickly to the spoolsv.exe file, but there is one utility called "process" that can kill the process and then you can rename or delete it. But this is not the end of the problem because as told there is a program that will revive the spoolsv.exe.

EDITOR'S NOTE: Ummm, no. The REAL spoolsv DOES access the Internet, and poses no threat. Always run an A/V scan if you suspect a rogue version.

Spoolsv.exe MAY be a virus/trojan!!!!

I was unable to get Intenet/email access. While on phone with ISP tech support, Zone Alarm alerted me that mIRC was trying to act as a server. I denied. I've never had/used IRC. Ctrl+Alt+Dlt showed NO applications running. Full scan with AVG antiVirus found NOTHING. Usesd Start/Find to search for *mIRC*.* (asterisks being wildcards) Found a folder in Windows/System/dcache/scan containing numerous BAD files (One mirc.reg file with a REGEDIT4 HKEY....Username of 'Cracks_boy'. Hmmm.

Another file in the folder, 'start.bat' basically tells your computer to stop spoolsv.exe, UNinstall spoolsv.exe (which, I THINK should be in System 32 folder), and then REinstall cracks_boy's version of spoolsv.exe and RUN files called 'hiderun.exe, spoolsv.exe and mirc.exe...

All-in-all, this piece of crap runs IRC letting the jerk have full-access to your computer AND it's invisable to you and most antivirus programs.

EDITOR'S NOTE: Well, yes... a virus can be named ANYTHING, and as you've seen, the virus writers sometimes pick the name of a Windows system file.

Hello Bob, thanks for offering your service! I got a problem with my lexmark usb printer x8350. It works normally but only without zonealarm. Even if I set zonealarm to idle it blocks the normal print procedure. To make the printer work normally it has to be shut down completely. Do you know how to adjust zonealarm or other windows services (spooler.exe) in zonealarm to make it work together with my printer?

EDITOR'S NOTE: Simplest way: Remove ZoneAlarm. The hardware firewall (in the network router) and/or the built-in Windows firewall does the job just fine for me.

I had a problem on that spoolsv.exe and found this site to be useful. Check it out -- http://torque.oncloud8.com/archives/000384.html

HI.Its Not a virus..this is problem woth printer.so, u can delete/uninstall the all the printers and install again.it will work,.before unistall the printer u should statr the printer spool service in services.msc.

Aftre install the printers start the printer spool service from service.msc.

My PC had 15 or so printers installed, but only two constituted valid links. As in the suggestion above, I deleted all of the dormant printers and spoolsv stopped consuming resources ... wmiprsve also settled down. These two processes were previously throttling the CPU bandwidth between 0 and 50% on a 10 second interval. Thanks for the useful posts!

The problem with spoolsv.exe taking excessive resources is usually down to excessively long printer queues - more often than not, the MS Office Image Printer (that people don't realise they've 'printed' to . Clearing the queues (rather than deleting/installing all printers) will usually resolve the resource hog.