"spoolsvt.exe"

[talakitok]

i got this alert by ESET 4... and i cant remove it..huhuhuhu...what is this kind of file....pls help me how to remove it... :unsure:

[shought]

Is this file running in the background(check with taskmanager)?

If it is, shut it down, check again after 5 seconds, if it is back you have to boot into safe-mode and remove it, if it isn't back you can scan your WHOLE computer with ESET and remove anything it finds, don't reboot, download Spybot S&D and Trojan Remover(from the frontpage), update them an run a complete scan with both of them.

If everything is fixed, reboot your computer and run ALL those scans again :unsure:

If it is not running in the background, try using Unlocker to unlock the file(check what process was using the file and post that process here as well please) and then delete it.

[talakitok]

Is this file running in the background(check with taskmanager)?

If it is, shut it down, check again after 5 seconds, if it is back you have to boot into safe-mode and remove it, if it isn't back you can scan your WHOLE computer with ESET and remove anything it finds, don't reboot, download Spybot S&D and Trojan Remover(from the frontpage), update them an run a complete scan with both of them.

If everything is fixed, reboot your computer and run ALL those scans again :unsure:

If it is not running in the background, try using Unlocker to unlock the file(check what process was using the file and post that process here as well please) and then delete it.

i tried to open the task manager but it wont come out but i will try to run in safe mode

..thx for the reply, i hope it works... ;)

[3NIGM4]

spoolsvt.exe is part of the printing process and its supposed to be in C:\Windows\System32. If not kill it.

File marked as "NewHeur_PE virus" was detected using broad heuristics because it contains parts of code typical of worm infiltrations spread over the internet.

from eset

Found a step by step guide on eset website (screenshot are in chinese but english subtile) : basicly you go in safe mode as sought said, end the explorer.exe process, scan, make a coffee, do dishes, clean and restart. Good luck.

Answers here

[talakitok]

spoolsvt.exe is part of the printing process and its supposed to be in C:\Windows\System32. If not kill it.

File marked as "NewHeur_PE virus" was detected using broad heuristics because it contains parts of code typical of worm infiltrations spread over the internet.

from eset

i tried to see it on C:\Windows\System32 and i its "spoolsv.exe" without the "t"...huhuhuu..i also deleted while on safe mode and when i restart it comes back again..huhuhu

[shought]

spoolsvt.exe is part of the printing process and its supposed to be in C:\Windows\System32. If not kill it.

File marked as "NewHeur_PE virus" was detected using broad heuristics because it contains parts of code typical of worm infiltrations spread over the internet.

from eset

i tried to see it on C:\Windows\System32 and i its "spoolsv.exe" without the "t"...huhuhuu..i also deleted while on safe mode and when i restart it comes back again..huhuhu

Follow the guide 3NIGM4 provided and after you did that(before rebooting) please also scan with Trojan Remover and Spybot S&D. Just to make sure. It comes back because you only deleted one part of the virus, you really have to remove it ;)

But don't manually delete it, just let the AV do its job :unsure:

[3NIGM4]

Follow the guide 3NIGM4 provided

Dont miss any steps : coffee and dishes are important for the functionality of this fix :) Keep smiling man you ll fix your gear.

[shought]

Follow the guide 3NIGM4 provided

Dont miss any steps : coffee and dishes are important for the functionality of this fix :) Keep smiling man you ll fix your gear.

important????

essential!!!!

:D

[talakitok]

ive done it all but evrytime it is deleted then i restart the computer it always come back....sheez..i guess a rebboot..huhuhuhu

[Donaldo]

It's coming back, because you probably have 'system restore' on.

Try the following:-

01) Right click on 'My Computer'

02) Click 'Properties'

03) Click the 'System Restore' tab

04) Check 'Turn off System Restore'

05) Reboot

06) Follow 3NIGM4's link to delete your pet 'NewHeur_PE Virus'

07) If all's well, you may turn 'System Restore' back to on

[wyrman]

ive done it all but evrytime it is deleted then i restart the computer it always come back....sheez..i guess a rebboot..huhuhuhu

Check your startup. Has to be there.

[talakitok]

spoolsvt.exe is part of the printing process and its supposed to be in C:\Windows\System32. If not kill it.

File marked as "NewHeur_PE virus" was detected using broad heuristics because it contains parts of code typical of worm infiltrations spread over the internet.

from eset

Found a step by step guide on eset website (screenshot are in chinese but english subtile) : basicly you go in safe mode as sought said, end the explorer.exe process, scan, make a coffee, do dishes, clean and restart. Good luck.

Answers here

do i have to use Eset v2 for this??...

[KotaXor]

Try using Malwarebytes Anti-malware, this should do the trick. Update and scan!

[3NIGM4]

do i have to use Eset v2 for this??...

Suppose to work with any version, maybe some menu difference. Try it with the version you have.

[talakitok]

thank you guyz...its finally eradicated no more annoying advertising pop ups..ty for the replies especially to shought, 3NIGM4, Donaldo, wyrman and kotaxor ty again guyz.. i would now be more vigilant in downloadong files so that i wil not get to that problem again..peace :) :) ;) :P

[KotaXor]

thank you guyz...its finally eradicated no more annoying advertising pop ups..ty for the replies especially to shought, 3NIGM4, Donaldo, wyrman and kotaxor ty again guyz.. i would now be more vigilant in downloadong files so that i wil not get to that problem again..peace :) :) ;) :P

I would still advise you to use HijackThis to check it again and post the logfile here.

There might be still traces of the virus in your PC.

[Donaldo]

thank you guyz...its finally eradicated no more annoying advertising pop ups..ty for the replies especially to shought, 3NIGM4, Donaldo, wyrman and kotaxor ty again guyz.. i would now be more vigilant in downloadong files so that i wil not get to that problem again..peace :) :) ;) :hitit:

:) Great to learn your problem is solved and thanks for posting so - some of the Peeps that run into problems don't bother to post back once their problems get resolved. :)

[3NIGM4]

:) nice fight, you won a battle. But give us your hijackthis log we will see if we can celebrate more.

[talakitok]

.

[Bizarre™]

Other than this:

O4 - HKLM\\..\\Run: [tsnp325] C:\\WINDOWS\\tsnp325.exe

O4 - HKLM\\..\\Run: [snp325] C:\\WINDOWS\\vsnp325.exe

You'll have the files above if you installed a Camera Monitor program.

All the same, your log seems fine to me.

Now you can celebrate.

[Donaldo]

Great follow up!!! :P