ConsumerSoftwareReviews.com

Spoolsv

The spoolsv.exe file on the computer manages the spooling of printing jobs. The printer spooler service controls the spooled print jobs in a computer. When a print job is fired, the operating system sends the images quickly to the print spooler. The printer speed does not match the speed of the data being sent. Hence, the spooler is required to store the print data as an intermediary receptacle. The spooler then sends the images to the printer at a slower speed.

The file spoolsv.exe is a Microsoft Windows system file required for executing the printer spooler. Spoolsv.exe is essentially the printer queue manager. It is necessary for managing the printing process. This valid Windows file communicates with the network and remote printers for the smooth functioning of the printing jobs.

Spoolsv.exe is stored in the C:\Windows\System32 folder. The file size of spoolsv.exe file is between 50000 bytes and 60000 bytes. It is a legal Windows file and is not advisable to delete it.

However, sometimes users find that their spooler is using 90% of CPU time without any pending printing jobs. The computer, as a result, becomes very slow. Sometimes the printer spews out junk characters. If the spoolsv process is killed, it revives in 30 seconds and starts clogging the computer again.

Actually, the legitimate windows spoolsv file does not cause these problems. In fact, a Trojan copies itself in the systems folder with the filename spoolsv.exe. This malware opens the computer to access from external agencies. It is used to filch Internet banking and other personal information from the computer. This Trojan changes the computer registry and attaches itself to the win.ini file. As a result each time the Windows is started, this Trojan also gets going. It also attaches itself to the outgoing emails. Thus, a backdoor Trojan is installed in the computer for malicious purposes by an attacker. It opens the computer to malicious access for stealing passwords and banking information. Some of the Trojans that disguise themselves as spoolsv.exe are Backdoor.Ciadoor.B, Hacktool.Privshell, VBS.Masscal.Worm (vbs) and Graybird-A.

Before taking any action, it is important to determine whether the spoolsv.exe file hogging the CPU time is a legal Windows file or a Trojan. If the real file is deleted, Widows will have to be reinstalled.

You can ensure the genuineness of spoolsv.exe file by checking its location and size. The real Windows file resides in the C:\Windows\System32 folder and is between 50000 and 60000 bytes in size. The exact size, which varies with the Windows version, can be obtained from the Microsoft site. The Trojan will be much larger and will exist in some other location.

If it is only the actual file giving some problems, turn off the printer and stop the printer spooler. (This can be done from the Control Panel, Administrative tools, Services). Next, delete all the files in the C:\WINDOWS\system32\spool\PRINTERS folder. Switch on the printer and restart the services. If the spoolsv.exe is not a Trojan, the process will show 0% CPU utilization.

Once it has been proven that the spoolsv.exe is a Trojan, it is essential to eradicate it. The regular antivirus programs are not able to detect it. To eradicate this malware, the registry has to be edited. This has to be done very carefully as it may damage the system. Export and save a copy of the registry before proceeding. In the Windows registry, the specific HKEY_LOCAL_MACHINE entries pertaining to spoolsv.exe file have to be deleted. Next, the win.ini file has to be modified to remove the references to this file.

There are many packages available that specialize in removing Trojans such as spoolsv.exe from the computer. They are easily available online and safely clean up the system. It is advisable to use them and keep your computer safe and free from malware attacks.