hosting3.net

Subscribe RSS
 
Home > What Is > What Is Spool11.exe?

What Is Spool11.exe?

Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For example:   E:\RECYCLER\S-1-6-21-1257894210-1075856346-012573477-2315\folderopen.exe   The worm also creates an autorun.inf file in the root directory of the drive in order to launch the worm if, for example, the drive is We strictly restrict you from using this information if you are not sure about what you are doing.Recommendation 1: We recommend you to take a backup of Windows Registry before following Register Now What is spool11.exe process?

Similar processes to spoolsvr.exe spoolsvmgr.exe SpoolPrX.exe spoolfsvs.exe spoolcv.exe (Microsoft Corporation) spooll32.exe spools.exe (MagicISO, Inc.) spoolsv.e˜e (Microsoft Corporation) spoolwin.exe spooler_srv.exe spoolsvc.exe (ISSMu Crackers (c)) Privacy Policy | Terms of Use © 2017 When first run, the worm checks if Messenger is running by looking for a Window with the class name "MSBLWindowClass". Support| Contact Us Home Threat Analysis Center How-To Section Download Purchase Awards Testimonials Home »Threat Analysis Center »Spyware »Spyware Threats Starting With [I] »ircbot.er Wednesday, January 18, 2017 ircbot.er Type: wormDescription: What to do now Manual removal is not recommended for this threat.

Please read that file before asking questions about what's available. Vote: Unknown Safe Normal Dangerous Message: (Messages are NOT required to vote) To help us fight spam, please answer the following question: What is four + 4? The intention of this is obviously to delete the original copy of the worm that was received via Messenger.   Modifies System Settings Slenfbot deletes the following registry keys (and any Search Startups Startup Database Navigation Startups Home Newest Entries Rootkit List Startup Database Forum How to use the Startup Database Submit a Startup RSS Feed Newsletter Sign Up

Follow

This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker. c:\arc.exe Used to break apart ARC files Sysop c:\pkunzip.exe Used to break apart ZIP files Sysop c:\lha213.exe Used to break apart LZH files Sysop October, November, December 1988: Multiprocessor Mandelbrot Engine previous process spool11.exe next process spool13.exe Return to top Privacy | Terms & Conditions | Resources | Contact Us All images and content copyright © 2008-2017 whatisprocess.com. If in doubt, don't do anything.

Do you have a problem with spoolsvr.exe? Add comment Your details Name: Email: Receive notification emails when new replies are received on this page? Try to install an antivirus to see if it helps. BleepingComputer.com will not be held responsible if changes you make cause a system failure.

Name Microsoft Spool 11 Service Filename spool11.exe Command spool11.exe Description A variant of the IRCBot family of worms and IRC backdoor Trojans. This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed The injected code opens the worm's file with "read" sharing mode to prohibit other processes from writing to or deleting the file. Rate now Common location(s): Unknown Visitor comments...

Process description: Microsoft Spool 11 Service Author: Unknown Part of: Unknown We have yet to research the spool11.exe process, or we were unable to find sufficient information.If you have any information This code is posted as a convenience to Circuit Cellar readers. rated this process as unknownVisitorWhat is this spool11.exe process and what does it do?... Installation When executed, Worm:Win32/Slenfbot.KF copies itself to the as "spool11.exe" and sets the attributes for this copy to read only, hidden and system.

If you require support, please visit the Safety & Security Center.Other Microsoft sitesWindowsOfficeSurfaceWindows PhoneMobile devicesXboxSkypeMSNBingMicrosoft StoreDownloadsDownload CenterWindows downloadsOffice downloadsSupportSupport homeKnowledge baseMicrosoft communityAboutThe MMPCMMPC Privacy StatementMicrosoftCareersCitizenshipCompany newsInvestor relationsSite mapPopular resourcesSecurity and privacy If that does not help, feel free to ask us for assistance in the forums. How can you fix problems with spoolsvr.exe? When the attacker orders the worm to spread via MSN Messenger, they must provide the following three parameters: A URL containing a list of possible messages to send, along with the

Generated Wed, 18 Jan 2017 23:18:29 GMT by s_hp87 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.10/ Connection Process description: Microsoft Spool 12 Service Author: Unknown Part of: Unknown We have yet to research the spool12.exe process, or we were unable to find sufficient information.If you have any information This consists of programs that are misleading, harmful, or undesirable. For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.

Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. Using this backdoor, an attacker can perform the following actions on an affected machine: remove itself join another IRC channel download and execute arbitrary files spread via MSN Messenger send arbitrary Your cache administrator is webmaster.

Add comment Your details Name: Email: Receive notification emails when new replies are received on this page?

The worm creates a ZIP archive containing a copy of itself in the temporary folder with this name. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP and Vista is C:\Windows\System32.   The worm makes a further registry modification that This entry has been requested 1,429 times. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL.

Vote: Unknown Safe Normal Dangerous Message: (Messages are NOT required to vote) To help us fight spam, please answer the following question: What is four + 4? For each article, the first file in the list contains complete descriptions of what files are available for that article. rated this process as unknownVisitorAnyone have ANY info? It modifies the registry to run this copy at each Windows start:   Adds value: "Microsoft Spool 11 Service"With data: "spool11.exe"To subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run   Note - refers to a

If spoolsvr.exe is using too much CPU or too much memory in your system, it is possible that your file has been infected with a virus. Disclaimer It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. The worm places this file in the ZIP archive, which it sends to MSN Messenger contacts, in place of itself.   Modifies Hosts File Slenfbot replaces \drivers\etc\hosts with a file Click to Run a Free Scan for spool11.exe related errors Is the spool11.exe process a virus, spyware or malware?

The worm copies itself into this directory, with a file name such as “folderopen.exe”.

 
 
 

© Copyright 2017 hosting3.net. All rights reserved.