File Search: 

ThreatExpert's awareness of the file "spoolsv.exe":

Across all ThreatExpert reports, the file "spoolsv.exe" was mostly identified as a threat.
File "spoolsv.exe" has the following statistics:
Total number of reports analysed611,932
Number of cases that involved the file "spoolsv.exe"1,255
Number of incidents when this file was found to be a threat1,172
Statistical volume of cases when "spoolsv.exe" was a threat93%
Please enable javascript to display the chart.
Notes:
  • Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour.
  • In order to check a file, please submit it to ThreatExpert.
  • For a comprehensive pro-active protection against threats, please consider ThreatFire - our behavioral antivirus solution.
The file "spoolsv.exe" is known to be created under the following filenames:
%AllUsersProfile%\cncdown.exe
%AppData%\1.exe
%AppData%\blaah.exe
%AppData%\calc.exe
%AppData%\cisvc.exe
%AppData%\cmstp.exe
%AppData%\codecsetup.exe
%AppData%\codecsetup3788.exe
%AppData%\codecsetup4127.exe
%AppData%\codecsetup6400.exe
%AppData%\codecsetup8536.exe
%AppData%\comrepl.exe
%AppData%\cp_setup_assist.exe
%AppData%\cuda.exe
%AppData%\dealassistant\dauninstall.exe
%AppData%\digifast\dfuninstall.exe
%AppData%\dllhst3g.exe
%AppData%\esentutl.exe
%AppData%\hose.exe
%AppData%\icsys.icn.exe
%AppData%\ieudinit.exe
%AppData%\ijango_toolbar_installer.exe
%AppData%\ldr.exe
%AppData%\logman.exe
%AppData%\microsoft\cisvc.exe
%AppData%\microsoft\cmstp.exe
%AppData%\microsoft\comrepl.exe
%AppData%\microsoft\dllhst3g.exe
%AppData%\microsoft\dtsc\t.exe
%AppData%\microsoft\esentutl.exe
%AppData%\microsoft\ieudinit.exe
%AppData%\microsoft\logman.exe
%AppData%\microsoft\mqtgsvc.exe
%AppData%\microsoft\mstinit.exe
%AppData%\microsoft\mstsc.exe
%AppData%\microsoft\office71\vhchk.exe
%AppData%\microsoft\rsvp.exe
%AppData%\microsoft\spoolsv.exe
%AppData%\microsoft\windows\ernsjyi.exe
%AppData%\microsoft\windows\jjcmdrj.exe
%AppData%\microsoft\windows\nheste.exe
%AppData%\microsoft\windows\nxmwp.exe
%AppData%\microsoft\windows\rwmgh.exe
%AppData%\microsoft\windows\security\user0.exe
%AppData%\microsoft\windows\tbljxjk.exe
%AppData%\microsoft\windows\vohth.exe
%AppData%\microsoft\windows\vvpmyvaw.exe
%AppData%\mqtgsvc.exe
%AppData%\mrsys.exe
%AppData%\mstinit.exe
%AppData%\mstsc.exe
%AppData%\mxplay\temp\mxplay_installer.exe
%AppData%\ntcom.dll
%AppData%\nthead.dll
%AppData%\pak-5593.exe
%AppData%\pak-5594.exe
%AppData%\pak-5595.exe
%AppData%\pak-5596.exe
%AppData%\pak-5597.exe
%AppData%\pak-5598.exe
%AppData%\pak-5599.exe
%AppData%\pak-5600.exe
%AppData%\pak-5601.exe
%AppData%\pak-5602.exe
%AppData%\pak-5603.exe
%AppData%\rsvp.exe
%AppData%\salehoo\auctionalert\_tmp\aa.exe
%AppData%\salehoo\salehooalert\_tmp\aa.exe
%AppData%\scvhost.exe
%AppData%\sessmgr.exe
%AppData%\silverlight\silverlight.exe
%AppData%\skynet\muonline\_cw0srv.exe
%AppData%\skynet\muonline\234672.exe
%AppData%\skynet\muonline\239874.exe
%AppData%\skynet\muonline\293874.exe
%AppData%\skynet\muonline\345674.exe
%AppData%\skynet\muonline\345676.exe
%AppData%\skynet\muonline\435627.exe
%AppData%\skynet\muonline\543978.exe
%AppData%\skynet\muonline\546783.exe
%AppData%\speedrunner\sruninstall.exe
%AppData%\spoolsv.exe
%AppData%\temp.dll
%AppData%\truesword4.exe
%AppData%\wefisetup.exe
%AppData%\winbutler\winbuninstaller.exe
%AppData%\winbutler\winbutler.exe
%AppData%\windows.exe
%AppData%\wintouch\wintouch.exe
%AppData%\wintouch\wtuninstaller.exe
%AppData%\wrar380d.exe
%AppData%\yeah\yeah374809.exe
%CommonAppData%\38001914.exe
%CommonAppData%\3810eef8.exe
%CommonAppData%\381751d0.exe
%CommonAppData%\388f0900.exe
%CommonAppData%\38d3ff69.exe
%CommonAppData%\aol downloads\aoltoolbar\setuptoolbar.exe
%CommonAppData%\av1\av1.exe
%CommonAppData%\av1\av1i.exe
Notes:
  • %AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
  • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
  • %CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.

The file "spoolsv.exe" has the following possible countries of origin:
OriginNumber of Incidents
China98
Brazil20
Spain6
Germany4
Republic of Korea4
Russian Federation1
United Kingdom1

The following threats are known to be associated with the file "spoolsv.exe":
Threat AliasNumber of Incidents
IRC/Client [McAfee]33,660
not-a-virus:Client-IRC.Win32.mIRC.603 [Kaspersky Lab]32,980
Backdoor.IRCBot [PC Tools]28,050
not-a-virus:Client-IRC.Win32.mIRC [Ikarus]20,910
Win-Trojan/MircPack.1790464 [AhnLab]20,570
IRC-Worm.Win32.Tedeto.a [Ikarus]4,080
Worm.Rungbu.B [PC Tools]1,445
PE_RUNGBU.C-O [Trend Micro]1,406
Virus.Win32.VB.cc [Kaspersky Lab]1,119
Allsum [McAfee]1,090
Adware.Allsum [PC Tools]1,089
Adware.AllSum [Symantec]1,057
not-a-virus:AdWare.Win32.AllSum.a [Kaspersky Lab]1,023
W32.Rungbu [Symantec]934
Generic VB.c [McAfee]777
Worm.Win32.VB.du [Kaspersky Lab]775
PE_RUNGBU.B-O [Trend Micro]768
Worm.VB.YVF [PC Tools]767
TrojanClicker:Win32/Hatigh.C [Microsoft]345
Mal/EncPk-KP [Sophos]283
Gen.Packed [Ikarus]270
Packed.Generic.233 [Symantec]244
Generic.dx!fml [McAfee]243
Worm.VB.ZVX [PC Tools]189
Bloodhound.Unknown [Symantec]183
PE_RUNGBU.A-O [Trend Micro]167
Trojan-Clicker.Win32.Hatigh [Ikarus]108
Mal/Generic-A [Sophos]107
Trojan-Downloader.Win32.Suurch.awk [Kaspersky Lab]105
W32/Rungbu-C [Sophos]75
not-a-virus:AdWare.Win32.AllSum.a [Ikarus]66
TrojanDownloader:Win32/Allsum [Microsoft]66
Win-Trojan/Ourxin.45056 [AhnLab]66
Worm.Win32.VB.du [Ikarus]63
W32.Dizan.D [Symantec]54
Mal/Emogen-E, Mal/Basine-C [Sophos]39
W32/VB-CTQ [Sophos]39
Trojan.KillAV [Symantec]37
Backdoor.Win32.Iroffer.fc [Kaspersky Lab]36
Virus:Win32/Rungbu.C [Microsoft]35
W32/Rungbu-A [Sophos]31
Downloader [Symantec]29
New Malware.dw [McAfee]25
Worm:Win32/Autorun.gen!DI [Microsoft]24
Infostealer.Bancos [Symantec]23
PE_DZAN.A [Trend Micro]22
W32/Dzan.b [McAfee]21
Backdoor.Win32.Ceckno [Ikarus]19
PE_TENGA.A [Trend Micro]19
Virus.Win32.Tenga.a [Kaspersky Lab]19
W32/Gael.worm.a [McAfee]19
Virus.Win32.Dzan.a [Kaspersky Lab]18
W32.Licum [Symantec]18
W32/Hipack.worm [McAfee]16
Worm.Win32.Hipak.a [Kaspersky Lab]16
Trojan-Banker.Win32.Agent [Ikarus]15
Trojan-Banker.Win32.Agent.so [Kaspersky Lab]15
Trojan-Downloader.Win32.Suurch.awj [Kaspersky Lab]15
Mal/Horst [Sophos]14
W32.Dzan [Ikarus]14
TrojanDropper:Win32/Agent.FG [Microsoft]13
PE_HIPAK.A [Trend Micro]12
PE_RUNGBU.C [Trend Micro]12
TrojanDownloader:Win32/Horst.Q [Microsoft]12
Virus:Win32/Hipak.A [Microsoft]12
W32/Dzan-E [Sophos]12
Win32/Xema.worm.103424.B [AhnLab]11
Worm.Win32.AutoRun [Ikarus]11
Worm:Win32/Autorun.PQ [Microsoft]11
Mal/Packer, Mal/Basine-A, Mal/Behav-160, Mal/Emogen-E, Mal/Basine-C [Sophos]10
Trojan-Downloader.Win32.Banload [Ikarus]10
W32/Autorun.worm.gen [McAfee]10
Win-Trojan/Agent.251904.S [AhnLab]10
Mal/Behav-160, Mal/Behav-009 [Sophos]9
Trojan-Downloader.Win32.Banload.bat [Kaspersky Lab]9
New Malware.fa [McAfee]8
Trojan.KillAV!sd6 [PC Tools]8
Trojan-Downloader.Win32.Calac [Ikarus]8
Worm.Hipak!sd5 [PC Tools]8
Mal/Basine-C [Sophos]7
Virus.Win32.Virut.q [Kaspersky Lab]7
Virus.Win32.Warezov [Ikarus]7
Win32/Xema.worm.76288.B [AhnLab]7
Mal/Packer, Mal/Behav-160, Mal/Emogen-E [Sophos]6
Trojan-PSW.Bancos [PC Tools]6
W32.Virut.U [Symantec]6
W32/Vetor-A [Sophos]6
PE_RUNGBU.G-O [Trend Micro]5
PWS-Banker!bdv [McAfee]5
Trojan Horse [Symantec]5
Virus.Win32.Oliga [Ikarus]5
W32.SillyFDC [Symantec]5
Win32.SuspectCrc [Ikarus]5
Win32/Rungbu [AhnLab]5
Worm.Rungbu.A [PC Tools]5
Downloader.Trojan [Symantec]4
Generic VB.b [McAfee]4
Mal/Basine-A, Mal/Behav-160, Mal/Emogen-E, Mal/Basine-C [Sophos]4
Mal/Packer, Mal/Behav-160, Mal/Emogen-E, Mal/Behav-009 [Sophos]4
New Malware.d [McAfee]4