Got this pop up after everything froze on my computer. I mean everything, had to Hard boot. Was in the middle of running Lavasoft and after the boot then this popped up "Spooler SubSystem App" Requesting an outgoing connection with

Remote Service UDP:38184

Remote Address 172.16.255.255 (this is NOT my ISP but see it all the time)

Spooler is usually something to do with the printer right? and I think the ISP is my internet but not the one they gave me for my computer. *eyes rolling in the back of my head*

this is the first time I've seen this one, what should I do?

BTW this is on "outpost" and wants me to allow all activities, Stop all activities or Create rules using preset

Thanks

DNS Stuff

Spool is a service that allows you to print files from memory. If it was from a saved document or something of the likes, it may be trying to get the graphics or something from a website.

Spooler SubSystem App is indeed related to the print spooler, however a worm called W32/Sdbot-LKalso uses this name.. so if you haven't done a virus scan i would recommend doing one just to be safe.

the IP that you posted, is for the Internet Assigned Numbers Authority.. nothing bad, they just keep track of all internet IP's so no IP ranges conflict with one another.

*EDIT* Damnit Tarun beat me to it :lol:

Alright, I read this too.....

Process File: spoolsv or spoolsv.exe

Process Name: Microsoft Printer Spooler Service

Description:

spoolsv.exe is a Microsoft Windows system executable which handles the printing process to your local printers. This program is important for the stable and secure running of your computer and should not be terminated.

Note: spoolsv.exe is also a process which is registered as the Backdoor.Ciadoor.B Trojan or the Iambigbrother spyware. The Ciadoor Trojan allows attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately.

***************************************************************

I took AVG off and am running etrust. It's reading files coming and going and has a firewall on it. (I think I might be trying too many NEW things all at once) Anyway, I've run everything that I'm suppose to on your page here Tarun, none of them finds any of these things nor the Worm. Should I look in my Registry?

Also, it won't let me do anything unless I select all this stuff for the rule unless I stop or allow all activities. So what do I do there? This was immediately following the Hard reboot, hadn't gone to any websites or anything yet. It's just hangin in there until I do something LOL

I've never had spoolsv want a connection to the Internet, though I rarely print things. You may want to run a few online scans, or ewido just in case.

I've never had spoolsv want a connection to the Internet, though I rarely print things.  You may want to run a few online scans, or ewido just in case.

<{POST_SNAPBACK}>

I've run everything Tarun and it's showing NOTHING. I've still got this on my desk top what do I do with it? If I "create rules" for it, it's asking me a bunch of more questions that I don't understand. HELP ME PLEASE LOL

Doc1.doc

I'd block it and see what happens.

I'd block it and see what happens.

<{POST_SNAPBACK}>

*crossing fingers, closing eyes* AM I STILL HERE? ? ? LOL We'll see on next reboot. If ya'll don't see me for awhile, it's because I'm reformatting :lol:

I'm with Tarun on this, i've never had spoolsv ever access the web, but as like him, i print like once a year.. if i do print its on a network printer.

i doubt you'll have to format if you block it, from what i've read all it does is take whatever you're going to print, put it in cache so if you close the page you're printing it will still print.. if you have problems printing then unblock it and see if you still run into any problems.

I'm not sure why it would come up, I wasn't printing but do use my printer alot. It's all good

I'm still here

Thanks