Spoolsv Wanting Internet Access since installing new version

Message boards : BOINC client : Spoolsv Wanting Internet Access since installing new version
Message board moderation

To post messages, you must log in.

AuthorMessage
Bigfoot48

Send message
Joined: 23 Nov 05
Posts: 2
United States
Message 1098 - Posted: 25 Nov 2005, 15:58:01 UTC

ZoneAlarm started telling me that the Windows spooler file wants Internet access since I installed the latest version of Boinc.

Is that a "feature"?

Patrick
ID: 1098 · Report as offensive
Bill Michael

Send message
Joined: 30 Aug 05
Posts: 297
Message 1122 - Posted: 25 Nov 2005, 21:53:48 UTC - in response to Message 1098.  

ZoneAlarm started telling me that the Windows spooler file wants Internet access since I installed the latest version of Boinc.


That makes no sense... and you're the only one reporting it, and I know there are a ton of ZoneAlarm users, because they all report that BOINC needs through. I don't see any way a Windows utility could be affected by installing BOINC. I'd refuse the request, and run some good virus/spyware checks.

Now - if it's asking for access to port 1043 or 31416(?) then it might be okay. BOINC uses those ports for internal communication between it's parts. There was one report a few days ago that some Windows component had grabbed one of those ports for itself and wouldn't relinquish it. Doubt that's the issue here however.

ID: 1122 · Report as offensive
Tigher

Send message
Joined: 25 Sep 05
Posts: 62
United Kingdom
Message 1206 - Posted: 27 Nov 2005, 16:31:06 UTC - in response to Message 1098.  

ZoneAlarm started telling me that the Windows spooler file wants Internet access since I installed the latest version of Boinc.

Is that a "feature"?

Patrick


Hi .
I found this on the web which might be the same issue. Its not boinc related by the looks. May be there is a ZA upgrade to overcome this bug?

Assorted Version 5 Gripes
October 28, 2004. Windows 2000 SP4. ZoneAlarm v5.1.011. Shortly after booting, a ZoneAlarm pop-up said that "Spooler SubSystem App is trying to access the Internet". The program was spoolsv.exe and it was trying to get to the DNS server of my ISP. This program is configured with a permanent block. However, ZoneAlarm said the program has changed since the last time it ran. I don't think so. The ZoneAlarm log show it was blocked by the always-block-this-program rule earlier in the same day. I had not run Windows Update.


ID: 1206 · Report as offensive
Michael Roycraft
Avatar

Send message
Joined: 24 Nov 05
Posts: 129
United States
Message 1207 - Posted: 27 Nov 2005, 18:33:40 UTC
Last modified: 27 Nov 2005, 18:37:45 UTC

Tigher,

Direct Windows to search your drives for spoolsv. From the Start, hit Search/All files and folders, enter spoolsv in the "All or part of..." box, Look in local drives, hit "More advanced options" and tick the "Search system folders" and "Search hidden files and folders" and "Search subfolders", and click Search.
The legitimate spoolsv.exe is located in your Windows/System32 folder - leave it there. If your search locates any other instances, in any other location, delete them. there are some clever Trojans circulating lately that masquerade themselves by adopting names of legitimate, necessary Windows OS files, so that when someone sees that filename in Task Manager or whatever they are deceived into believing all is well and good. Another instance I've seen lately is a Trojan adopting the filename "msnmsgr.exe", the name of a legitimate file, MSN Messenger IM client, but residing in a different location.

Michael
"The arc of history is long, but it bends toward Justice"
ID: 1207 · Report as offensive
Tigher

Send message
Joined: 25 Sep 05
Posts: 62
United Kingdom
Message 1295 - Posted: 29 Nov 2005, 15:36:37 UTC - in response to Message 1207.  

Tigher,

Direct Windows to search your drives for spoolsv. From the Start, hit Search/All files and folders, enter spoolsv in the "All or part of..." box, Look in local drives, hit "More advanced options" and tick the "Search system folders" and "Search hidden files and folders" and "Search subfolders", and click Search.
The legitimate spoolsv.exe is located in your Windows/System32 folder - leave it there. If your search locates any other instances, in any other location, delete them. there are some clever Trojans circulating lately that masquerade themselves by adopting names of legitimate, necessary Windows OS files, so that when someone sees that filename in Task Manager or whatever they are deceived into believing all is well and good. Another instance I've seen lately is a Trojan adopting the filename "msnmsgr.exe", the name of a legitimate file, MSN Messenger IM client, but residing in a different location.

Michael


Michael
Thanks for the tip. I did the search and found nothin other than legit and the ununstall scripts fir that name. Not sure why you told me I should do this but thanks anyway.


ID: 1295 · Report as offensive
Michael Roycraft
Avatar

Send message
Joined: 24 Nov 05
Posts: 129
United States
Message 1362 - Posted: 30 Nov 2005, 21:06:44 UTC - in response to Message 1295.  

Michael
Thanks for the tip. I did the search and found nothin other than legit and the ununstall scripts fir that name. Not sure why you told me I should do this but thanks anyway.


Tigher,

My reasoning was that it sounds very odd to me that spoolsv.exe should need access to the internet, and why I suggested the search? - "There are some clever Trojans circulating lately that masquerade themselves by adopting names of legitimate, necessary Windows OS files, so that when someone sees that filename in Task Manager or whatever they are deceived into believing all is well and good."

I'm glad that your search turned up no spurious spoolsv files.

Michael

"The arc of history is long, but it bends toward Justice"
ID: 1362 · Report as offensive

Message boards : BOINC client : Spoolsv Wanting Internet Access since installing new version

Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.