can't get rid of spoolsv32.exe

file was found in Docs&Settings%user%\Local Settings\temp or Temp Internet Files.

restarted comp several times with same result from avast! :
“found blabla\spoolsv32.exe[URX]”

I delete it. restart comp and then again same message. I even made full “at-boot-time” scan… with same result.

google tells me that spoolsv32 is dangerous.

help me to remove this vir.

==============

Another problem got from “old friend” (which forced me to install avast!)
It is windows\system32\ipv6mons.dll
I know how to remove it manually, but apparently avast! does not know even though I tryed to scan that file directly with avast!

If a virus is replicant (coming and coming again), you should:

  1. Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again after step 3).

  2. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

  3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

  4. It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).

  5. Use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

ok. if i would know that all restore points will be deleted i would not follow your advice.

i follow total restore.

thanks.

This is an unfortunate consequence of windows protecting the system folders, if you delete something from the system folders windows saves a copy to the system volume information folder (also a windows protected area) as a restore point.

If at some point in the future you use system restore you could well be reinfecting your system. It is common practice when dealing with infected files in the system folders to disable system restore before you start.

So when you are dealing with a virus that keeps coming back to the system folder you really should disable system restore until everything is complete. At that point you should do another scan to ensure you are clean and at that point enable system restore and reboot, that will create a clean restore point you can use in the future.

You should try the programs in point 4 to try and detect what is bringing back the spoolsv32.exe file in your system and the c:\windows\system32\ipv6mons.dll in your friends system.

If you have an infected restore point, the virus will come back…
Viruses use this Windows feature to replicate themselves. The only way will be a clean, full partition backup and not the restore points.

ok. you convinced me.

I boot-scanned comp after clean-up and run AVG Anti-spyware. It did not detect my problem (but some others).

The virus (exact name Win32:Agent-CPG) is reappearing again.

Did you follow all steps I’ve posted before?

Is it the spoolsv32.exe and in the same location Docs&Settings%user%\Local Settings\temp or Temp Internet Files ?
Please paste the full details of the detection here ?
Check the avast! Log Viewer (right click the avast icon), Warning section, this contains information on all avast detections.

What is your firewall ?
That should stop unauthorised outbound Internet Connections, which should stop a connection to download this.

only upto 4). while cleaning I ejected my Wireless card.

no firewall, escept avast guard.
i removed avast. tomorrow will install kaspersky. if does not work, will reformat disk. better to avoid it, but reformatting+reinstall will cost me 1 day. with cleaning i already spent 2.

avast isn’t a firewall, and trying to clean a system without an effective firewall that can protect against unauthorised outbound Internet Connections (see below) is likely to be an uphill battle, as is already apparent by the fact you have been at it for two days.

You really should have left avast installed as in the meantime you have no protection at all. You can run on-line scans to provide a secondary scan. On-line Virus Scanners and other useful Links Security-Ops.eu.tt, you should see Kaspersky on that list of on-line scanners. Whichever one you choose, establish a connection with the site and just before you are about to start the scan, pause the Standard Shield so there is no conflict. Once the on-line scan is complete enable the standard shield again.

Firewalls:
Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.

  • uploaded test version of Kaspersky.
  • it contains all features u have described in one single application.
  • scanning the computer. it already got all viruses/trojans i was suffering from and blocks all suspicious interventions

I AM HAPPY!

Kaspersky is a very good antivirus.
Only remember that safety is in favor of layered defense and not of suites.
Remember that there isn’t a perfect software. Hope Kaspersky never let you on the side of the road…
Besides this, it’s not a free suite 8)