Hi Pacman2004,
To recap:
You have virus-like symptoms on your computer and you have found a file spoo1sv.exe which you think is responsible. This file is identified on the web as part of the SoulJet Trojan, but when you uploaded it to Jotti’s scanner, all the tests were negative. The file came back when deleted (even when you removed the start-up entry with HijackThis!)- so it certainly behaves like malware. None of the programs I recommended has detected or removed this file.
Well, it looks like this might be a new variant of the Trojan, not yet recognised by anti-virus or anti-Trojan programs.
If it is like SoulJet, it will install itself as a Windows service, so that deleting the file will be useless, as services run even in safe mode- the Trojan can simply recreate the file later on. If it is doing this, the service is not appearing in HijackThis!, so we haven’t seen it.
There are several things to do:
Submit the file to avast! for analysis. Follow DavidR’s instructions in this thread:
http://forum.avast.com/index.php?topic=14717.msg124035#msg124035
Check to see if other anti-virus programs identify the Trojan. This usually takes from a few hours to a few days. Can you submit the file again to Jotti’s scanner and see if it is identified as malware by any of the programs? Repeat this daily, because eventually one of the programs should identify it.
Try some more online scanners and see if any pick it up. You can try these:
http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm
http://support.f-secure.com/enu/home/ols.shtml
and of course the Housecall scanner again.
Finally, you could search the registry for these entries:
* HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>
Enum>Root>LEGACY_NETMM
* HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>
Services>Netmm
If you find these, it is the Trojan service as described by Trend Micro. Do not delete these keys, but tell me if you find them.
Please let me know what happens.