• Main Menu
  • spooldr.sys

    The file spooldr.sys damages the stability of integral processes necessary for Microsoft (MS) Windows Operating System versions to function correctly. The spooldr.sys infects computers running on MS Windows by making use of the Trojan.Packed.13 malware application.

    The Trojan.Packed.13 is a malicious process that is distributed through spam known as Peacomm. The Peacomm spam convinces its recipients to navigate their browsers to a website with an applet.exe link. The site also executes a JavaScript routine that embeds a process which exploits WMP vulnerability. The WMP vulnerability is exploited by the JavaScript routine after users cancel access to a "Secure Login Applet" that is launched upon visiting the website.

    At this point, a successful exploitation of the WMP vulnerability will initialize the download of a small process to the compromised machine. The small process then executes the download and subsequent initialization of the applet.exe on the MS Windows-based machine. Both of these malicious applications are known as Trojan.Packed.13.spooldr.sys

    Furthermore, the execution of applet.exe is initialized. This allows it to reproduce a copy of itself that is dropped to the Windows folder of the system partition as spooldr.exe. This in turn provides the malware process with the capability to deploy a kernel driver known as spooldr.sys, which is dropped to the System folder of the MS Windows partition. The spooldr.sys then initializes the execution of the spooldr.exe file by making use of a process similar to a shell code routine on MS Windows Explorer.

    Removing spooldr.sys

    Given below are few steps to remove the unwanted spooldr.sys files from your system. Before initializing the removal process, backup your files for recovery if anything goes wrong.

    Step 1: Use Windows File Search Tool to Find spooldr.sys Path

    1. Go to Start. Click on Search and All Files or Folders
    2. In the All or part of the file name section, type in spooldr.sys
    3. To get better results, select Look in: Local Hard Drives or Look in: My Computer and then click Search button
    4. When Windows finishes your search, hover over the In Folder of spooldr.sys, highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete spooldr.sys in the following manual removal steps.

    Step 2: Detect and Delete spooldr.sys Files

    1. Open Task Manager. Select the spooldr.sys process and click on the End Process button to end it
    2. Open the Windows Command Prompt, go to Start. Click Run. Type cmd and then press the OK button
    3. Type in dir /A <folder name> (e.g. dir /A C:Spyware-folder), which will display the folder's content along with the hidden files
    4. To change directory, type in cd <folder name> (e.g. cd Spyware-folder)
    5. To delete a file in folder, type in del <file name>
    6. To delete the entire folder, type in mdir /S <folder name>

    Got Something To Say:

    Your email address will not be published. Required fields are marked *

    1. Bill

      2 September, 2011 at 3:48 pm

      I just got the same “problem”. I rarely get blue screens (win xp, sp3), but today I got one and just for the heck of it I did send an error report (I think my first time and last, lol). I got the same result, Microsoft telling me that my computer has a malware called spoolsdr.sys, which I found a bit surprising, since I have a quite well protected system and good browsing habbits etc and no watrnings or anything. Anyway it turns out my computer has no such files (spoolsdr.*), services or registry entries. Apparently there’s something wrong with MS’s error reporting system. Or maybe they’re just trying to put the blame of a faulty OS to some random malware programs… 😉

      The spoolsv.exe is a printing/fax service and if it’s located in your windows\system32 folder, then it’s legit and you have nothing to worry about. Also if you don’t use a printer/fax, you could disable that service. Not that it hogs too much resources or anything, but you know, less moving parts is less things to get broken.

    2. Carl

      15 August, 2011 at 1:50 pm

      I have had a number of hardware/blue screen stop errors (like the instant shutdown, etc), and when I send the error report (which I rarely do), Windows brings me to their website and tells me that this problem was caused by spooldr.sys. I searched my entire computer, all system and hidden folders, and my computer could find nothing. There is also a task running called spoolsv.exe, and I have heard from other websites that this is a virus if it’s in your system32 folder. If/How are these related, and does anyone know what I can do?

    Windows Processes
    } 168 queries in 0.455 seconds.