The file spooldr.sys damages the stability of integral processes necessary for Microsoft (MS) Windows Operating System versions to function correctly. The spooldr.sys infects computers running on MS Windows by making use of the Trojan.Packed.13 malware application.
At this point, a successful exploitation of the WMP vulnerability will initialize the download of a small process to the compromised machine. The small process then executes the download and subsequent initialization of the applet.exe on the MS Windows-based machine. Both of these malicious applications are known as Trojan.Packed.13.
Furthermore, the execution of applet.exe is initialized. This allows it to reproduce a copy of itself that is dropped to the Windows folder of the system partition as spooldr.exe. This in turn provides the malware process with the capability to deploy a kernel driver known as spooldr.sys, which is dropped to the System folder of the MS Windows partition. The spooldr.sys then initializes the execution of the spooldr.exe file by making use of a process similar to a shell code routine on MS Windows Explorer.
Given below are few steps to remove the unwanted spooldr.sys files from your system. Before initializing the removal process, backup your files for recovery if anything goes wrong.
Step 1: Use Windows File Search Tool to Find spooldr.sys Path
- Go to Start. Click on Search and All Files or Folders
- In the All or part of the file name section, type in spooldr.sys
- To get better results, select Look in: Local Hard Drives or Look in: My Computer and then click Search button
- When Windows finishes your search, hover over the In Folder of spooldr.sys, highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete spooldr.sys in the following manual removal steps.
Step 2: Detect and Delete spooldr.sys Files
- Open Task Manager. Select the spooldr.sys process and click on the End Process button to end it
- Open the Windows Command Prompt, go to Start. Click Run. Type cmd and then press the OK button
- Type in dir /A <folder name> (e.g. dir /A C:Spyware-folder), which will display the folder's content along with the hidden files
- To change directory, type in cd <folder name> (e.g. cd Spyware-folder)
- To delete a file in folder, type in del <file name>
- To delete the entire folder, type in mdir /S <folder name>