It does this by creating a directory called RECYCLER in the root of the removable drive. A file name for the worm's executable inside the ZIP archive. Removable Drives Worm:Win32/Slenfbot may attempt to spread via removable drives, except drives A and B. One or both of the following programs may be needed to break apart certain "grouped" files found later in the list. Your cache administrator is webmaster.
This entry has been requested 1,429 times. Process description: Microsoft Spool 12 Service Author: Unknown Part of: Unknown We have yet to research the spool12.exe process, or we were unable to find sufficient information.If you have any information The worm also contains backdoor functionality that allows unauthorized access to an affected machine. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP and Vista is C:\Windows\System32. The worm makes a further registry modification that
Vote: Unknown Safe Normal Dangerous Message: (Messages are NOT required to vote) To help us fight spam, please answer the following question: What is four + 4? For example: E:\RECYCLER\S-1-6-21-1257894210-1075856346-012573477-2315\folderopen.exe The worm also creates an autorun.inf file in the root directory of the drive in order to launch the worm if, for example, the drive is spoolsvr.exe is a Windows process . Generated Wed, 18 Jan 2017 23:18:29 GMT by s_hp87 (squid/3.5.23)
Home Articles Add a process Edit a process Contact us A B C D E F G H I J K L M N O P Q R S T U If you require support, please visit the Safety & Security Center.Other Microsoft sitesWindowsOfficeSurfaceWindows PhoneMobile devicesXboxSkypeMSNBingMicrosoft StoreDownloadsDownload CenterWindows downloadsOffice downloadsSupportSupport homeKnowledge baseMicrosoft communityAboutThe MMPCMMPC Privacy StatementMicrosoftCareersCitizenshipCompany newsInvestor relationsSite mapPopular resourcesSecurity and privacy Click to Run a Free Scan for spool11.exe related errors Is the spool11.exe process a virus, spyware or malware? If in doubt, don't do anything.
rated this process as unknownVisitorWhat is this spool11.exe process and what does it do?... When the attacker orders the worm to spread via MSN Messenger, they must provide the following three parameters: A URL containing a list of possible messages to send, along with the Please try the request again. How can you fix problems with spoolsvr.exe?
If the description states that it is a piece of malware, you should immediately run an antivirus and antispyware program. If spoolsvr.exe is using too much CPU or too much memory in your system, it is possible that your file has been infected with a virus. Search Startups Startup Database Navigation Startups Home Newest Entries Rootkit List Startup Database Forum How to use the Startup Database Submit a Startup RSS Feed Newsletter Sign Up
Please try the request again. previous process spool.exe next process spool12.exe Return to top Privacy | Terms & Conditions | Resources | Contact Us All images and content copyright © 2008-2017 whatisprocess.com. The red color spreads throughout the disc to indicate whether a threat is moderate, high or severe.PreviousNextSummaryWhat to do nowTechnical informationSymptoms Symptoms System Changes The following system changes may be indicative Files contained in this directory may not be reposted on other BBSs or information services without express permission from Circuit Cellar Inc.
The system returned: (22) Invalid argument The remote host or network may be down. News Featured Latest Database Ransom Attacks Hit CouchDB and Hadoop Servers Mozilla Reveals New Logo Following Seven-Month Search New GhostAdmin Malware Used for Data Theft and Exfiltration Intel CPUs Can Be If it finds this window, it displays the following fake error message: Most variants of Win32/Slenfbot inject code into Explorer's process which effectively causes the worm file to be “locked” by Explorer. The worm chooses from this list at random.
The worm sends this ZIP archive to MSN Messenger contacts. For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx. We strictly restrict you from using this information if you are not sure about what you are doing.Recommendation 1: We recommend you to take a backup of Windows Registry before following
This consists of programs that are misleading, harmful, or undesirable. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. Installation When executed, Worm:Win32/Slenfbot.KF copies itself to the
This file has been identified as a program that is undesirable to have running on your computer. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker. Add comment Your details Name: Email: Receive notification emails when new replies are received on this page? The intention of this is obviously to delete the original copy of the worm that was received via Messenger. Modifies System Settings Slenfbot deletes the following registry keys (and any
The worm also contains backdoor functionality that allows unauthorized access to an affected machine. The worm places this file in the ZIP archive, which it sends to MSN Messenger contacts, in place of itself. Modifies Hosts File Slenfbot replaces
It modifies the registry to run this copy at each Windows start: Adds value: "Microsoft Spool 11 Service"With data: "spool11.exe"To subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Note -
HijackThis Category O4 Entry Note %System% is a variable that refers to the Windows System folder. After the blank lines it writes several entries to direct the following anti-virus and security related domains to localhost (127.0.0.1): bbs.360safe.com blog.hispasec.com blog.threatfire.com customer.symantec.com discussions.virtualdr.com download.mcafee.com file.ikaka.com forum.piriform.com forum.securitycadets.com forum.tweaks.com Your cache administrator is webmaster. Please read that file before asking questions about what's available.
Top Threat behavior Worm:Win32/Slenfbot.KF is a worm that can spread via MSN Messenger, and may spread via removable drives. Add comment Your details Name: Email: Receive notification emails when new replies are received on this page? rated this process as unknownVisitorAnyone have ANY info? Top Follow:I want to...Get helpRemove difficult malwareAvoid tech support phone scamsSee and search the latest threatsFind answers to other problemsFix my softwareFix updates and solve other problemsSee common error codesDownload and
If you have any problems with spoolsvr.exe, you may try using a registry cleaner or a speed-up software to check, analyze, and fix problems that are affecting the performance of your All Rights Reserved. If you think that this file contains a virus or another malware, please download a virus scanner. All Rights Reserved.
Generated Wed, 18 Jan 2017 23:18:29 GMT by s_hp87 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.10/ Connection Spreads Via… MSN Messenger This worm can be ordered to spread via Messenger by a remote attacker using the worm's backdoor functionality (see Payload below for additional detail).