Pages

Subscribe:

Ads 468x60px

Monday, 5 March 2012

spooldr.sys


The file spooldr.sys damages the stability of integral processes necessary for Microsoft (MS) Windows Operating System versions to function correctly. The spooldr.sys infects computers running on MS Windows by making use of the Trojan.Packed.13 malware application.
The Trojan.Packed.13 is a malicious process that is distributed through spam known as Peacomm. The Peacomm spam convinces its recipients to navigate their browsers to a website with an applet.exe link. The site also executes a JavaScript routine that embeds a process which exploits WMP vulnerability. The WMP vulnerability is exploited by the JavaScript routine after users cancel access to a "Secure Login Applet" that is launched upon visiting the website.
At this point, a successful exploitation of the WMP vulnerability will initialize the download of a small process to the compromised machine. The small process then executes the download and subsequent initialization of the applet.exe on the MS Windows-based machine. Both of these malicious applications are known as Trojan.Packed.13.spooldrsys spooldr.sys
Furthermore, the execution of applet.exe is initialized. This allows it to reproduce a copy of itself that is dropped to the Windows folder of the system partition as spooldr.exe. This in turn provides the malware process with the capability to deploy a kernel driver known as spooldr.sys, which is dropped to the System folder of the MS Windows partition. The spooldr.sys then initializes the execution of the spooldr.exe file by making use of a process similar to a shell code routine on MS Windows Explorer.

Removing spooldr.sys

Given below are few steps to remove the unwanted spooldr.sys files from your system. Before initializing the removal process, backup your files for recovery if anything goes wrong.
Step 1: Use Windows File Search Tool to Find spooldr.sys Path
  1. Go to Start. Click on Search and All Files or Folders
  2. In the All or part of the file name section, type in spooldr.sys
  3. To get better results, select Look in: Local Hard Drives or Look in: My Computer and then click Search button
  4. When Windows finishes your search, hover over the In Folder of spooldr.sys, highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete spooldr.sys in the following manual removal steps.
Step 2: Detect and Delete spooldr.sys Files
  1. Open Task Manager. Select the spooldr.sys process and click on the End Processbutton to end it
  2. Open the Windows Command Prompt, go to Start. Click Run. Type cmd and then press the OK button
  3. Type in dir /A <folder name> (e.g. dir /A C:Spyware-folder), which will display the folder's content along with the hidden files
  4. To change directory, type in cd <folder name> (e.g. cd Spyware-folder)
  5. To delete a file in folder, type in del <file name>
  6. To delete the entire folder, type in mdir /S <folder name>





Related Articles
  1. NTFS Permissions after Copying or Moving Files
  2. How Vista File Sharing works
  3. How to Change the Swap File Settings
  4. Java Applet
  5. How to Remove WGA

0 comments:

Post a Comment