PDA

View Full Version : This behavior normal?



monkeyf3ces
05-21-2006, 05:27 PM
Whenever I launch fb+ace+pf, i get a zone alarm firewall alert that spoolsv.exe is trying to access the internet. I know this is a printer app but i think it might be a security breach or something. I only get the alert when i start this particular .exe file. Is spoolsv.exe supposed to connect to the internet whenever i launch IL-2?

SOLO_Bones
05-21-2006, 05:52 PM
Did you install the PE-2 add-on by any chance? If so, it's probably Boonty Box calling home. You may find reference to it in these forums (facetious). You will need to remove BB from your system and install the Boonty-free exe's.

LEBillfish
05-21-2006, 07:04 PM
Yes it is normal and has NOTHING to do with BoontyBox.

monkeyf3ces
05-21-2006, 07:56 PM
Why does spoolsv.exe try to access the internet every time i launch il2?

LEBillfish
05-21-2006, 08:18 PM
Originally posted by monkeyf3ces:
Why does spoolsv.exe try to access the internet every time i launch il2?

I've no idea, post in community help as they may have an answer for you there.

-HH-Quazi
05-21-2006, 09:02 PM
A quote I found off the CastleCops forum by TopperID:

"Well, Print Spooler (spools.exe) likes to have access so you can print over the net, if you wish. It loads files to memory ready for printing. If you have the service set to 'automatic' it will do this every time you boot-up. That is why I have the Spooler service set to 'manual'; that way it only comes to life when I use my printer (which is not very often!)."

I also set mine to manual for the very same reason.

WB_Outlaw
05-21-2006, 09:10 PM
There are multiple worms/trojans that infect this file. I would not think it should be asking for access to the internet unless you have installed an IP printer in the past. Regardless, there is NO REASON IL-2 should be kicking this off.

--Outlaw.

LEBillfish
05-21-2006, 09:13 PM
Originally posted by WB_Outlaw:
There are multiple worms/trojans that infect this file. I would not think it should be asking for access to the internet unless you have installed an IP printer in the past. Regardless, there is NO REASON IL-2 should be kicking this off.

--Outlaw.

Mine always has......lets not start a virus panic

Metabaron2005
05-22-2006, 02:17 PM
"Call me savage, and you're only telling me how much of the
natural world you have forgotten and the nature of minds"

http://forums.ubi.com/images/smilies/16x16_smiley-very-happy.gif ... not forgotten, only evolued ...

LEBillfish
05-22-2006, 03:55 PM
Originally posted by Metabaron2005:
http://forums.ubi.com/images/smilies/16x16_smiley-very-happy.gif ... not forgotten, only evolued ...

did you mean "evolved"?......... http://forums.ubi.com/images/smilies/16x16_smiley-wink.gif......In either case sadly you do not understand the phrase, more so, proving it.

VW-IceFire
05-22-2006, 05:14 PM
Originally posted by Metabaron2005:
"Call me savage, and you're only telling me how much of the
natural world you have forgotten and the nature of minds"

http://forums.ubi.com/images/smilies/16x16_smiley-very-happy.gif ... not forgotten, only evolued ...
I think you mean "evolved". Everyone has different perspectives on that sort of thing but in terms of the quote as I interpret it...the person speaking the quote is suggesting that we aren't as civilized or evolved away from the natural world as we sometimes would like to think so. If you've seen a brawl before then I think you'll know what I think they are saying.

Or at least thats my interpretation. Literature is always open to interpretation.

Anyways, Windows operations make all sorts of calls to the internet...most of the time just seeing if there is anything to contact to. One network analyst likened Windows to one of those hyper kids at the age of two that go running around saying hello to everyone multiple times just to see if anyone says hi back.

SOLO_Bones
05-23-2006, 04:37 AM
Lebillfish is correct, it is not Boonty. My mistake in reading your post too fast. I was thinking SVCHOST which can be one of many services running in your XP comp, including Boonty Box trying to call home. In the case of SPOOLSV it may be benign as issues have risen with Zone Alarm but it could also be a Trojan. A good scan is in order.

WB_Outlaw
05-23-2006, 08:10 AM
Originally posted by LEBillfish:
<BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Originally posted by WB_Outlaw:
There are multiple worms/trojans that infect this file. I would not think it should be asking for access to the internet unless you have installed an IP printer in the past. Regardless, there is NO REASON IL-2 should be kicking this off.

--Outlaw.

Mine always has......lets not start a virus panic </div></BLOCKQUOTE>

Wow, no wonder computer viruses are so widespread. With attitudes like this computer viruses couldn't stop spreading if they were programmed to stop. I bet the late residents near Mt. St. Helens thought along those same lines back in '80.

If an app. on your computer that is a KNOWN harborer of trojans and worms is trying to access the Internet and you have never configured it to do so, (ie, in this case mapped a printer over the Internet), then it's time to panic. Likewise, if you live in the shadow of a smoking volcano that has a 1000 ft bulge in the side that wasn't there last week, it's time to panic.



Originally posted by VW-IceFire:
Anyways, Windows operations make all sorts of calls to the internet...most of the time just seeing if there is anything to contact to. One network analyst likened Windows to one of those hyper kids at the age of two that go running around saying hello to everyone multiple times just to see if anyone says hi back.

Windows does NOT just willy nilly start making calls to the Internet just to see who is home. If your PC is doing that, it's time to panic.

--Outlaw

LEBillfish
05-23-2006, 08:38 AM
Originally posted by WB_Outlaw:
Wow, no wonder computer viruses are so widespread. With attitudes like this computer viruses couldn't stop spreading if they were programmed to stop. I bet the late residents near Mt. St. Helens thought along those same lines back in '80.

If an app. on your computer that is a KNOWN harborer of trojans and worms is trying to access the Internet and you have never configured it to do so, (ie, in this case mapped a printer over the Internet), then it's time to panic. Likewise, if you live in the shadow of a smoking volcano that has a 1000 ft bulge in the side that wasn't there last week, it's time to panic.


<BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Originally posted by VW-IceFire:
Anyways, Windows operations make all sorts of calls to the internet...most of the time just seeing if there is anything to contact to. One network analyst likened Windows to one of those hyper kids at the age of two that go running around saying hello to everyone multiple times just to see if anyone says hi back.

Windows does NOT just willy nilly start making calls to the Internet just to see who is home. If your PC is doing that, it's time to panic.

--Outlaw </div></BLOCKQUOTE>

Hmmm.......lets think about this........Could it be Windows/I.E. sets up spoolsv.exe to do this....Hmmm...Ah why yes!...."print screen".....and yes, Windows, in fact a whole slew of sometimes worthless programs like printer software, media players, anything that has update features built in, etc., pound away to see if you're connected to the internet to "phone home" if you will.........

Naturally just to keep you up to date on your software or keep services you "might use" instantly available...(uh huh, yea right)....Yet most never realize it till they install something like ZoneAlarm and suddenly all these warnings start going off that their "Windows Firewall" never paid mind to (go figure)......

This is why you want to "disable" automatic udates, as not only are they sucking up bandwidth they are utilizing PC resources. Now also remember you have a number of "services" that don't connect to the net that continue to chug away just "waiting" for you to use them as though they're the sole reason you have a PC....

It's nothing new, it's nothing to panic about, but always good to look into, turn off if not needed, and get a smoother running PC. However most folks day in and day out never even know these things are running........Zone Alarm very good at making you see how much actually is going on.

So use it to find services you want off......and if you're afraid it might harbor viruses or spyware or trojan horses or worms....Then check them out with you antivirus websites.....

But don't try and start a panic because "you assume or have heard"....Tell you what, post the links you have to anti-virus sites that describe the activity you discuss......As NONE of my anti-virus/spyware/firewalls are seeing it this way.

LEBillfish
05-23-2006, 08:59 AM
Originally posted by VW-IceFire:
<BLOCKQUOTE class="ip-ubbcode-quote"><div class="ip-ubbcode-quote-title">quote:</div><div class="ip-ubbcode-quote-content">Originally posted by Metabaron2005:
"Call me savage, and you're only telling me how much of the
natural world you have forgotten and the nature of minds".
Everyone has different perspectives on that sort of thing but in terms of the quote as I interpret it...the person speaking the quote is suggesting that we aren't as civilized or evolved away from the natural world as we sometimes would like to think so. If you've seen a brawl before then I think you'll know what I think they are saying.

Or at least thats my interpretation. Literature is always open to interpretation.. </div></BLOCKQUOTE>

Actually, I came up with that phrase for a RPG Barbarian character I made......Essentially meant to say, "Barbaric/Savage seeming ways are often what IS our nature, so "natural" and fitting in well with how things are in nature.....The second part stating that if you don't realize this, you're not seeing that link in all people, most of all, forgetting how savage ones "restrained" thoughts and urges are....So in truth, down deep, all as savage, instinctual, and reflexive as anything in nature.

WB_Outlaw
05-23-2006, 09:06 AM
Originally posted by LEBillfish:
Tell you what, post the links you have to anti-virus sites that describe the activity you discuss

http://www.symantec.com/avcenter/venc/data/backdoor.ciadoor.b.html


Let me reiterate...Wow.

--Outlaw

LEBillfish
05-23-2006, 09:38 AM
Yes however that is something that tries to make itself look like spoolsv.exe, yet is not spoolsv.exe suddenly corrupted and infected.

You'll note as well I state above to turn as many automatic services to manual or off....According to your logic anything that ZA stops "IS" a virus/spyware/worm/etc.....That's simply not the case. EVERYONES spoolsv.exe tries to run until turned off or made manual.....and what you are showing has NOTHING to do with it slipping in because of it.

As I said above, if it concerns you, check it out......Just be sure of what you're deleting in your panic (as if I deleted everything ZA caught onto I'd have a tin box full of wires and chips not a PC)........It's a good tool, I reccomend it to everyone, just use it wisely.

WB_Outlaw
05-23-2006, 10:48 AM
Since you want to get down to insignificant details...


Originally posted by LEBillfish:
As I said above, if it concerns you, check it out......Just be sure of what you're deleting in your panic (as if I deleted everything ZA caught onto I'd have a tin box full of wires and chips not a PC)........It's a good tool, I reccomend it to everyone, just use it wisely.

Actually, you said this...


Originally posted by LEBillfish:
Yes it is normal and has NOTHING to do with BoontyBox.

I simply said...

"There are multiple worms/trojans that infect this file. I would not think it should be asking for access to the internet unless you have installed an IP printer in the past. Regardless, there is NO REASON IL-2 should be kicking this off."

I never said to delete anything. I did leave out "masquerade" as a possible method of infection but almost any idiot can see the point of the statement, which is to warn the user that something MIGHT be wrong. I also used the word "think", whereas you mention as an absolute fact that monkeydoo has no problem whatsoever and should not even give it another thought.

The monk man did not mention where the file was located yet you are able to magically divine this information and proclaim that everything is normal. Equally amazing is your ability to know the IP address his app. is attempting to reach and that it is completely safe. If I had your skills I could charge a million an hour for security evaluations.

--Outlaw.

monkeyf3ces
05-24-2006, 10:51 PM
Do u seem to get the spoolsv.exe requesting internet access from zone alarm every time you launch IL2? In my case, it's not just a scheduled update, it requests internet access every time i launch IL2. My spoolsv.exe is located in the proper system32 file. The following ip it tries to connect to is in the following info:
Akamai - Cache Servers SBCIS-071205095049 (NET-70-245-59-0-1)
70.245.59.0 - 70.245.59.255
OrgName: SBC Internet Services
OrgID: SIS-80
Address: 2701 W 15th St PMB 236
City: Plano
StateProv: TX
PostalCode: 75075
Country: US

NetRange: 70.240.0.0 - 70.255.255.255
CIDR: 70.240.0.0/12
NetName: SBCIS-SIS80
NetHandle: NET-70-240-0-0-1
Parent: NET-70-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.SWBELL.NET
NameServer: NS2.SWBELL.NET
Comment: Contact ************@sbis.sbc.com for general IP Admin support.
Comment: Contact *******@swbell.net for technical support issues.
Comment: Contact *****@swbell.net for policy abuse issues.
RegDate: 2004-02-25
Updated: 2005-09-30

RTechHandle: ZS44-ARIN
RTechName: IPAdmin-SBIS
RTechPhone: +1-800-648-1626
RTechEmail: *******@att.com

OrgAbuseHandle: ABUSE6-ARIN
OrgAbuseName: Abuse - Southwestern Bell Internet
OrgAbusePhone: +1-800-648-1626
OrgAbuseEmail: *****@sbcglobal.net

OrgNOCHandle: SUPPO-ARIN
OrgNOCName: Support - Southwestern Bell Internet Services
OrgNOCPhone: +1-800-648-1626
OrgNOCEmail: *******@swbell.net

OrgTechHandle: IPADM2-ARIN
OrgTechName: IPAdmin-SBIS
OrgTechPhone: +1-800-648-1626
OrgTechEmail: ************@sbis.sbc.com

Thanks for the help in advance!

-HH-Quazi
05-25-2006, 02:03 AM
You wanna see just how active programming on your computer is in wanting to or connecting to the internet? Not sure if you can do this with ZA, but with Nortons firewall, I can set it to let me know everytime a program is connecting to, or if a program is using another program to connect to the internet and to ask my permission whether on not to let it(them). If I set it up like that, I can't hardly take the time to open my browser and surf\read anything. It seems like every few seconds Nortons' firewall is popping up windowed boxes concerning programs wanting to automatically connect to the internet.

As far as the spoolsv.exe? Disable it in Services and restart your rig. Then if you get a message that spoolsv.exe is connecting to the internet, that is when I would be concerned about a virus or trojan.

DuxCorvan
05-27-2006, 01:58 PM
Originally posted by LEBillfish:
lets not start a virus panic

VIRUS! AAAAAAAAAH!
http://www.jakob.at/albums/studio-2000/terrified.gif