Is the file WIN_SPOOL2.EXE located on your computer? Then your computer is infected.
We do suggest you should remove WIN_SPOOL2.EXE from your computer as soon as possible.
WIN_SPOOL2.EXE is Trojan/Backdoor.
Kill the process WIN_SPOOL2.EXE and remove WIN_SPOOL2.EXE from the Windows startup.
Malware Analysis of WIN_SPOOL2.EXE
Full path on a computer: %SysDir%\win_spool2.exe
Detected by UnHackMe:
Item Name: win_spool2
Author:
Current Setting: %SYSDIR%\WIN_SPOOL2.EXE
Type: Registry Run
Item Name: win_spool2.exe
Author: Unknown
Related File: %SYSDIR%\WIN_SPOOL2.EXE
Type: Running Processes
Removal Results: Success
Number of reboot: 1
WIN_SPOOL2.EXE is known as:
Trojan.Spy.SCKeyLogger, Trojan-Spy.SCKeyLog.O, Trojan-Spy.SCKeyLog.au.4, Keylog-SClog, Spy.SCKeyLog, Spyware ( 0000b10d1 ), Spyware ( 00011dd91 ), Trojan.Spy.SCKeyLog.au, Trojan.SCKeyLog.epgf, W32.SCkeylogger.D, Spyware.SCKeyLogger, SCKeylog.ANMB, Win32.SCKeylog.M, Trojan.Spy-202, Trojan-Spy.SCKeyLog.au, TrojanSpy.SCKeyLog.MYQVzWmqzaA, Trojan.Agent.Gen-Dropper[IEFav], TrojWare.Spy.SCKeyLog.O, Trojan.SCKeyLog.20, TR.Spy.SCKeyLo.o.17, Troj.SCKeyLog-O, TrojanSpy.SCKeyLog.ey, Troj.SCKeyLog.ax.(kcloud), TrojanSpy.SCKeyLog.O, Trojan.A.SCKeyLog.29184, W32.SCkeylogger.IHYA-9115, TrojanSpy.SCKeyLog, Trj.Rovaf.A, Win32.Spy.SCKeyLog.O, PE:Trojan.Spy.ScrSaver.a.1073912110, Virus.SCkeylog, W32.Sckeylog.O.tr
WIN_SPOOL2.EXE hash:
- MD5: eafb82d8fa1eb8d57bb9cf4bf2cedcfe
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\win_spool2: “%SysDir%\win_spool2.exe”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\win_spool2\DllName: “win_spool2.dll”
- %Temp%\67-41
- %Temp%\ief1.tmp
- %SysDir%\2loops_niw.dat
- %SysDir%\win_spool2.dll
- %SysDir%\win_spool2.exe