I have just finished recovering from a major computer disaster. After
everything is finished, I find that a file called "spoolsv.exe" is
attempting to access the internet.

Upon investigating, I realize that the file is a legitimate windows file
that controls printer spooling. I also found that Trojans can replace this
file and use it to monitor TCP ports for instructions to launch the Trojan.

Therefore;
- I checked the version and file size of spoolsv.exe and it is correct for
my windows version and SP.
- I also did a full virus scan with current virus definitions and all is OK.
- I also looked for the files and registry entries typical of the Trojan and
they do not exist.
- I blocked internet access by spoolsv.exe in ZoneAlarm firewall and see no
negative impact.
- I can still print.

The only system changes that I made as part of my disaster recovery was the
installation of MS Security patch KB 823980. I don't believe that this patch
changed spoolsv.exe

Anyone know why this beast is trying to access the net?

Thank,
GKC