Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Computer behaving oddly

Mar 14, 2004 1:24PM PST

Over the past week my computer has been behaving very strangely on occasion. It seems to "stall" and it takes an age to bring up a new window or open explorer or indeed anything. When I try to shut down the computer it wont shut down, the desktop just sort of greys slightly and hangs. I am running Windows 98SE and I have Nortons anti-virus which is set to auto update and does so several times a day, Zone Alarm Pro updated version, Pest patrol, mail Washer Pro and Cyber Scrub I really felt that I should have been protected but I am feeling that perhaps there is a 'worm' on my computer somehow. This is the message that I get sometimes from Zone Alarm or at least since the strange behaviour started.
Spooler Sub System Process is trying to use another program to connect to
the Internet or your local network.

"ZoneAlarm Pro is asking you whether to allow the connection. No breach in
your security has occurred. However, an Advanced Program alert may indicate
a potentially dangerous situation. Proceed with caution.
Inside the program alert
Alert property Alert property value Technical explanation
Program Name Spooler Sub System Process A program running on your computer,
which either attempted to send an IP packet over the Internet or is waiting
for an incoming packet.
Filename SPOOL32.EXE The filename of the program that ZoneAlarm Pro found on
your computer.
Program Version 4.10.1998 The version of Spooler Sub System Process running
on your computer.
Program Size 45056 The size of the program executable file in bytes.
Program MD5 db3bee092f0e90cf799d69f99c001dae The MD5 hash, or number, that
uniquely identifies the executable.
Date Modified Apr-23-1999 10:22:00 PM The date when SPOOL32.EXE was most
recently modified.
Connect Type Access This value can be either Access, which is an Internet
connection attempt by Spooler Sub System Process or Server, which indicates
that Spooler Sub System Process is waiting for connections coming in from
the Internet.
Remote Port 1148 The port Spooler Sub System Process is using on the remote
computer.
Remote IP Address 203.59.6.116 The IP address of the remote computer that
caused the alert.
Alert Date Mar-12-2004 03:50:00 PM PST The time when ZoneAlarm Pro detected
the alert on your computer.

ZoneAlarm Pro security enforcement at time of alert"

I did a search for the Spooler Sub system Process on Google and only two sites came up in the search one a tech Forum and the other sophos in both of these it said that the System file Wucrtupd.exe shows there is a worm W32tictona on my computer. I have that file and another called wuloader.exe in my system files. I can find no reference to this worm anywhere else!! can anyone shed some light on the mystery please as I dont want to go happily deleting system files for no reason.

Discussion is locked

- Collapse -
Re:Computer behaving oddly
Mar 14, 2004 1:35PM PST

Have you tried this online scan? http://housecall.trendmicro.com they have found viruses that even Norton Anti-Virus does not even have. Good luck with your search!

-- Mike

- Collapse -
Re:Computer behaving oddly
Mar 14, 2004 1:43PM PST

Hi Mary,

First go for online scan to check if there is a worm or other malicious code using of the following:
http://housecall.antivirus.com/housecall/start_corp.asp
http://www.pandasoftware.es/activescan/activescan-com.asp

Next do the following :
1. Clean temporary internet files.
2. Go for online quick check at http://aumha.org/a/noads.htm - This page allows you to check your computer for a hundred different parasites. Use Internet Explorer in visiting that page. If there are parasites found, proceed to next steps.
3. Get the tools - Download CWShredder from http://www.spywareinfo.com/~merijn/downloads.html, Ad-aware from http://www.lavasoftusa.com/support/download/ and Spybot S&D from http://spybot.safer-networking.de/
4. Run CWShredder, Install and run Ad-aware, Install and run Spybot-S&D
5. Go back to online quick check at http://aumha.org/a/noads.htm to confirm your work.
6. If there's still a problem, download HijackThis from http://www.spywareinfo.com/~merijn/downloads.html Save it in its own folder, preferably in C:\hijackthis (create this folder hijackthis in C:\) then open Hijackthis.exe, click Scan button then click Save log. Save it in your desktop. Post the log in any of the forums listed at http://www.spywareinfo.com/~merijn/forums.html that has experts in reviewing the Hijackthis log.

You need NOT to worry on SPOOL32.EXE because it is a system process. http://www.liutilities.com/products/wintaskspro/processlibrary/spool32/ for info but if it is infected the above online scan (housecall or Panda) should detect it so don't forget to FIRST run any of the above online scan.

Good luck and let us know how it goes.

Donna

- Collapse -
Re:Re:Computer behaving oddly
Mar 14, 2004 3:27PM PST

Thanks Donna,
Housecall hasnt worked on my computer for quite some time neither will Panda > perhaps it is something to do with my Zone Alarm Pro settings. Also the scanning sites wont work either Sad could that be because ZA has script blocking enabled ????

- Collapse -
Re:Re:Re:Computer behaving oddly
Mar 14, 2004 4:07PM PST

Mary,

The requirements to run an online parasite scan IE and javascript. If javascript is already enabled, try reviewing your ZA Pro settings for 'mobile code'. Mobile code can block javascript so you might want to turn it off so you can run the parasite online scan.

WIth regards to Housecall or Panda, you need ActiveX enabled.

How do I enable ActiveX Control in Internet Explorer?
From the browser menu, click Tools > Internet Options
Click on the Security tab
Select the globe icon representing the Internet Zone
Click Custom Level
Scroll down to the ActiveX controls and plug-ins section
Under Download signed ActiveX contols select Prompt
Under Run ActiveX controls and plug-ins select Enable
Under Script ActiveX controls marked safe for scripting select Enable
Click OK to close the Security Settings window (If prompted to verify that you want to change the security settings for this zone click Yes)
Click OK to close the Internet Options window

Hope this helps Happy