Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.



03 July 2006
Risk Impact:
Systems Affected:


Spyware.PrintMonitor is spyware that monitors printer activity.

Antivirus Protection Dates

  • Initial Rapid Release version 02 October 2014 revision 022
  • Latest Rapid Release version 07 May 2019 revision 006
  • Initial Daily Certified version 03 July 2006
  • Latest Daily Certified version 07 May 2019 revision 008
  • Initial Weekly Certified release date 05 July 2006
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Spyware.PrintMonitor is spyware that monitors printer activity.

When the risk is first executed, it creates the following files:
%UserProfile%\Desktop\SpyArsenal Print Monitor.lnk
%UserProfile%\Start Menu\Programs\SpyArsenal Print Monitor\SpyArsenal Print Monitor.lnk
%ProgramFiles%\SpyArsenal Print Monitor\pm32.dll
%ProgramFiles%\SpyArsenal Print Monitor\pm32.exe
%ProgramFiles%\SpyArsenal Print Monitor\pm32.rep
%ProgramFiles%\SpyArsenal Print Monitor\RVPM32.exe
%ProgramFiles%\SpyArsenal Print Monitor\Uninstall.exe
%UserProfile%\Start Menu\Programs\SpyArsenal Print Monitor Pro\SpyArsenal Print Monitor Pro.lnk
%ProgramFiles%\SpyArsenal Print Monitor Pro\license.txt
%ProgramFiles%\SpyArsenal Print Monitor Pro\PMPro32.dll
%ProgramFiles%\SpyArsenal Print Monitor Pro\pmpro32.exe
%ProgramFiles%\SpyArsenal Print Monitor Pro\PMPro32.rep
%ProgramFiles%\SpyArsenal Print Monitor Pro\RVPMPro32.exe
%ProgramFiles%\SpyArsenal Print Monitor Pro\Uninstall.exe

The risk creates the following registry subkeys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SpyArsenal Print Monitor

The risk creates the following registry entry:

The risk creates the following registry entry so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"PMPro32" = "%ProgramFiles%\SpyArsenal Print Monitor Pro\pmpro32.exe"

The risk creates the following folder to be used to store copies of the documents being sent to the printer:
%ProgramFiles%\SpyArsenal Print Monitor Pro\Documents

The risk can log any printer use and can save the documents being printed locally.

The risk uses some basic rootkit technologies to run in full stealth mode, hiding its own folder and autorun registry key.

A hotkey can be used to popup the main user interface, and a password can be configured so that only the administrator can access the program data.

The risk can also send logs periodically via email or via FTP to an email account or FTP site configured by the user.

NOTE: The security risk exists in two versions:
Lite version: SpyArsenal Print Monitor
Full Version: SpyArsenal Print Monitor Pro
The lite version only logs printer usage. It does not save copies of the printed document, it does not have any stealth features, it does not have the capability to send logs via email or ftp.
The full version has all the features described above.