Defense+ reports shellcode injection attack in spoolsv.exe when opening MS Word

Hi All, I have avast antivirus running, and Comodo firewall and defense+
I recently activated defense+, and since then, whenever I open any MS Word doc, then I get this warning from defense+ of “Shellcode injection attack due to possible Buffer overflow protection in spoolsv.exe”. When I terminate this process, all my printers are gone. Any clues ? Is it a virus / malware ?

I have following printers installed

  1. Canon ip1800
  2. PrimoPDF
  3. CutePDF
  4. novaPDF
  5. MS ImageWriter
  6. MS XPSwriter

In this situation it is best to check for a possible virus infection just to be certain. There is some nasty malware out there these days that abuses a buffer overflow in Spoolserver. So before we are going to allow the alert it is best to make sure your computer is clean.

Follow What to do if you’re infected - eXPerience Rev.3 and report back.

There doesn’t seem at first sight to be a virus, but a serious problem with cis, spoolsv, and word:
https://forums.comodo.com/defense-sandbox-help-cis/ntvdmexe-t61757.0.html

For the record.I’d rather be safe than sorry.

Certainly, and the op should check.

But for my situation, i did: the only “malware” in it is defense+ attacking via ntvdm and spoolsv my printer as soon as i open word, and also from some other prining able applications (pdf…).