cancel
Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 11 of 54

Re: Printer Virus?

itsupport.gwent wrote:

Same issue here effecting muitple sites with printers that were not orginally installed on the  infected PC, did a bit of search on google and only found info on a Virus called BugBear. we are currenly running a mcafee bugbear removal tool on effect PC.

Itsupport, I altered your user name from your email address for your protection.   For everyone here is a link to the McAfee BugBear Removal Tool:  http://home.mcafee.com/virusinfo/specialvirusremovaltool.aspx?viruskey=bugbear

if needed although from the description I'm not sure that's the exact remedy.

Message was edited by: Ex_Brit on 08/06/12 8:02:59 EDT AM

Re: Printer Virus?

We've just been hit with this as well.  Just one user workstation as far as we can tell so far.  It's not clear yet exactly what is affected, but I have noticed a hidden .dll file in the affected user's docs and settings\application data folder.  If we work out more, I'll post back here.  Anyone else got more info on this one?

Re: Printer Virus?

Maybe not related but problem began after installing several Windows Updates a few days ago...

Highlighted
Raj909
Level 7
Report Inappropriate Content
Message 14 of 54

Re: Printer Virus?

Posting on SANS this morning -

https://isc.sans.edu/diary.html?storyid=13405

Re: Printer Virus?

To follow on from Raj909's post regarding it being mentioned on SANS, I can confirm that the affected machine on our network did indeed have single digit name REG_BINARY entries in HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings.

It also drops an entry with what looks like random characters for a name in to HKCU\Software\Microsoft\Windows\CurrentVersion\Run which runs the .dll file which is dropped in the users' Application Data folder.  eg-

vjdg     REG_SZ     rundll32 "C:\Documents and settings\<user>\Application Data\netui0p.dll", QJNDKZXSB

Message was edited by: mrussell77 on 08/06/12 08:02:07 CDT
scorpy
Level 7
Report Inappropriate Content
Message 16 of 54

Re: Printer Virus?

Had this problem with 4 of our customers in last 2 days. This virus is not the bugbear.B or .A virus, removal tools for this do not work (in our cases). What dit work is checking witch user(s) is sending the files to the printer. Then check the pc he uses for cheduled tasks c:\windows\tasks there will be a task with a strange random name who runs a strange dll file. thats the one. Disable it, delete and its fixed!

Re: Printer Virus?

We saw this from one computer this morning as I arrived from work. Removing the computer form the network stopped the printer storm, but as of yet have not been able to find anything in any areas mentioned so far.  No hidden tasks, Reg key mentioned clear with no indication of infection.  No rootkits that I can detect or funny hidden files.  Just for kicks ran bugbear scanner and nothing...

Re: Printer Virus?

I take back my preivous post...

I do see the single digit binaries now and the dll in C:\Documents and settings\<user>\Application Data

I could only see these when logged in as the user.

chompi
Level 7
Report Inappropriate Content
Message 19 of 54

Re: Printer Virus?

I have the same problem. I am using symante antivirus and detected in the printer server , a files infected with

Trojan.Milicenso in the queue directory. The machine who sent a lot of bomb print  don't detect nothing. I run adware but not detect nothing.

scorpy
Level 7
Report Inappropriate Content
Message 20 of 54

Re: Printer Virus?

check your C:\windows\tasks folder trough command line (file can be hidden). when you are in the tasks folder do: dir /as

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community