cancel
Showing results for 
Search instead for 
Did you mean: 
chompi
Level 7
Report Inappropriate Content
Message 41 of 54

Re: Printer Virus?

I didn't found any virus the infected workstation . I started to install in all workstation all the windows patch available to prevent any vulnerability not reported.

javik
Level 7
Report Inappropriate Content
Message 42 of 54

Re: Printer Virus?

Is it okay to talk about potential security risks in general on this forum? I have a fairly thorough knowledge of how networked printers function, and I don't want to make things worse for everyone than they already are by explaining how this may be happening.

Though the hackers would likely know all that I would be writing here anyway.

dpgptp
Level 7
Report Inappropriate Content
Message 43 of 54

Re: Printer Virus?

We had a total of 5 workstations send out print jobs. We scanned all of them and found nothing it drops it's payload and poof... We found one PC that had the scheduled tasks but had failed to run as the file in my previous post was missing.

Re: Printer Virus?

The trojan is called Vundo.gen.ft mcafee have now identified it and release a dat edition which does detect and delete it, they have now also released a fix in superdat 6737 and 6738 is now out.

Re: Printer Virus?


When you say, they have now released a fix, does it mean that the root cause is also detected or is it only the Vundo.gen.ft trojan that they can clean?

Highlighted
Raj909
Level 7
Report Inappropriate Content
Message 46 of 54

Re: Printer Virus?

McAfee states the Vundo variant should be caught by DAT 6737 which was released on Saturday.  The latest Stinger is detecting the trojan, but unable to clean.  Uploaded sample to McAfee and waiting to hear back.

Re: Printer Virus?

The pc was printing to all printers in domain, we removed from network, could not find anything in startup, task's ect. mcaffe gave us an extra.dat, we ran a scan and it found Vundo.gen.ft and deleted it, we have since updated to superdat 6738 and put the machine back on the network, no problems so far touch wood.

Re: Printer Virus?

We are having this issue as well here's what we know:

Mcafee's DAT's/Extra's do not appear to be effective (we previously thought they were with extra's provided and new DAT's)

Appears to be enumerating print servers and printers identified on the network (windows print server)

Infected systems are not showing symptoms (we need to trace back to source system using SHD files on the print server)

Appears to have timer mechanism (waits a period of time and then spam's)

For a period of time when our extra's were working we had reporting on when we had the issue and where it was occuring in EPO console as I wrote a report on the detection.

Does anyone know how they think this walked in?  Email/Website?????

-Seats

Re: Printer Virus?

Hi, I just rolled out extra dat "Generic.Tra!868bbb3f758e" to all clients.  I will keep you posted about the results.

SamSwift
Level 12
Report Inappropriate Content
Message 50 of 54

Re: Printer Virus?

Hi Everyone,

If you haven't already done so, please can you contact technical support about these infections. We have a new extra.dat and stinger available.

Thanks,

Sam

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community