We are experiencing the same issue, which started last night and has affected multiple users across multiple offices. Print jobs are being sent to hundreds of printers throughout the enterprise. The print jobs contain garbled text.
We have contacted McAfee Support and will be providing samples from an infected machine.
This issue was identified today at my company today. The impact is global and effecting approximately 80 print servers. The print job names were all 15 characters in length and unique. The print jobs were all garbage print, as if it was opening the .exe and printing the garbage text. Our virus vendor has stated several other customers are experiencing this same issue, but no resolution has been identified as of yet. We did identify the accounts of 5-6 users, which we changed the passwords for. The issue seems to have stopped, once the passwords have been changed. The fear is that this issue will resurface after a period of time. Has anyone further identified the issue or has your AV vendor provided a resolution?
Sample Print Job Names:
Message was edited by: gregsmithitsecurity on 6/7/12 4:45:30 PM CDT
In reaching out to our different vendors, Microsoft currently has a customer having this exact same issue. Microsoft was able to resolve their customer's issue through MS Forefront, however is not able to supply information for other vendors to assist in resolving this issue.
I have not heard any updates yet. I manage McAfee and EPO policies for the Windows servers in our environment. These viruses seem to originate from workstations.
I've been asked to back off and let the guys that manage McAfee on the workstations handle the issue.
I've asked to be kept in the loop so if I hear anything I'll post it.
Thanks for everyone's response so far! This does instill confidence that we are looking in the right place on how to resolve this.
Same issue here working with McAfee Tech now pulling files from cc:\windows\task, there should be a job file pointing to a hidden dll
Used: GMER Rootkit Detector Tool from google to see the hidden files Hope this will help
For those of you that have been impacted did you have the Microsoft Security Advisory 2718704 installed on the impacted assets and print servers?
We have the same activity since yesterday on my company.
Is there any update about this issue?
Same issue here. Scanning all PC's now but without success.
Same issue here effecting muitple sites with printers that were not orginally installed on the infected PC, did a bit of search on google and only found info on a Virus called BugBear. we are currenly running a mcafee bugbear removal tool on effect PC.