Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
34779 Views 53 Replies Latest reply: Jun 21, 2012 6:09 PM by javik RSS 1 2 3 ... 6 Previous Next
mhday Newcomer 19 posts since
Oct 11, 2011
Currently Being Moderated

Jun 7, 2012 11:52 AM

Printer Virus?

We are seeing some strange print jobs printing out reams of paper.  Here are a few of the jobs:

 

Document 51, bgyspigwbulxxeg owned by Xuser on xIP was printed on ...

Document 107, oyvsnxvrhcdxbbq owned by Xuser on xIP  was printed ...

Document 159, ggjzuojhzcfqjov owned by  Xuser on xIPx  was printed on...

Document 160, dlyjoygizpmhiff owned by Xuser on xIP was printed on ....

 

We have not had the opportunity to scan the systems identified by the jobs but I thought I'd do some preliminary investigation.

 

The workstations we've checked do not map the printer that was printing reams of paper.

 

Has anybody run accross this before?

 

Thanks ...

  • Raj909 Newcomer 15 posts since
    Aug 25, 2004
    Currently Being Moderated
    1. Jun 7, 2012 3:22 PM (in response to mhday)
    Re: Printer Virus?

    We are experiencing the same issue, which started last night and has affected multiple users across multiple offices.  Print jobs are being sent to hundreds of printers throughout the enterprise.  The print jobs contain garbled text.


    We have contacted McAfee Support and will be providing samples from an infected machine.

     

    Message was edited by: Raj909 on 6/7/12 3:22:59 PM CDT
  • Gregory Smith Newcomer 3 posts since
    Dec 15, 2011
    Currently Being Moderated
    2. Jun 7, 2012 4:47 PM (in response to mhday)
    Re: Printer Virus?

    This issue was identified today at my company today.  The impact is global and effecting approximately 80 print servers.  The print job names were all 15 characters in length and unique.  The print jobs were all garbage print, as if it was opening the .exe and printing the garbage text.  Our virus vendor has stated several other customers are experiencing this same issue, but no resolution has been identified as of yet.  We did identify the accounts of 5-6 users, which we changed the passwords for.  The issue seems to have stopped, once the passwords have been changed.  The fear is that this issue will resurface after a period of time.  Has anyone further identified the issue or has your AV vendor provided a resolution?

     

    Infected EXE's:

     

    hjimsdavno.exe

    sasqvvjwvl.exe

    abnwwtogpf.exe

     

     

    Sample Print Job Names:

     

    fvycezmamdyyhej4868

    qkrbkxbniaiylry4869

    vcztopbojwrqbri4754

    dntebdzvsmzdpqd4755

    cswqsdrizlrhvix4806

    qdzzevcydpcfcea4807

     

    Message was edited by: gregsmithitsecurity on 6/7/12 4:45:30 PM CDT

     

    Message was edited by: gregsmithitsecurity on 6/7/12 4:47:45 PM CDT
  • Gregory Smith Newcomer 3 posts since
    Dec 15, 2011
    Currently Being Moderated
    3. Jun 7, 2012 5:28 PM (in response to Gregory Smith)
    Re: Printer Virus?

    In reaching out to our different vendors, Microsoft currently has a customer having this exact same issue.  Microsoft was able to resolve their customer's issue through MS Forefront, however is not able to supply information for other vendors to assist in resolving this issue.

     

    Message was edited by: gregsmithitsecurity on 6/7/12 5:28:16 PM CDT
  • dpgptp Newcomer 5 posts since
    Jun 7, 2012
    Currently Being Moderated
    5. Jun 7, 2012 6:42 PM (in response to mhday)
    Re: Printer Virus?

    Same issue here working with McAfee Tech now pulling files from cc:\windows\task,  there should be a job file pointing to a hidden dll

     

    Used: GMER Rootkit Detector Tool from google to see the hidden files    Hope this will help

  • steelhead Newcomer 1 posts since
    Jun 7, 2012
    Currently Being Moderated
    6. Jun 7, 2012 9:36 PM (in response to mhday)
    Re: Printer Virus?

    For those of you that have been impacted did you have the Microsoft Security Advisory 2718704 installed on the impacted assets and print servers?

  • rico Newcomer 2 posts since
    Apr 18, 2011
    Currently Being Moderated
    7. Jun 8, 2012 4:16 AM (in response to mhday)
    Re: Printer Virus?

    We have the same activity since yesterday on my company.

    Is there any update about this issue?

  • hans.vermachelen Newcomer 5 posts since
    Jun 8, 2012
    Currently Being Moderated
    8. Jun 8, 2012 4:57 AM (in response to mhday)
    Re: Printer Virus?

    Same issue here.  Scanning all PC's now but without success.

  • itsupport.gwent Newcomer 1 posts since
    Jun 8, 2012
    Currently Being Moderated
    9. Jun 8, 2012 6:32 AM (in response to mhday)
    Re: Printer Virus?

    Same issue here effecting muitple sites with printers that were not orginally installed on the  infected PC, did a bit of search on google and only found info on a Virus called BugBear. we are currenly running a mcafee bugbear removal tool on effect PC.

1 2 3 ... 6 Previous Next

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points