We are seeing some strange print jobs printing out reams of paper. Here are a few of the jobs:
Document 51, bgyspigwbulxxeg owned by Xuser on xIP was printed on ...
Document 107, oyvsnxvrhcdxbbq owned by Xuser on xIP was printed ...
Document 159, ggjzuojhzcfqjov owned by Xuser on xIPx was printed on...
Document 160, dlyjoygizpmhiff owned by Xuser on xIP was printed on ....
We have not had the opportunity to scan the systems identified by the jobs but I thought I'd do some preliminary investigation.
The workstations we've checked do not map the printer that was printing reams of paper.
Has anybody run accross this before?
We are experiencing the same issue, which started last night and has affected multiple users across multiple offices. Print jobs are being sent to hundreds of printers throughout the enterprise. The print jobs contain garbled text.
We have contacted McAfee Support and will be providing samples from an infected machine.
Message was edited by: Raj909 on 6/7/12 3:22:59 PM CDT
This issue was identified today at my company today. The impact is global and effecting approximately 80 print servers. The print job names were all 15 characters in length and unique. The print jobs were all garbage print, as if it was opening the .exe and printing the garbage text. Our virus vendor has stated several other customers are experiencing this same issue, but no resolution has been identified as of yet. We did identify the accounts of 5-6 users, which we changed the passwords for. The issue seems to have stopped, once the passwords have been changed. The fear is that this issue will resurface after a period of time. Has anyone further identified the issue or has your AV vendor provided a resolution?
Sample Print Job Names:
Message was edited by: gregsmithitsecurity on 6/7/12 4:45:30 PM CDT
Message was edited by: gregsmithitsecurity on 6/7/12 4:47:45 PM CDT
In reaching out to our different vendors, Microsoft currently has a customer having this exact same issue. Microsoft was able to resolve their customer's issue through MS Forefront, however is not able to supply information for other vendors to assist in resolving this issue.
Message was edited by: gregsmithitsecurity on 6/7/12 5:28:16 PM CDT
I have not heard any updates yet. I manage McAfee and EPO policies for the Windows servers in our environment. These viruses seem to originate from workstations.
I've been asked to back off and let the guys that manage McAfee on the workstations handle the issue.
I've asked to be kept in the loop so if I hear anything I'll post it.
Thanks for everyone's response so far! This does instill confidence that we are looking in the right place on how to resolve this.
Same issue here working with McAfee Tech now pulling files from cc:\windows\task, there should be a job file pointing to a hidden dll
Used: GMER Rootkit Detector Tool from google to see the hidden files Hope this will help
Same issue here effecting muitple sites with printers that were not orginally installed on the infected PC, did a bit of search on google and only found info on a Virus called BugBear. we are currenly running a mcafee bugbear removal tool on effect PC.