1 2 3 Previous Next 53 Replies Latest reply: Jun 21, 2012 6:09 PM by javik RSS

    Printer Virus?

    mhday

      We are seeing some strange print jobs printing out reams of paper.  Here are a few of the jobs:

       

      Document 51, bgyspigwbulxxeg owned by Xuser on xIP was printed on ...

      Document 107, oyvsnxvrhcdxbbq owned by Xuser on xIP  was printed ...

      Document 159, ggjzuojhzcfqjov owned by  Xuser on xIPx  was printed on...

      Document 160, dlyjoygizpmhiff owned by Xuser on xIP was printed on ....

       

      We have not had the opportunity to scan the systems identified by the jobs but I thought I'd do some preliminary investigation.

       

      The workstations we've checked do not map the printer that was printing reams of paper.

       

      Has anybody run accross this before?

       

      Thanks ...

        • 1. Re: Printer Virus?
          Raj909

          We are experiencing the same issue, which started last night and has affected multiple users across multiple offices.  Print jobs are being sent to hundreds of printers throughout the enterprise.  The print jobs contain garbled text.


          We have contacted McAfee Support and will be providing samples from an infected machine.

           

          Message was edited by: Raj909 on 6/7/12 3:22:59 PM CDT
          • 2. Re: Printer Virus?
            Gregory Smith

            This issue was identified today at my company today.  The impact is global and effecting approximately 80 print servers.  The print job names were all 15 characters in length and unique.  The print jobs were all garbage print, as if it was opening the .exe and printing the garbage text.  Our virus vendor has stated several other customers are experiencing this same issue, but no resolution has been identified as of yet.  We did identify the accounts of 5-6 users, which we changed the passwords for.  The issue seems to have stopped, once the passwords have been changed.  The fear is that this issue will resurface after a period of time.  Has anyone further identified the issue or has your AV vendor provided a resolution?

             

            Infected EXE's:

             

            hjimsdavno.exe

            sasqvvjwvl.exe

            abnwwtogpf.exe

             

             

            Sample Print Job Names:

             

            fvycezmamdyyhej4868

            qkrbkxbniaiylry4869

            vcztopbojwrqbri4754

            dntebdzvsmzdpqd4755

            cswqsdrizlrhvix4806

            qdzzevcydpcfcea4807

             

            Message was edited by: gregsmithitsecurity on 6/7/12 4:45:30 PM CDT

             

            Message was edited by: gregsmithitsecurity on 6/7/12 4:47:45 PM CDT
            • 3. Re: Printer Virus?
              Gregory Smith

              In reaching out to our different vendors, Microsoft currently has a customer having this exact same issue.  Microsoft was able to resolve their customer's issue through MS Forefront, however is not able to supply information for other vendors to assist in resolving this issue.

               

              Message was edited by: gregsmithitsecurity on 6/7/12 5:28:16 PM CDT
              • 4. Re: Printer Virus?
                mhday

                I have not heard any updates yet.  I manage McAfee and EPO policies for the Windows servers in our environment.  These viruses seem to originate from workstations.

                 

                I've been asked to back off and let the guys that manage McAfee on the workstations handle the issue.

                 

                I've asked to be kept in the loop so if I hear anything I'll post it.

                 

                Thanks for everyone's response so far!  This does instill confidence that we are looking in the right place on how to resolve this.

                • 5. Re: Printer Virus?
                  dpgptp

                  Same issue here working with McAfee Tech now pulling files from cc:\windows\task,  there should be a job file pointing to a hidden dll

                   

                  Used: GMER Rootkit Detector Tool from google to see the hidden files    Hope this will help

                  • 6. Re: Printer Virus?
                    steelhead

                    For those of you that have been impacted did you have the Microsoft Security Advisory 2718704 installed on the impacted assets and print servers?

                    • 7. Re: Printer Virus?
                      rico

                      We have the same activity since yesterday on my company.

                      Is there any update about this issue?

                      • 8. Re: Printer Virus?
                        hans.vermachelen

                        Same issue here.  Scanning all PC's now but without success.

                        • 9. Re: Printer Virus?
                          itsupport.gwent

                          Same issue here effecting muitple sites with printers that were not orginally installed on the  infected PC, did a bit of search on google and only found info on a Virus called BugBear. we are currenly running a mcafee bugbear removal tool on effect PC.

                          1 2 3 Previous Next