Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Corrupted printer drivers - Bugbear virus ?


  • Please log in to reply
1 reply to this topic

#1 Kobus

Kobus

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 05 February 2010 - 07:00 AM

We have 50 computers in a LAN with Eset anti-virus. We also have 5 big network printers (Zerox, Olivetti, HP). Two weeks ago the one Olivetti printer starting printing just one line of junk on each page until all the trays were empty of paper. The HP started printing one blank page for each page printed. The Xerox printers were not effected. From the Internet search it appears that the network was infected with the Bugbear-B virus which effects the network printers - it corrupts the drivers and make them print one line of gibberish until the paper is finished.

I scanned the computers with Eset and didn't pick up any virus. Then I downloaded different Bugbear removal tools (e.g. Norton, Mcafee, Stinger) but not one of them could find any virus. I then checked the Windows start commands and found one computer with a weird startup program - as described for the Bugbear virus. The first line on the first page that gets printed reads: This program cannot be run in Dos Mode (Bugbear). I deleted this program. Then I disconnected the computer and scanned it in Safe Mode with System Restore disabled but couldn't pick up any virus. I then scanned some of the other computers the same way, also with MalwareBytes as well as other anti-virus/Malware programs like Stinger but could not find any virus anywhere.

I reinstalled WinXP from scratch (reformatted hdd) on the computer that had the virus. In the meantime the Olivetti printer was still pumping out pages very randomly. I tried to see which computer caused the printer to start printing like this but could not really identify it. These are laser printers and you never get to see what is in the print queue. If I would also remove the paper tray and go from computer to computer and sometimes one computer's print queue will show that it is out of paper, other times it will show this for a number of computers. I actually reinstalled WinXP on about 6 computers and it didn't help. I also reinstalled the printer drivers - after deleting the printers from Windows Printers and deleting the specific drivers from Windows. This helped for about 7 hours - and then the problem started again. I also checked for infected flashdrives or CD's and removed a few. It is only the HP and the one Olivetti printer that is effected. The Olivetti printer guys say that is because of the type of driver software. The Xerox printers have very complicated software drivers which don't get affected. I have reinstalled printer drivers 3 times now but every time the problem starts again - within 3-4 hours. The other weird thing is that it only happens when two or more people are sending stuff to the printer to be printed at the same time. When I organise the users into 5 minute time slots for printing (one at a time), the problem doesn't occur.

I phoned some of the anti-virus companies but nobody has been able to help me so far. What they do say is that an infected printer driver cannot infect other printers. It still seems that somewhere there is an infected computer but the anti-virus packages can't find it and therefore I don't know which one is infected (if that is the case). We also have two servers and both were checked and were clean. What is also peculiar is that I wasn't able to find the virus startup program in the Windows startup commands on any other computer - checked all 50.

I am desperate please.

Thanks
Kobus

BC AdBot (Login to Remove)

 


#2 Kobus

Kobus
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 08 February 2010 - 04:03 AM

Hi Guys
Thanks for the help. The problem has been solved. Disconnected all 50 computers, booted in Safe Mode, ran Malwarebytes to clean them up and rebooted.

The solution was to disconnect all of them at the same time and only connected them up once they have been cleaned.

Thanks again.
Kobus




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users