[windows2000] Re: Printers Printing Crap...

  • From: "Dennis Appelboom" <dennis.appelboom@xxxxxxxxxx>
  • To: <windows2000@xxxxxxxxxxxxx>
  • Date: Tue, 22 Oct 2002 15:13:35 +0200

Well, do a port scan on all your subnets for port 36794.
If you find computers with that port open, there likely to be infected.

We had the virus as well, and couldn't find the infected systems at =
first.
Turned out to be on two old servers that were carried in two years ago, =
and never looked after since.......

Kind Regards,

Dennis Appelboom

________________________________
marviQ
Archangelkade 1-3
1013 BE Amsterdam
Tel: +31 (0) 20 410 7000
Fax: +31 (0) 20 410 7103
Dir: +31 (0) 20 410 7015
Cel: +31 (0) 6 45 108 184
E-mail: dennis.appelboom@xxxxxxxxxx

 -----Oorspronkelijk bericht-----
Van:    Steve Rance [mailto:steve.rance@xxxxxxxxxxxxxxxxxxxxx]=20
Verzonden:      dinsdag 22 oktober 2002 15:10
Aan:    windows2000@xxxxxxxxxxxxx
Onderwerp:      [windows2000] Re: Printers Printing Crap...


I have got all the users to run the symantec fix and it didn't find the =
=3D
virus on any PCs or servers.  We run McAfee Virusscan and I have checked =
=3D
that is up to date on all PC's and servers and it is. =3D20

All incoming and outgoing external email is also virus checked by our =
=3D
ISP and they confirm that this working and always has been.

So it doesn't look as if we are infected.  Any ideas?

thanks,

Steve



-----Original Message-----
From: Dennis Appelboom [mailto:dennis.appelboom@xxxxxxxxxx]
Sent: 22 October 2002 11:34
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: Printers Printing Crap...



Yep, you're infected! No doubt about that.

http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear@xxxxx=
=3D
=3D3D
moval.tool.html


Kind Regards,

Dennis Appelboom

________________________________
marviQ
Archangelkade 1-3
1013 BE Amsterdam
Tel: +31 (0) 20 410 7000
Fax: +31 (0) 20 410 7103
Dir: +31 (0) 20 410 7015
Cel: +31 (0) 6 45 108 184
E-mail: dennis.appelboom@xxxxxxxxxx

 -----Oorspronkelijk bericht-----
Van:    Angus Macdonald =
[mailto:Angus.Macdonald@xxxxxxxxxxxxxxxxxxx]=3D3D20
Verzonden:      dinsdag 22 oktober 2002 12:31
Aan:    windows2000@xxxxxxxxxxxxx
Onderwerp:      [windows2000] Re: Printers Printing Crap...


The bugbear virus can do that.......................

-----Original Message-----
From: Steve Rance [mailto:steve.rance@xxxxxxxxxxxxxxxxxxxxx]
Sent: 22 October 2002 11:27
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Printers Printing Crap...




We have a number of networked and locally connected shared printers on =
=3D
=3D3D
=3D3D3D
the company that are all setup on two print servers.

Since I have set them up on the second print server every morning at =3D
=3D3D3D
around 11:15 ALL the locally connected shared printers start printing =
=3D
=3D3D
=3D3D3D
page after page with each page just having a line of random (crap) =
=3D3D3D
characters on it.

Looking at the print job on the local PC, it is owned by =3D3D3D
"Administrator", an account we don't use.

We don't have any scheduled jobs defined on either the servers or the =
=3D
=3D3D
=3D3D3D
PCs.=3D3D3D20

If you turn the printer off the job disappears from the queue.

Any ideas?

-----Original Message-----
From: Nail, Larry [mailto:lnail@xxxxxx]
Sent: 21 October 2002 14:09
To: 'windows2000@xxxxxxxxxxxxx'
Subject: [windows2000] Re: Green directory on Windows 2000 Server...



They're encrypted files... Under the View Tab of Folder Actions check =
=3D
=3D3D
=3D3D3D
out
"Show encrypted or compressed NTFS files in color"

-----Original Message-----
From: Steve Rance [mailto:steve.rance@xxxxxxxxxxxxxxxxxxxxx]=3D3D3D20
Sent: Monday, October 21, 2002 6:52 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Green directory on Windows 2000 Server...




Interesting one....

I have come access a directory on our File server where the directory =
=3D
=3D3D
=3D3D3D
=3D3D3D3D and
all the files within (bar one) is in green text rather than black. =3D3D
=3D3D3D3D20

When I try to copy either the directory or any of the green files I get =
=3D
=3D3D
=3D3D3D
=3D3D3D3D an
"access is denied" message after about 5 minutes of it trying to copy =
=3D
=3D3D
=3D3D3D
=3D3D3D3D the
files.  I can copy the one black text file as I wish.

The strange thing is the permissions on the directory and files are =
=3D3D
=3D3D3D3D
inherited from the parent (which is Everyone - Full Control).  The green =
=3D
=3D3D
=3D3D3D
=3D3D3D3D
files and the black file have idenifical permissions and ownership.

The files (or drive) are not compressed, or read only.

Any idea what is going on here?

Steve

=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D=
3D3D3D=3D3D3D3D=3D3D=3D
3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D=3D3D
3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3=
D=3D3D3D3D=3D3D3D3D=3D3D=3D
3D
=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D=
3D3D3D
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D=
3D3D3D=3D3D3D3D=3D3D=3D
3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D=3D3D
3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3=
D=3D3D3D3D=3D3D3D3D=3D3D=3D
3D
=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D3D3D3D=3D=
3D3D3D
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D=
3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D=3D
3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D=
3D
=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D=
3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D=3D
3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D=
3D
=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm



=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D=
3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D
=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm



==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

Other related posts: