Removing files from Printer Server Queue

Posted on 2009-04-03
Last Modified: 2013-11-22
have a box running Windows Server 2003 SP2 with all the latest updates. I am using this box as a Printer Server. I have 15 printers loaded on this box. I am running Sophos Anti Virus along with regular scans with MalWareBytes. On Tuesday of this week Sophos completed its daily scan showing the W32/Magistr-B worm in a folder containing the print drivers for my Kyocera multi-functionals. Sophos reported this worm had been cleaned up. However, we have found on 3 of the Kyocera MF there is job that continues to print continuously time after time. The only way we can get the printer to stop is by removing the network cable from the Kyocera. To make this clear the Kyocera's are located in three different buildings and they have 3 different jobs. One other thing, when I look in C:\windows\system32\spool\printers on the Print server I see two files in that folder. Listed as:
FP00003.SHD and FP00003.SPL. I have completed the following on these files:
1. Stopped the Printer Spooler service
2. Deleted these files
3. Rebooted the server
After rebooting the server when I look in this same folder I see those same two files there.
I would appreicate any help I can get with this one.
Thanks in Advance.
Question by:Van Johnson
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 15

Expert Comment

ID: 24065649

Author Comment

by:Van Johnson
ID: 24067294
I appreciate the response and article links.  Each of these articles relate to procedures I have already tried as shown in my explanation.  The problem is:  When I reboot the server those same two files appear in the spool folder.  Therein lies the problem...when the network cord is plugged back in the Kyocera that job continuously keeps printing.  I was thinking some malware was exploiting these files on reboot.  I have scan this sever 10 different ways and found nothing (with the exception of the first time in Sophos).  Just wondering if anyone has tackled this problem?  
LVL 15

Expert Comment

ID: 24067331
I don't see any malicious behavior in your question.

Accepted Solution

bRvO earned 500 total points
ID: 24109458
backup all print settings using printmig

stop the print spooler service.

browse to printers & faxes on the server delete the faulting printers now go to | File | Server Properties | Drivers & delete the drivers.

restart the machine.

re-add the print queue's and print drivers.

restart machine

see what happens

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
What is this Task? 4 151
Is the 2017 Annual Visitor Survey on Chrome a Virus? 11 551
Microservices and Windows apps 5 68
Moving a windows 7 install to new hardware 9 104
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question