?
Solved

Removing files from Printer Server Queue

Posted on 2009-04-03
4
Medium Priority
?
711 Views
Last Modified: 2013-11-22
have a box running Windows Server 2003 SP2 with all the latest updates. I am using this box as a Printer Server. I have 15 printers loaded on this box. I am running Sophos Anti Virus along with regular scans with MalWareBytes. On Tuesday of this week Sophos completed its daily scan showing the W32/Magistr-B worm in a folder containing the print drivers for my Kyocera multi-functionals. Sophos reported this worm had been cleaned up. However, we have found on 3 of the Kyocera MF there is job that continues to print continuously time after time. The only way we can get the printer to stop is by removing the network cable from the Kyocera. To make this clear the Kyocera's are located in three different buildings and they have 3 different jobs. One other thing, when I look in C:\windows\system32\spool\printers on the Print server I see two files in that folder. Listed as:
FP00003.SHD and FP00003.SPL. I have completed the following on these files:
1. Stopped the Printer Spooler service
2. Deleted these files
3. Rebooted the server
After rebooting the server when I look in this same folder I see those same two files there.
I would appreicate any help I can get with this one.
Thanks in Advance.
0
Comment
Question by:Van Johnson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 15

Expert Comment

by:xmachine
ID: 24065649
0
 

Author Comment

by:Van Johnson
ID: 24067294
I appreciate the response and article links.  Each of these articles relate to procedures I have already tried as shown in my explanation.  The problem is:  When I reboot the server those same two files appear in the spool folder.  Therein lies the problem...when the network cord is plugged back in the Kyocera that job continuously keeps printing.  I was thinking some malware was exploiting these files on reboot.  I have scan this sever 10 different ways and found nothing (with the exception of the first time in Sophos).  Just wondering if anyone has tackled this problem?  
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24067331
I don't see any malicious behavior in your question.
0
 
LVL 5

Accepted Solution

by:
bRvO earned 1500 total points
ID: 24109458
backup all print settings using printmig

http://www.microsoft.com/windowsserver2003/techinfo/overview/printmigrator3.1.mspx

stop the print spooler service.

browse to printers & faxes on the server delete the faulting printers now go to | File | Server Properties | Drivers & delete the drivers.

restart the machine.

re-add the print queue's and print drivers.

restart machine

see what happens
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have put this article together as i needed to get all the information that might be available already into one general document that could be referenced once without searching the Internet for the different pieces. I have had a few issues where…
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question