Removing files from Printer Server Queue

have a box running Windows Server 2003 SP2 with all the latest updates. I am using this box as a Printer Server. I have 15 printers loaded on this box. I am running Sophos Anti Virus along with regular scans with MalWareBytes. On Tuesday of this week Sophos completed its daily scan showing the W32/Magistr-B worm in a folder containing the print drivers for my Kyocera multi-functionals. Sophos reported this worm had been cleaned up. However, we have found on 3 of the Kyocera MF there is job that continues to print continuously time after time. The only way we can get the printer to stop is by removing the network cable from the Kyocera. To make this clear the Kyocera's are located in three different buildings and they have 3 different jobs. One other thing, when I look in C:\windows\system32\spool\printers on the Print server I see two files in that folder. Listed as:
FP00003.SHD and FP00003.SPL. I have completed the following on these files:
1. Stopped the Printer Spooler service
2. Deleted these files
3. Rebooted the server
After rebooting the server when I look in this same folder I see those same two files there.
I would appreicate any help I can get with this one.
Thanks in Advance.
Van JohnsonChief Technology OfficerAsked:
Who is Participating?
bRvOConnect With a Mentor Commented:
backup all print settings using printmig

stop the print spooler service.

browse to printers & faxes on the server delete the faulting printers now go to | File | Server Properties | Drivers & delete the drivers.

restart the machine.

re-add the print queue's and print drivers.

restart machine

see what happens
Van JohnsonChief Technology OfficerAuthor Commented:
I appreciate the response and article links.  Each of these articles relate to procedures I have already tried as shown in my explanation.  The problem is:  When I reboot the server those same two files appear in the spool folder.  Therein lies the problem...when the network cord is plugged back in the Kyocera that job continuously keeps printing.  I was thinking some malware was exploiting these files on reboot.  I have scan this sever 10 different ways and found nothing (with the exception of the first time in Sophos).  Just wondering if anyone has tackled this problem?  
I don't see any malicious behavior in your question.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.