Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Removing files from Printer Server Queue

Posted on 2009-04-03
4
Medium Priority
?
729 Views
Last Modified: 2013-11-22
have a box running Windows Server 2003 SP2 with all the latest updates. I am using this box as a Printer Server. I have 15 printers loaded on this box. I am running Sophos Anti Virus along with regular scans with MalWareBytes. On Tuesday of this week Sophos completed its daily scan showing the W32/Magistr-B worm in a folder containing the print drivers for my Kyocera multi-functionals. Sophos reported this worm had been cleaned up. However, we have found on 3 of the Kyocera MF there is job that continues to print continuously time after time. The only way we can get the printer to stop is by removing the network cable from the Kyocera. To make this clear the Kyocera's are located in three different buildings and they have 3 different jobs. One other thing, when I look in C:\windows\system32\spool\printers on the Print server I see two files in that folder. Listed as:
FP00003.SHD and FP00003.SPL. I have completed the following on these files:
1. Stopped the Printer Spooler service
2. Deleted these files
3. Rebooted the server
After rebooting the server when I look in this same folder I see those same two files there.
I would appreicate any help I can get with this one.
Thanks in Advance.
0
Comment
Question by:Van Johnson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 15

Expert Comment

by:xmachine
ID: 24065649
0
 

Author Comment

by:Van Johnson
ID: 24067294
I appreciate the response and article links.  Each of these articles relate to procedures I have already tried as shown in my explanation.  The problem is:  When I reboot the server those same two files appear in the spool folder.  Therein lies the problem...when the network cord is plugged back in the Kyocera that job continuously keeps printing.  I was thinking some malware was exploiting these files on reboot.  I have scan this sever 10 different ways and found nothing (with the exception of the first time in Sophos).  Just wondering if anyone has tackled this problem?  
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24067331
I don't see any malicious behavior in your question.
0
 
LVL 5

Accepted Solution

by:
bRvO earned 1500 total points
ID: 24109458
backup all print settings using printmig

http://www.microsoft.com/windowsserver2003/techinfo/overview/printmigrator3.1.mspx

stop the print spooler service.

browse to printers & faxes on the server delete the faulting printers now go to | File | Server Properties | Drivers & delete the drivers.

restart the machine.

re-add the print queue's and print drivers.

restart machine

see what happens
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question