Anyone know this virus?

January 22, 2009 at 03:29:16
Specs: Windows XP, n/a
Hi people, am hoping someone might recognise these symptoms as a virus and know what to do! Friend of mine's business has just been hit by something but I can't work out what it is. Symptoms are:

- Periodically (every 30-60 minutes or so), around 40 pages are sent to every printer on every computer on the network (even shared printers). The printed pages are related to porno sites. The print jobs are listed as both "Remote Downlevel Document" owned by the Guest account, and "Local Downlevel Document" which is owned by the local user.

- Some computers (but not all) on the network have multiple directories created (in C: and in C:\ sub directories and possibly other locations), all called "-= Porn Collection =-" which contain screenshots and links to porno websites.

I've done lots of googling and I can't find any reference to what this virus might be. The only reference to a virus that submits print jobs I can find is BugBear but it doesn't seem to have the porn collection and that was around about 5 years ago so you'd think modern AV software would pick it up (all these computers have updated AV software on them btw!)

Can anyone help???

See More: Anyone know this virus?

Report •

January 23, 2009 at 09:09:04
download to your desktop
open it and make sure that all options are checked, click on "Scan Now" at the end of the scan will be released (always on your desktop inside the folder suspectfile) two files.
Go to office the zip file and write in your next reply URL where I can get it.

Remember the scan with no connection with the antivirus disabled unless then resume scanning finished.

SystemScan is recognized, mistake, by some antivirus as infected.


Report •

January 26, 2009 at 03:45:24
Thanks a lot for your help. The report is here:

If you have any ideas please let me know! Thanks!

Report •

January 27, 2009 at 16:29:07
There are many values infected, for example
and many others.

The problem now is that we must work in the system registry to restore the two values in
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon


We can do even using HijackThis, so we do it automatically.

So please, download HijackThis

Install HijackThis, go to the folder and run the program Hijackthis.exe
select the button "Do a system scan and save a logfile."

Now brought into the program folder and copy and paste the log.

Thank you

Report •

Related Solutions

March 11, 2009 at 04:01:05
I am having the same problem so I was very interested in the dialog going on about this issue. However, it seems like it was never completed.
So if anyone has the time to take a look at my logfile I would be glad to post it.

Report •

Ask Question