PDA

View Full Version : Miscellaneous Photo.scr Virus Causing Bizhub C550 To Print until out of paper


Custom Search


bungapads
10-20-2016, 06:11 PM
If i leave my machine on, I get a file photo.scr file that starts a print job and then prints all the paper in the machine. This keeps happening. It happens multiple times in the history, usually hours apart once from Admin and once from ftp. does anyone know how to "scan" or remove this virus from a C550 Bizhub? (photo.scr). Do you know anything about this issue? Help

tech51
10-20-2016, 06:44 PM
Surely this a problem with your computer system, not the copier.
Ive never heard of a copier getting a virus.

tech51
10-20-2016, 06:55 PM
Although having read another thread where you say you reloaded a fiery, there's a chance you have got a virus on that.
Where did you get the fiery software from?

bungapads
10-20-2016, 07:19 PM
Although having read another thread where you say you reloaded a fiery, there's a chance you have got a virus on that.
Where did you get the fiery software from?

I got the software from a copier tech (supposedly from Konica Minolta) from this forum. I actually shut my computer off and then left the printer on last night with a small amount of paper in it. Sure enough when I came in all the paper was printed. There were two print jobs, one said the source was Admin and the other was FTP. The first page always says "This program cannot be run in DOS mode" and then each page is printed with random letters and symbols, a couple lines per page. The jobs are 900 plus pages. the name of the print job is photo.scr. I checked wtih various companies and have run all types of virus scan, etc on the computer, but no luck finding the photo.scr file.

Can the machine be printed to from a remote location? If so, could i disable this feature? How?

Bizhub C550.

If you think I need to redo something or reinstall something, what would that be? and, do you have the files?

bungapads
10-20-2016, 07:19 PM
Surely this a problem with your computer system, not the copier.
Ive never heard of a copier getting a virus.


I got the software from a copier tech (supposedly from Konica Minolta) from this forum. Yesterday, I actually shut my computer off and then left the printer on last night with a small amount of paper in it. Sure enough when I came in all the paper was printed. There were two print jobs, one said the source was Admin and the other was FTP. The first page always says "This program cannot be run in DOS mode" and then each page is printed with random letters and symbols, a couple lines per page. The jobs are 900 plus pages. the name of the print job is photo.scr. I checked wtih various companies and have run all types of virus scan, etc on the computer, but no luck finding the photo.scr file.

Can the machine be printed to from a remote location? If so, could i disable this feature? How?

Bizhub C550.

If you think I need to redo something or reinstall something, what would that be? and, do you have the files?

Albonline
10-20-2016, 08:41 PM
isolate the copier from the network, see if it still does the dump. myself i would reset everything to factory defaults and reflash with a known good copy of the firmware.

emujo
10-20-2016, 09:20 PM
Print jobs like this can also be the result of Post Script files sent to the PCL driver. I have heard from one of our customers that a similar issue was caused by an attack through port 25 SMTP Non SSL. If you are using the device for mail you may want to try using SSL or TLS. Emjjo

bungapads
10-20-2016, 09:21 PM
isolate the copier from the network, see if it still does the dump. myself i would reset everything to factory defaults and reflash with a known good copy of the firmware.

Thanks for your suggestion. It was such a travail to reset factor defaults and reflash nvram last time. It took my days to figure it out. I also do not have access to the file, except the ones given to me before. If you have or know where i could get the files and instructions that would be appreciated. Would this reformat the harddrive inside the machine? Maybe that is where the virus is.

Do you know if there is any way to scan the C550 with virus software?

Thanks

Ron

bungapads
10-20-2016, 09:23 PM
Print jobs like this can also be the result of Post Script files sent to the PCL driver. I have heard from one of our customers that a similar issue was caused by an attack through port 25 SMTP Non SSL. If you are using the device for mail you may want to try using SSL or TLS. Emjjo


Thanks for your input. Could you direct me to the service or repair manual that can guide me through how to do or change these settings?

Do you know of any way to scan the C550 to find the culprit (photo.scr) file?

Thanks

LNorris
10-20-2016, 09:25 PM
everything i'm reading its a windows based virus.

Remove PHOTO.SCR | (http://www.mypccaresolutions.com/2016/04/07/remove-photo-scr/)

emujo
10-20-2016, 09:29 PM
The copier runs a Linux OS, this virus infects the FTP server (if you are running one) on the PC, not the copier. You may want to disable FTP Server/Client through the MFPs web interface, but again, as posted above, this is probably not something resident on the copier. Emujo

bungapads
10-20-2016, 09:39 PM
everything i'm reading its a windows based virus.

Remove PHOTO.SCR | (http://www.mypccaresolutions.com/2016/04/07/remove-photo-scr/)


i read the same articles and others. But the file cannot be found on the only pc connected to the printer.

bungapads
10-21-2016, 01:57 AM
The copier runs a Linux OS, this virus infects the FTP server (if you are running one) on the PC, not the copier. You may want to disable FTP Server/Client through the MFPs web interface, but again, as posted above, this is probably not something resident on the copier. Emujo

Thanks. i will check this out.

darry1322
10-21-2016, 02:41 AM
The copier runs a Linux OS, this virus infects the FTP server (if you are running one) on the PC, not the copier. You may want to disable FTP Server/Client through the MFPs web interface, but again, as posted above, this is probably not something resident on the copier. Emujo


An earlier post says the machine is connected to a fiery. Some of those fierys ( if not all ) were running a version of Windows.

bungapads
10-21-2016, 03:16 AM
An earlier post says the machine is connected to a fiery. Some of those fierys ( if not all ) were running a version of Windows.

Any way to run a virus scan on C550?

darry1322
10-21-2016, 04:11 AM
Any way to run a virus scan on C550?

None that I'm familiar with on either the C550 or the Fiery.

habik
10-21-2016, 08:11 AM
Give it paracetamol or re-instal the Fiery software.

Unplug the fiery from network as suggestd before and put the PC you print from directly to the fiery on with both devices on static IP. if it does it you know for sure is one of them two. Fiery or PC. If it stops its coming from outside.

TheBlueOrleans
10-21-2016, 09:40 PM
Can the machine be printed to from a remote location?

Not if you have a closed network. Whenever we get the "hieroglyphics" auto-print problem, it's always been a driver loaded onto some PC that isn't compatible with the machine. But if what you're describing is a print job being sent without any user actually sending it, either there is a problem in the network or there is a batch print processing automatically and the job is being sent from a source with an incompatible driver.

Is the job occurring at the same time every time? Not just overnight, but the exact same time of day every time it happens?
If that is the case my instinct screams batch print.

Mr Spock
10-21-2016, 11:56 PM
run "hijackthis" and it will tell you where the file is so you can get rid of it.
If you are not familiar with this program find a computer guy who is.

Custom Search