Re: Absolutely Bogus WP Driver
Re: Absolutely Bogus WP Driver
[ Follow Ups ] [ Post Followups ] [ FAQ ] [ Back to Messages ]
Posted by happo on October 25, 2001 at 15:16:25:
In Reply to: Re: Absolutely Bogus WP Driver posted by Eskil van Loosdrecht on September 19, 2001 at 02:53:30:
These Things are Sent to try us!
Absolutely Bogus Printer Driver
There I was, tapping away at my computer and minding my own business. Well, OK - I suppose that strictly speaking I wasn't minding my own business because I was looking at some new Web sites, but I wasn't doing anything out of the ordinary. I logged off, closed down Netscape and decided to go through my morning's downloaded email. That is when "it" happened - and all by itself without any prompting from me. Up popped a box with the message "Updating registry settings" and before I could say "What the &^$"*** do you think you are doing?!", it was done. Exactly what had been done I wasn't sure, but I had a suspicion that I was not going to like it whatever it was.
McAfee had failed to identify it and I even reloaded Dr Solomon's, which had until a month ago been my standard virus checker, in an attempt to identify and purge the beastie from my machine. Dr Solomon's also failed to pick up the virus. A picture of me having to reformat my hard disk to remove the infection flashed through my mind but that would have to wait. I needed to print out two documents urgently so my immediate concern was to get my original printer drivers back. No problem. All I had to do was go to the Control Panel, select Printers and re-select my HPL 5 as the default printer....but it wouldn't let me. The default was permanently stuck at Absolutely Bogus WPS Printer Driver and underneath that I saw a second "new" driver called Absolutely Bogus WPS Printer Dr.
After I had called the perpetrator every name under the sun and frightened the cat by screaming very loudly, I sat down and tried to think it through logically. Everything had been hunky dory the day before. I had not installed any new programs since then but something had changed my registry settings that morning. The most obvious suspect was one of the Web sites that I had been viewing. But first to sort out the printer driver. Off I went to nose around the Registry using REGEDIT and the Find option, and there they were ensconced in the Print Drivers section. I deleted the entries, saved the Registry and rebooted my PC. The bogus drivers had been removed but I still had problems with my HPL 5 printer. I re-installed the printer software. At last, everything was back to normal.
Now to find out how it had happened in the first place. I was not about to go back to the suspect Web sites that I had visited earlier in the day without first finding out what I was up against. I checked the McAfee web site to see what I could find out about this "virus". Result: Absolutely Nothing! So I did a search using Metacrawler and.....Bingo! Half a dozen references to the Bogus driver.
It turns out that it was not a virus at all. To quote TechNote WIN4-05 on the Genicom Web site (http://www.genicom.com/techsupp/TI/TI-WIN4-05.htm):
"This appears to be an 'Easter Egg' included in the file WPSFIX32.DLL. An Easter Egg is a hidden feature placed by programmers into software applications."
[Well, thanks a lot guys! I wouldn't call this a "feature".]
"The Bogus Driver is not a virus, and should have no adverse effects on the host system."
[I am sorry, but I would definitely call hijacking your printer and disrupting your work for a whole day an "adverse effect".]
"The Bogus Driver code is located in the file WPSFIX32.DLL. This file is provided by Microsoft as part of the Microsoft Windows Printing System (WPS). The Bogus Driver code can also be found in versions of WPS for the Canon BJC-610 and LBP-460, and the HP LaserJet 5L".
By far the most useful reference as far as removing the offending item is at: http://www.magmacom.com/~russrite/Canon_Drivers/KB/1998/kb98005.htm
As well as describing the problem, it takes you through the whole procedure for deleting the driver from your registry.
What still puzzled me, though, was what had kicked the code into action? I carried out a search on http://www.deja.com/ to see if there had been any discussions in Usenet. There had indeed, but no information on trigger factors. Which leaves me wondering - are there any more "Easter Eggs" hidden in programs and waiting to be cracked open? Suddenly, I am seriously worried about Y2K. Our systems have been checked and given the all clear but you can never be completely sure. I think that a large brandy, placed by each of our PCs in the New Year, is definitely in order - for emergencies only of course!
Post a Followup