Tales from the Terminal Room
Absolutely Bogus Printer Driver
In the November 1999 issue of Tales from the Terminal Room, "These things are sent to try us!" reported on a problem that we had experienced with "Absolutely Bogus WPS Printer Driver". Little did we realise that so many of you had suffered from exactly the same problem. Looking at the Web logs for the TFTTR pages and readers' emails, it seems that this so called "Easter Egg" is still lurking on many systems. We have therefore decided to give the article its own page and update the links.
If you wish to go straight to the linked pages, these are:
Unfortunately, the second link is no longer available on the "live" web but a copy can still be found on the Wayback Machine at http://www.archive.org/. Just type or past the URL into the box on the home page.
These Things are Sent to try us!
Absolutely Bogus Printer Driver
There I was, tapping away at my computer and minding my own business. Well, OK - I suppose that strictly speaking I wasn't minding my own business because I was looking at some new web sites, but I wasn't doing anything out of the ordinary. I logged off, closed down Netscape and decided to go through my morning's downloaded email. That is when "it" happened - and all by itself without any prompting from me. Up popped a box with the message "Updating registry settings" and before I could say "What the &^$"*** do you think you are doing?!", it was done. Exactly what had been done I wasn't sure, but I had a suspicion that, whatever it was, I was not going to like it.
McAfee had failed to identify it and I even reloaded Dr Solomon's, which had until a month ago been my standard virus checker, in an attempt to identify and purge the beastie from my machine. Dr Solomon's also failed to pick up the virus. A picture of me having to reformat my hard disk to remove the infection flashed through my mind but that would have to wait. I needed to print out two documents urgently so my immediate concern was to get my original printer drivers back. No problem. All I had to do was go to the Control Panel, select Printers and re-select my HPL 5 as the default printer....but it wouldn't let me. The default was permanently stuck at Absolutely Bogus WPS Printer Driver and underneath that I saw a second "new" driver called Absolutely Bogus WPS Printer Dr.
After I had called the perpetrator every name under the sun and frightened the cat by screaming very loudly, I sat down and tried to think it through logically. Everything had been hunky dory the day before. I had not installed any new programs since then but something had changed my registry settings that morning. The most obvious suspect was one of the Web sites that I had been viewing. But first to sort out the printer driver. Off I went to nose around the Registry using REGEDIT and found the bogus entries ensconced in the Print Drivers section. I deleted the entries, saved the Registry and rebooted my PC. The bogus drivers had been removed but I still had problems with my HPL 5 printer. I re-installed the printer software and, at last, everything was back to normal.
Now to find out how it had happened in the first place. I was not about to go back to the suspect Web sites that I had visited earlier in the day without first finding out what I was up against. I checked the McAfee web site to see what I could find out about this "virus". Result: Absolutely Nothing! So I did a search using Metacrawler and.....Bingo! Half a dozen references to the Bogus driver.
It turns out that it was not a virus at all. To quote TechNote WIN4-05 on the Genicom Web site (http://www.genicom.com/drivers/TechNotes/TI/ti-win4-05.htm):
[Well, thanks a lot guys! But I wouldn't call this a "feature".]
[I am sorry, but I would definitely call hijacking your printer and disrupting your work for a whole day an "adverse effect".]
I further discovered that the only reliable way of disposing of the beastie - temporarily I'm afraid as it does tend to reappear every now and again - is to use regedit to remove the relevant entries from your registry. But before you do that, please make a backup copy of your registry files (system.dat and user.dat).
The genicom link above gives some basic instructions on removing "absolutely bogus" but by far the most useful reference I have found to date is at: http://www.magma.ca/~grethi/Canon_Drivers/KB/thehits/kb98005.htm This page is no longer available on the "live" web but a copy can still be found on the Wayback Machine at http://www.archive.org/. Just type or past the URL into the box on the home page.
As well as describing the problem, it takes you through the whole procedure for deleting the driver from your registry.
What still puzzled me, though, was what had kicked the code into action? I carried out a search on deja.com to see if there had been any discussions in Usenet. There had indeed, but no information on trigger factors. And recent searches on Google Groups, which now hosts the Usenet archives, continues to have threads on the topic.
All of which makes me wonder: are there any more "Easter Eggs" hidden in programs and waiting to be cracked open?
|This page was last updated on 24 March, 2011||Copyright
All rights reserved