Tales from the Terminal Room

Absolutely Bogus Printer Driver

Home About RBA Business Resources Search Strategies for the Internet Tales from the Terminal Room Training Contact Us




Creative Commons License.

In the November 1999 issue of Tales from the Terminal Room, "These things are sent to try us!" reported on a problem that we had experienced with "Absolutely Bogus WPS Printer Driver". Little did we realise that so many of you had suffered from exactly the same problem. Looking at the Web logs for the TFTTR pages and readers' emails, it seems that this so called "Easter Egg" is still lurking on many systems. We have therefore decided to give the article its own page and update the links.

If you wish to go straight to the linked pages, these are:




Unfortunately, the second link is no longer available on the "live" web but a copy can still be found on the Wayback Machine at http://www.archive.org/. Just type or past the URL into the box on the home page.

These Things are Sent to try us!

Absolutely Bogus Printer Driver

There I was, tapping away at my computer and minding my own business. Well, OK - I suppose that strictly speaking I wasn't minding my own business because I was looking at some new web sites, but I wasn't doing anything out of the ordinary. I logged off, closed down Netscape and decided to go through my morning's downloaded email. That is when "it" happened - and all by itself without any prompting from me. Up popped a box with the message "Updating registry settings" and before I could say "What the &^$"*** do you think you are doing?!", it was done. Exactly what had been done I wasn't sure, but I had a suspicion that, whatever it was, I was not going to like it.

There was nothing obviously wrong with my major programs but I was soon verging on the paranoid. Had a web site zapped me with a rogue JavaScript? Was this a virus that my new anti-virus software had failed to detect? After a couple of hours of careful scrutiny, I could not find anything seriously amiss on my laptop. Panic set in, though, when I attempted to print out a Word document and up popped an error message telling me that it could not find the default printer files. When I looked at the printer dialog box there it was: a printer called "Absolutely Bogus WPS Printer Driver". Aaaaaaghhhhh!!!!! Definitely a virus!

McAfee had failed to identify it and I even reloaded Dr Solomon's, which had until a month ago been my standard virus checker, in an attempt to identify and purge the beastie from my machine. Dr Solomon's also failed to pick up the virus. A picture of me having to reformat my hard disk to remove the infection flashed through my mind but that would have to wait. I needed to print out two documents urgently so my immediate concern was to get my original printer drivers back. No problem. All I had to do was go to the Control Panel, select Printers and re-select my HPL 5 as the default printer....but it wouldn't let me. The default was permanently stuck at Absolutely Bogus WPS Printer Driver and underneath that I saw a second "new" driver called Absolutely Bogus WPS Printer Dr.

After I had called the perpetrator every name under the sun and frightened the cat by screaming very loudly, I sat down and tried to think it through logically. Everything had been hunky dory the day before. I had not installed any new programs since then but something had changed my registry settings that morning. The most obvious suspect was one of the Web sites that I had been viewing. But first to sort out the printer driver. Off I went to nose around the Registry using REGEDIT and found the bogus entries ensconced in the Print Drivers section. I deleted the entries, saved the Registry and rebooted my PC. The bogus drivers had been removed but I still had problems with my HPL 5 printer. I re-installed the printer software and, at last, everything was back to normal.

Now to find out how it had happened in the first place. I was not about to go back to the suspect Web sites that I had visited earlier in the day without first finding out what I was up against. I checked the McAfee web site to see what I could find out about this "virus". Result: Absolutely Nothing! So I did a search using Metacrawler and.....Bingo! Half a dozen references to the Bogus driver.

It turns out that it was not a virus at all. To quote TechNote WIN4-05 on the Genicom Web site (http://www.genicom.com/drivers/TechNotes/TI/ti-win4-05.htm):

"This appears to be an 'Easter Egg' included in the file WPSFIX32.DLL. An Easter Egg is a hidden feature placed by programmers into software applications."

[Well, thanks a lot guys! But I wouldn't call this a "feature".]

"The Bogus Driver is not a virus, and should have no adverse effects on the host system."

[I am sorry, but I would definitely call hijacking your printer and disrupting your work for a whole day an "adverse effect".]

"The Bogus Driver code is located in the file WPSFIX32.DLL. This file is provided by Microsoft as part of the Microsoft Windows Printing System (WPS). The Bogus Driver code can also be found in versions of WPS for the Canon BJC-610 and LBP-460, and the HP LaserJet 5L".

I further discovered that the only reliable way of disposing of the beastie - temporarily I'm afraid as it does tend to reappear every now and again - is to use regedit to remove the relevant entries from your registry. But before you do that, please make a backup copy of your registry files (system.dat and user.dat).

The genicom link above gives some basic instructions on removing "absolutely bogus" but by far the most useful reference I have found to date is at: http://www.magma.ca/~grethi/Canon_Drivers/KB/thehits/kb98005.htm This page is no longer available on the "live" web but a copy can still be found on the Wayback Machine at http://www.archive.org/. Just type or past the URL into the box on the home page.

As well as describing the problem, it takes you through the whole procedure for deleting the driver from your registry.

What still puzzled me, though, was what had kicked the code into action? I carried out a search on deja.com to see if there had been any discussions in Usenet. There had indeed, but no information on trigger factors. And recent searches on Google Groups, which now hosts the Usenet archives, continues to have threads on the topic.

All of which makes me wonder: are there any more "Easter Eggs" hidden in programs and waiting to be cracked open?

Karen Blakeman

This page was last updated on 24 March, 2011  Copyright © 1999 Karen Blakeman.
All rights reserved