Ok, I need some serious help here. Let me give you the setup real quick, then I'll go into the problem.
This is a small network of 11 servers and about 70 PC's. I am running Exchange Server 2003 with GFI FaxMaker installed on it. There is a printer driver installed called NetPrintQueue2Fax which is currently not only NOT shared out, but it's completely disabled!!
Here's the problem:
Every Thursday night, starting at 2:08:00 I get an error in the event log that Norton Antivirus has has detected a virus, this is the message:
Virus Found!Virus name: W32.HLLW.Gaobot.gen in File: C:\WINDOWS\system32\spool\PRINTERS\00640.SPL by: Defwatch scan. Action: Clean failed : Leave Alone succeeded :
Now, before I unshared and disabled this printer driver, we would get these files showing up and it would get to the point where it would actually use up all the ram and shut down the print spooler. Now we are getting them, but they haven't had any adverse effects.
I know that nortons will pick up .spl and .shd files as the Gaobot virus because there's some viruses out there that create these. I've ran an extensive virus scan on my email server and found it to be clean.
Nothing should be trying to print to this printer driver, which is causing these .spl and .shd files to be produced (I can reproduce this at will) and now that I've completely disabled it, I don't see how anyone or anything at all can be printing to this driver.
If anyone has had a problem like this or may have any idea at all what to check...please help me out here. I'm at a loss.
If you need any further information, don't hesitate to ask. I'll give you all the details you want about this problem.
Only thing it can be is a virus - I think 
Linear Mode
