New virus out.....becareful people...

Reply Subscribe

Thread Tools

Search this Thread

Nov 28, 2008 | 08:41 AM

Dingy

Thread Starter

PassionFord Post Troll

Joined: Aug 2006

Posts: 3,191

Likes: 0

From: Sydney, NSW

New virus out.....becareful people...

We are currently experiencing a large number of virus reports from customers regarding a virus that comes in to the network as marioforever.exe, which all AV vendors (including trend micro) are currently unable to quarantine/clean.

Nov 28, 2008 | 09:09 AM

Nash_mr2

I've found that life I needed.. It's HERE!!

Joined: Nov 2006

Posts: 1,169

Likes: 0

http://www.precisesecurity.com/files...rioforeverexe/

looks like it sends random print jobs over the network

Nov 28, 2008 | 09:12 AM

Dingy

Thread Starter

PassionFord Post Troll

Joined: Aug 2006

Posts: 3,191

Likes: 0

From: Sydney, NSW

Yeah and down's your network by deleting random dll files from workstations and servers.

Nov 28, 2008 | 09:36 AM

5t1g

Shotgun Bunter

Joined: Jun 2005

Posts: 697

Likes: 0

From: CRAWLEY

Handy

Nov 28, 2008 | 09:39 AM

Seademon

Regular Contributor

Joined: Aug 2005

Posts: 324

Likes: 0

From: Dubai

From that link its been going round since May so not that new!

Nov 28, 2008 | 09:56 AM

Dingy

Thread Starter

PassionFord Post Troll

Joined: Aug 2006

Posts: 3,191

Likes: 0

From: Sydney, NSW

Maybe not that new then but we have experienced a large number of people being infected yesterday for some reason......

Not sure why.

Nov 28, 2008 | 10:15 AM

Turbocabbie

Top Cab !!

Joined: Aug 2006

Posts: 3,989

Likes: 1

From: .

marioforever.exe is also known as W32.Mariofev.A and you can remove it as follows :

1. Temporarily Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Reboot computer in SafeMode
4. Run a full system scan and clean/delete all infected file(s)
5. Find and stop the service.
Click Start > Run.
- Type services.msc, and then click OK.
- Locate and select the service that was detected.

Service name: SCNa
Display name: SCNa Service

- Click Action > Properties.
- Click Stop.
- Change Startup Type to Manual.
- Click OK and close the Services window.

6. Delete/Modify any values added to the registry. [how to edit registry]
Navigate to and delete the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\[NUMBER]\”[34 DIGIT HEX NUMBER]” = “[RANDOM DATA]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
\”ztpInit_Dlls” = “nvrsma”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\”ccnt” = “[NUMBER OF INFECTION ATTEMPTS]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\”mid” = “[RANDOM HEX DATA]”

Navigate to and delete the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SCNa

7. Exit registry editor and restart the computer.

Trending Topics

Radiant Red Fiesta RS Turbo progress/build

658

144.1k
Mk1 Focus RS Clocks REDUCED!

5

1.8k
Sierra XR4x4 - ice driving Sweden

3

125
Escort RS Turbo EFI Project II E353 HPC

541

128.1k
Passionford forum 2025

9

1.3k

Nov 28, 2008 | 10:28 AM

Dingy

Thread Starter

PassionFord Post Troll

Joined: Aug 2006

Posts: 3,191

Likes: 0

From: Sydney, NSW

Could be a new strain out then cause its not that easy to remove LOL.....

Nov 28, 2008 | 05:20 PM

foreigneRS

Testing the future

Joined: Jul 2003

Posts: 17,597

Likes: 24

From: W. Sussex

what kind of idiot would execute a file like that? if you are in charge of a corporate network where such people exist, i would think that you should make sure that any .exe file is blocked. easier said than done i expect?