New virus out.....becareful people...

Reply Subscribe

Thread Tools

Search this Thread

28-11-2008, 08:41 AM

Dingy

PassionFord Post Troll

Thread Starter

Join Date: Aug 2006

Location: Sydney, NSW

Posts: 3,191

Likes: 0

Received 0 Likes on 0 Posts

New virus out.....becareful people...

We are currently experiencing a large number of virus reports from customers regarding a virus that comes in to the network as marioforever.exe, which all AV vendors (including trend micro) are currently unable to quarantine/clean.

Reply Like

28-11-2008, 09:09 AM

Nash_mr2

I've found that life I needed.. It's HERE!!

Join Date: Nov 2006

Posts: 1,169

Likes: 0

Received 0 Likes on 0 Posts

http://www.precisesecurity.com/files...rioforeverexe/

looks like it sends random print jobs over the network

Reply Like

28-11-2008, 09:12 AM

Dingy

PassionFord Post Troll

Thread Starter

Join Date: Aug 2006

Location: Sydney, NSW

Posts: 3,191

Likes: 0

Received 0 Likes on 0 Posts

Yeah and down's your network by deleting random dll files from workstations and servers.

Reply Like

28-11-2008, 09:36 AM

5t1g

Shotgun Bunter

Join Date: Jun 2005

Location: CRAWLEY

Posts: 697

Likes: 0

Received 0 Likes on 0 Posts

Handy

Reply Like

28-11-2008, 09:39 AM

Seademon

Regular Contributor

Join Date: Aug 2005

Location: Dubai

Posts: 324

Likes: 0

Received 0 Likes on 0 Posts

From that link its been going round since May so not that new!

Reply Like

28-11-2008, 09:56 AM

Dingy

PassionFord Post Troll

Thread Starter

Join Date: Aug 2006

Location: Sydney, NSW

Posts: 3,191

Likes: 0

Received 0 Likes on 0 Posts

Maybe not that new then but we have experienced a large number of people being infected yesterday for some reason......

Not sure why.

Reply Like

28-11-2008, 10:15 AM

Turbocabbie

Top Cab !!

Join Date: Aug 2006

Location: .

Posts: 3,989

Likes: 0

Received 1 Like on 1 Post

marioforever.exe is also known as W32.Mariofev.A and you can remove it as follows :

1. Temporarily Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Reboot computer in SafeMode
4. Run a full system scan and clean/delete all infected file(s)
5. Find and stop the service.
Click Start > Run.
- Type services.msc, and then click OK.
- Locate and select the service that was detected.

Service name: SCNa
Display name: SCNa Service

- Click Action > Properties.
- Click Stop.
- Change Startup Type to Manual.
- Click OK and close the Services window.

6. Delete/Modify any values added to the registry. [how to edit registry]
Navigate to and delete the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\[NUMBER]\”[34 DIGIT HEX NUMBER]” = “[RANDOM DATA]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
\”ztpInit_Dlls” = “nvrsma”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\”ccnt” = “[NUMBER OF INFECTION ATTEMPTS]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\”mid” = “[RANDOM HEX DATA]”

Navigate to and delete the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SCNa

7. Exit registry editor and restart the computer.

Reply Like

Trending Topics

Best address for carbon parts?

2

381
Suspension

3

433

28-11-2008, 10:28 AM

Dingy

PassionFord Post Troll

Thread Starter

Join Date: Aug 2006

Location: Sydney, NSW

Posts: 3,191

Likes: 0

Received 0 Likes on 0 Posts

Could be a new strain out then cause its not that easy to remove LOL.....

Reply Like

28-11-2008, 05:20 PM

foreigneRS

Testing the future

Join Date: Jul 2003

Location: W. Sussex

Posts: 17,597

Likes: 6

Received 24 Likes on 16 Posts

what kind of idiot would execute a file like that? if you are in charge of a corporate network where such people exist, i would think that you should make sure that any .exe file is blocked. easier said than done i expect?