New virus out.....becareful people...
#1
PassionFord Post Troll
Thread Starter
![Default](https://passionford.com/forum/images/icons/icon1.gif)
We are currently experiencing a large number of virus reports from customers regarding a virus that comes in to the network as marioforever.exe, which all AV vendors (including trend micro) are currently unable to quarantine/clean.
#2
I've found that life I needed.. It's HERE!!
Join Date: Nov 2006
Posts: 1,169
Likes: 0
Received 0 Likes
on
0 Posts
![Default](https://passionford.com/forum/images/icons/icon1.gif)
http://www.precisesecurity.com/files...rioforeverexe/
looks like it sends random print jobs over the network
looks like it sends random print jobs over the network
#7
![Default](https://passionford.com/forum/images/icons/icon1.gif)
marioforever.exe is also known as W32.Mariofev.A and you can remove it as follows :
1. Temporarily Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Reboot computer in SafeMode
4. Run a full system scan and clean/delete all infected file(s)
5. Find and stop the service.
Click Start > Run.
- Type services.msc, and then click OK.
- Locate and select the service that was detected.
Service name: SCNa
Display name: SCNa Service
- Click Action > Properties.
- Click Stop.
- Change Startup Type to Manual.
- Click OK and close the Services window.
6. Delete/Modify any values added to the registry. [how to edit registry]
Navigate to and delete the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\[NUMBER]\[34 DIGIT HEX NUMBER] = [RANDOM DATA]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
\ztpInit_Dlls = nvrsma
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ccnt = [NUMBER OF INFECTION ATTEMPTS]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\mid = [RANDOM HEX DATA]
Navigate to and delete the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SCNa
7. Exit registry editor and restart the computer.
1. Temporarily Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Reboot computer in SafeMode
4. Run a full system scan and clean/delete all infected file(s)
5. Find and stop the service.
Click Start > Run.
- Type services.msc, and then click OK.
- Locate and select the service that was detected.
Service name: SCNa
Display name: SCNa Service
- Click Action > Properties.
- Click Stop.
- Change Startup Type to Manual.
- Click OK and close the Services window.
6. Delete/Modify any values added to the registry. [how to edit registry]
Navigate to and delete the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\[NUMBER]\[34 DIGIT HEX NUMBER] = [RANDOM DATA]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
\ztpInit_Dlls = nvrsma
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ccnt = [NUMBER OF INFECTION ATTEMPTS]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\mid = [RANDOM HEX DATA]
Navigate to and delete the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SCNa
7. Exit registry editor and restart the computer.
Trending Topics
#9
Testing the future
![Default](https://passionford.com/forum/images/icons/icon1.gif)
what kind of idiot would execute a file like that? if you are in charge of a corporate network where such people exist, i would think that you should make sure that any .exe file is blocked. easier said than done i expect?
Thread
Thread Starter
Forum
Replies
Last Post
jayRS
General Car Related Discussion.
24
07-11-2004 09:05 PM