Network infected with Marioforever.exe

Posted on 2009-02-09
Last Modified: 2013-12-04
My entire network is infected with the marioforever.exe rootkit.  And when I mean my entire network, I mean it goes all the way from my servers to my user's computers and I think it recently killed my plotter printer (though the plotter is just speculation).  Does anyone know an effective way to get rid of it from the servers?  I'm going to purchase an enterprise class anti-viral software such as avast to get rid of it (prior it guy never installed any kind of virus protection).  I found that when I scheduled a boot time scan on my PC (vista) that it was able to rid my system of it, though I'm nervous about letting a program such as avast quarantine and delete system critical files that aren't locked down...I just don't want to kill my servers over a virus and am fairly new to this game.  My main DC is an SBS 2003 server R2, and all my other servers are win 2000.  
Question by:dthomann
    LVL 5

    Accepted Solution

    You can buy the trend micro for small business along with licenses and deploy it from your serve, each license is about $50 with a 2 year subscription, same price for server and workstation

    Run Malwarebytes and spybot, at least twice each also.

    here is a good guide
    LVL 3

    Expert Comment

    I do believe you have Rootkit.Fuzen   info here
    It is pretty nasty and very dangerous as it creates a bockdoor to everything it touches.  Please note that you probably only know of a small fraction of the actual malicious software you have on your systems and the files I have found on these sites should check for them but just to make sure also run Spybot, AdAware, and{keyword}%26campaign_code%3d347127%26int_page%3d1%26c%3d1%26s&wm_kw=spyware

    That long link is cyberdefender as well as

    Also try these sites for more ways to check if there are still other viruses, rootkits, backdoors, and or trojans on your system as they don't like to be alone and have group rape sessions with your hardware and software depending on the type.
    LVL 4

    Expert Comment

    I recommend hiring a security expert to do forensic analysis to determine how it entered your network and when so that you can take effective measures against it occuring again. You also need forensic analysis to see if the machine has been completely cleaned. You can't trust an anti-virus program after the fact to clean up the mess. They're best used as preventative measures. Your IT security incident response specialist should be able to give you detailed instructions for removing the malware on one host that can then be applied to the rest if you want to save money.

    Anti-virus software specifically is not effective against root kits. However, many users mistakenly label regular viruses as root kits. The W32.Mariofev.A virus does not use a rootkit. The best anti-virus measure surely isn't anti-virus software, but rather keeping applications, application plugins, and the OS updated with security updates and properly training your users not to open e-mail attachments or use their workstations for non-work related tasks.

    Author Closing Comment

    Used the guide you posted and as well installed avast sbs edition.  Thanks


    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    As a Mac user and former AppleCare AHA & Senior Advisor, I'm constantly bombarded with questions about Macs and if they need Antivirus. This short article is my response to those questions.
    OfficeMate Freezes on login or does not load after login credentials are input.
    This video discusses moving either the default database or any database to a new volume.
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now