We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Network infected with Marioforever.exe

dthomann
dthomann asked
on
Medium Priority
970 Views
Last Modified: 2013-12-04
My entire network is infected with the marioforever.exe rootkit.  And when I mean my entire network, I mean it goes all the way from my servers to my user's computers and I think it recently killed my plotter printer (though the plotter is just speculation).  Does anyone know an effective way to get rid of it from the servers?  I'm going to purchase an enterprise class anti-viral software such as avast to get rid of it (prior it guy never installed any kind of virus protection).  I found that when I scheduled a boot time scan on my PC (vista) that it was able to rid my system of it, though I'm nervous about letting a program such as avast quarantine and delete system critical files that aren't locked down...I just don't want to kill my servers over a virus and am fairly new to this game.  My main DC is an SBS 2003 server R2, and all my other servers are win 2000.  
Comment
Watch Question

Commented:
You can buy the trend micro for small business along with licenses and deploy it from your serve, each license is about $50 with a 2 year subscription, same price for server and workstation


Run Malwarebytes and spybot, at least twice each also.



here is a good guide

http://forums.majorgeeks.com/showthread.php?t=139313

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
I do believe you have Rootkit.Fuzen   info here  http://www.spywaredetector.net/spyware_encyclopedia/Rootkit.Fuzen.htm
It is pretty nasty and very dangerous as it creates a bockdoor to everything it touches.  Please note that you probably only know of a small fraction of the actual malicious software you have on your systems and the files I have found on these sites should check for them but just to make sure also run Spybot, AdAware, and

http://www.cyber-defender.com/EDC/landing/10/?affl=webmetro_googlep2dav&kw=spyware&campaign_code=347127&int_page=1&c=1&s&wm_lpID=4276202&wm_ctID=13&wm_kwID=3963322&wm_mtID=3&wm_content=0&wm_g_crID=2817448319&wm_g_kw=spyware&wm_g_pcmt=&wm_g_cnt=0&gclid=CKSUm6bJ0JgCFRk_awodiWa22A&wm_defaultURL=http%3a%2f%2fwww.cyber-defender.com%2fEDC%2flanding%2f10%2f%3faffl%3dwebmetro_googlep2dav%26kw%3d{keyword}%26campaign_code%3d347127%26int_page%3d1%26c%3d1%26s&wm_kw=spyware

That long link is cyberdefender as well as
http://www.pctools.com/spyware-doctor/?ref=google_ab&gclid=CNiN_cDJ0JgCFShRagodQihv1g

Also try these sites for more ways to check if there are still other viruses, rootkits, backdoors, and or trojans on your system as they don't like to be alone and have group rape sessions with your hardware and software depending on the type.

http://www.esoft.web.id/rootkit-revealer-1.71.html
http://www.myantispyware.com/categories/rookit/
http://www.spywareremovalblog.com/remove-marioforeverexe/
http://www.spywaredoctorhelp.com/marioforeverexe-removal/
http://forums.majorgeeks.com/showthread.php?t=157933
I recommend hiring a security expert to do forensic analysis to determine how it entered your network and when so that you can take effective measures against it occuring again. You also need forensic analysis to see if the machine has been completely cleaned. You can't trust an anti-virus program after the fact to clean up the mess. They're best used as preventative measures. Your IT security incident response specialist should be able to give you detailed instructions for removing the malware on one host that can then be applied to the rest if you want to save money.

Anti-virus software specifically is not effective against root kits. However, many users mistakenly label regular viruses as root kits. The W32.Mariofev.A virus does not use a rootkit. The best anti-virus measure surely isn't anti-virus software, but rather keeping applications, application plugins, and the OS updated with security updates and properly training your users not to open e-mail attachments or use their workstations for non-work related tasks.

Author

Commented:
Used the guide you posted and as well installed avast sbs edition.  Thanks

Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.