Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 945
  • Last Modified:

Network infected with Marioforever.exe

My entire network is infected with the marioforever.exe rootkit.  And when I mean my entire network, I mean it goes all the way from my servers to my user's computers and I think it recently killed my plotter printer (though the plotter is just speculation).  Does anyone know an effective way to get rid of it from the servers?  I'm going to purchase an enterprise class anti-viral software such as avast to get rid of it (prior it guy never installed any kind of virus protection).  I found that when I scheduled a boot time scan on my PC (vista) that it was able to rid my system of it, though I'm nervous about letting a program such as avast quarantine and delete system critical files that aren't locked down...I just don't want to kill my servers over a virus and am fairly new to this game.  My main DC is an SBS 2003 server R2, and all my other servers are win 2000.  
0
dthomann
Asked:
dthomann
1 Solution
 
jdcompCommented:
You can buy the trend micro for small business along with licenses and deploy it from your serve, each license is about $50 with a 2 year subscription, same price for server and workstation


Run Malwarebytes and spybot, at least twice each also.



here is a good guide

http://forums.majorgeeks.com/showthread.php?t=139313
0
 
ElectronicNinjaGreenBuddhaCommented:
I do believe you have Rootkit.Fuzen   info here  http://www.spywaredetector.net/spyware_encyclopedia/Rootkit.Fuzen.htm
It is pretty nasty and very dangerous as it creates a bockdoor to everything it touches.  Please note that you probably only know of a small fraction of the actual malicious software you have on your systems and the files I have found on these sites should check for them but just to make sure also run Spybot, AdAware, and

http://www.cyber-defender.com/EDC/landing/10/?affl=webmetro_googlep2dav&kw=spyware&campaign_code=347127&int_page=1&c=1&s&wm_lpID=4276202&wm_ctID=13&wm_kwID=3963322&wm_mtID=3&wm_content=0&wm_g_crID=2817448319&wm_g_kw=spyware&wm_g_pcmt=&wm_g_cnt=0&gclid=CKSUm6bJ0JgCFRk_awodiWa22A&wm_defaultURL=http%3a%2f%2fwww.cyber-defender.com%2fEDC%2flanding%2f10%2f%3faffl%3dwebmetro_googlep2dav%26kw%3d{keyword}%26campaign_code%3d347127%26int_page%3d1%26c%3d1%26s&wm_kw=spyware

That long link is cyberdefender as well as
http://www.pctools.com/spyware-doctor/?ref=google_ab&gclid=CNiN_cDJ0JgCFShRagodQihv1g

Also try these sites for more ways to check if there are still other viruses, rootkits, backdoors, and or trojans on your system as they don't like to be alone and have group rape sessions with your hardware and software depending on the type.

http://www.esoft.web.id/rootkit-revealer-1.71.html
http://www.myantispyware.com/categories/rookit/
http://www.spywareremovalblog.com/remove-marioforeverexe/
http://www.spywaredoctorhelp.com/marioforeverexe-removal/
http://forums.majorgeeks.com/showthread.php?t=157933
0
 
AdamsConsultingCommented:
I recommend hiring a security expert to do forensic analysis to determine how it entered your network and when so that you can take effective measures against it occuring again. You also need forensic analysis to see if the machine has been completely cleaned. You can't trust an anti-virus program after the fact to clean up the mess. They're best used as preventative measures. Your IT security incident response specialist should be able to give you detailed instructions for removing the malware on one host that can then be applied to the rest if you want to save money.

Anti-virus software specifically is not effective against root kits. However, many users mistakenly label regular viruses as root kits. The W32.Mariofev.A virus does not use a rootkit. The best anti-virus measure surely isn't anti-virus software, but rather keeping applications, application plugins, and the OS updated with security updates and properly training your users not to open e-mail attachments or use their workstations for non-work related tasks.
0
 
dthomannAuthor Commented:
Used the guide you posted and as well installed avast sbs edition.  Thanks

0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now