dthomann
asked on
Network infected with Marioforever.exe
My entire network is infected with the marioforever.exe rootkit. And when I mean my entire network, I mean it goes all the way from my servers to my user's computers and I think it recently killed my plotter printer (though the plotter is just speculation). Does anyone know an effective way to get rid of it from the servers? I'm going to purchase an enterprise class anti-viral software such as avast to get rid of it (prior it guy never installed any kind of virus protection). I found that when I scheduled a boot time scan on my PC (vista) that it was able to rid my system of it, though I'm nervous about letting a program such as avast quarantine and delete system critical files that aren't locked down...I just don't want to kill my servers over a virus and am fairly new to this game. My main DC is an SBS 2003 server R2, and all my other servers are win 2000.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I recommend hiring a security expert to do forensic analysis to determine how it entered your network and when so that you can take effective measures against it occuring again. You also need forensic analysis to see if the machine has been completely cleaned. You can't trust an anti-virus program after the fact to clean up the mess. They're best used as preventative measures. Your IT security incident response specialist should be able to give you detailed instructions for removing the malware on one host that can then be applied to the rest if you want to save money.
Anti-virus software specifically is not effective against root kits. However, many users mistakenly label regular viruses as root kits. The W32.Mariofev.A virus does not use a rootkit. The best anti-virus measure surely isn't anti-virus software, but rather keeping applications, application plugins, and the OS updated with security updates and properly training your users not to open e-mail attachments or use their workstations for non-work related tasks.
Anti-virus software specifically is not effective against root kits. However, many users mistakenly label regular viruses as root kits. The W32.Mariofev.A virus does not use a rootkit. The best anti-virus measure surely isn't anti-virus software, but rather keeping applications, application plugins, and the OS updated with security updates and properly training your users not to open e-mail attachments or use their workstations for non-work related tasks.
ASKER
Used the guide you posted and as well installed avast sbs edition. Thanks
It is pretty nasty and very dangerous as it creates a bockdoor to everything it touches. Please note that you probably only know of a small fraction of the actual malicious software you have on your systems and the files I have found on these sites should check for them but just to make sure also run Spybot, AdAware, and
http://www.cyber-defender.com/EDC/landing/10/?affl=webmetro_googlep2dav&kw=spyware&campaign_code=347127&int_page=1&c=1&s&wm_lpID=4276202&wm_ctID=13&wm_kwID=3963322&wm_mtID=3&wm_content=0&wm_g_crID=2817448319&wm_g_kw=spyware&wm_g_pcmt=&wm_g_cnt=0&gclid=CKSUm6bJ0JgCFRk_awodiWa22A&wm_defaultURL=http%3a%2f%2fwww.cyber-defender.com%2fEDC%2flanding%2f10%2f%3faffl%3dwebmetro_googlep2dav%26kw%3d{keyword}%26campaign_code%
That long link is cyberdefender as well as
http://www.pctools.com/spyware-doctor/?ref=google_ab&gclid=CNiN_cDJ0JgCFShRagodQihv1g
Also try these sites for more ways to check if there are still other viruses, rootkits, backdoors, and or trojans on your system as they don't like to be alone and have group rape sessions with your hardware and software depending on the type.
http://www.esoft.web.id/rootkit-revealer-1.71.html
http://www.myantispyware.com/categories/rookit/
http://www.spywareremovalblog.com/remove-marioforeverexe/
http://www.spywaredoctorhelp.com/marioforeverexe-removal/
http://forums.majorgeeks.com/showthread.php?t=157933