new virus warning "marioforever.exe"

Hey guys. Just wanted to give you all a heads up about a new virus. It's called marioforever, and it propagates through network shares and shared printers. It also does not differentiate between pc's and computers on a network, so it is easily identified by the 600 page print jobs it throws out to any network printers, or local printers that are shared.

I work in the IT dept for the hospital here. We contracted this virus at 8:34 yesterday morning, and by 9am it had infected over 1500 computers and was sending repeated print jobs to every one of our 800 network printers. I was stuck at work from 7:30am yesterday morning until I finally left @ 9am this morning. Just woke up :|.

We have sent the infected file to symantec and mcafee for analysis, and have gotten confirmation of the infection, and symantec has released a rapid release virus definition update to include this virus. No word yet from mcafee.

Anyways, just keep your eyes open. The virus creates several registry entries, and two executable files

%systemdrive%marioforever.exe
%systemroot%acl.exe

sCNA is registered in system services, and acl.exe will show up in running processes.

we have found the best immediate resolution is to disable the sCNA service, kill the acl.exe process, delete the marioforever.exe / acl.exe and replace the two exe's with txt files marked as read only and renamed to marioforever.exe and acl.exe. This will prevent the virus from re-creating the executables. Updtate virus definitions asap, and run a full system scan.


good luck, and happy computing! :).


J.