Jump to content

mario.exe

naji

By naji
in Networks and the Internet

 Share

Recommended Posts

naji

naji

Posted
Posted

my pc copies a file named mario.exe to the floppy drive whenever i insert a floppy....help

i found a file named mario in the windows prefetch folder and two references to the files VB6ES.DLL and mario.exe in HKEY_CURRENT_USER/Software/Microsoft/Search Assistant/ACMru/5603/

Nortant Antivirus 2004 or AVG antivirus does not detect any threats...

what is mario???

HELP?

Link to comment
Share on other sites

prathapml

prathapml

Posted
Posted

Hmm....

Does sound odd.

Since you mention "pre-fetch" I'll assume this is Windows XP we are talking about.

1. First off, in folder options, ensure that both "hidden" and "system" files are asked to be visible.

2. Go to "Control Panel >> System Properties >> System Restore".

3. And put a check-mark at the "turn off System restore on all drives".

4. open "C:\Documents and Settings\USER_NAME\Local Settings\Temp" and delete all contents of that folder.

5. Clean out "C:\WINDOWS\Temp" as well.

6. Clean out the pre-fetch folder (C:\WINDOWS\Prefetch) as well.

7. Empty the recycle bin and re-boot.

8. Log back in (after reboot) and re-enable system restore.

Does this solve the "mario" issue?

EDIT:

Also, run "Search" and choose "Change Preferences >> Search With a different character" and choose "Rover" or something that you know is a genuine search assistant.

Link to comment
Share on other sites
naji

naji

Posted
  • Author
Posted

why cant norton antivirus clean it?? this virus was around since 2002...right?

since i dont have McAfee antivirus is there any other way i could get around this?

Prathapmal....i ll give it a try when go to work tommorow....its my pc at work thats having the virus...and what was that about using a genuine search assistant?? was somthing wrong with my original question? did i give obsolete info?? man im just looking around and im new? i can do without the mockery!!

anyway thanks for the help...still the best place to ask... ;)

Link to comment
Share on other sites
CoffeeFiend

CoffeeFiend

Posted
Posted
why cant norton antivirus clean it?? this virus was around since 2002...right?

I'm not surprised one bit by that (and I bet mcaffee doesn't do much better with it) - yet people want to use norton and say it's best... Why? It's completely beyond me. There are much better AVs out there (kaspersky, nod32, etc) that do a lot better job and that aren't resource hogs like norton. Norton AV is known to miss 1 in 4 viruses and its support for scanning archives (ace/rar/iso/ etc) is poor at best and last I read comparisons it was also the biggest system resource hog and also the slowest in terms of scanning speeds (kb/s)...

Link to comment
Share on other sites
prathapml

prathapml

Posted
Posted

@naji

Nopes, no mocking or something involved. I was talking about a genuine thing which could help. No mis-understanding. Heck, we were all newbies once!

What's the name of your infected REG key? "HKEY_CURRENT_USER/Software/Microsoft/Search Assistant/ACMru/5603/"

What's the "Search Assistant" (the search pane on left side, with that annoying dog) in Windows XP called? - You guessed it - "Search Assistant".

So the thought that occurred first here was, maybe the "Search Assistant" on your machine at work was kicked out in some manner and this virus took its place. So I said, change the "Search Assistant" back to the un-infected, genuine one (like maybe Rover the dog). Because, if its still using an infected "Search Assistant", that file will be "in-use" and can't be deleted.

PHEW!!! Now you see why the term Genuine "Search Assistant" was used? We're here to help you buddy! Friends wouldn't mock while helping! (maybe after the issue is solved, but that's another matter huh? LOL).

Link to comment
Share on other sites
naji

naji

Posted
  • Author
Posted

@prathapmal....sorry abt that....i get a bit paranoid at times...my search assistant is still the default (rover the dog) and earlier i deleted the stuff i found in windows/prefetch and the registry...but i did not clean everything u mentioned in ur earlier post...i ll give it a try and let u know...and yes system restore is as always off in my pcs'...i never use the feature....and since u pretty much run the show around here i would like to know ur personal favourite AV software...

lately i have been using AVG antivirus...its fast and detects stuff that nortan cant....

@crahak....yes i agree....i like nortan antivirus less and less everyday....the **** thing slows down the system especialy after a while...

Link to comment
Share on other sites
naji

naji

Posted
  • Author
Posted
(prathapml  Posted: Sep 23 2004, 12:30 PM)

1. First off, in folder options, ensure that both "hidden" and "system" files are asked to be visible.

2. Go to "Control Panel >> System Properties >> System Restore".

3. And put a check-mark at the "turn off System restore on all drives".

4. open "C:\Documents and Settings\USER_NAME\Local Settings\Temp" and delete all contents of that folder.

5. Clean out "C:\WINDOWS\Temp" as well.

6. Clean out the pre-fetch folder (C:\WINDOWS\Prefetch) as well.

7. Empty the recycle bin and re-boot.

8. Log back in (after reboot) and re-enable system restore.

prathapmal... i cleaned the folders u mentioned...and still have not yet resolved the issue...pls advice
(sleepnmojo Posted: Sep 23 2004, 07:17 PM) Don't know if this is against the rules, but why don't you post it. I don't mind taking a look at it.

@sleepnmojo....ok ill uploadt it to my free webspace and post a link later....and if it is against the rules sombody better warn me.... ;)

(TomcaT Posted: Sep 24 2004, 06:09 AM)

I searched Norton and found this, it might just help you, READ IT ALL before you start......

@TomcaT...im confused ... i did some google searches and associated the symptoms i described to the following names....are they all the same and is W32.Stuplo also releated to the names below??

W32.HLLW.Foxma (NAV)

W32/Mario.worm.b

Win32.HLLW.Mario (AVP)

W32/Foxma.worm

WORM_FOXMA.A

Win32.HLLW.Foxma

W32/HLLW.Foxmango

PE_HLLW.FOXM.A

Win32.Foxmagno

W32/Foxmagno

(SiMoNsAyS Posted: Sep 24 2004, 06:19 AM)

LoL a spanish language vir

i think it can be safely removed if you delete mario.exe

@SiMoNsAyS.... i have tried deleting the files buddy...and i m using the english version of windows XP pro. so i would not have a folder named Menu' Inicio would I?

(oioldman Posted: Sep 24 2004, 06:33 AM)

From the mcafee site you can download a program called stinger.exe which is a standalone program.

It does not need installing and will find and remove a large number of virus.

@oioldman, i did download the standalone utillity stinger from the link u provided and unfortunately it didnt cure the mario syndrome....besides i dont think stinger is written for any of the viruses i listed above....but still its a great tool....thanks for the link.

im lost guys...help

Link to comment
Share on other sites
XtremeMaC

XtremeMaC

Posted
Posted

things to do:

  • go to http://www.sysinternals.com/files/autoruns.zip and download the autoruns file which is a tool to monitor your start-up folders
  • then download process explorer http://www.sysinternals.com/files/procexpnt.zip
  • once u dl process explorer look for ambiguous files and close them.
  • then open up autoruns program and locate suspicious files. look for their paths and manually go to those folders and delete those files.
  • then delete the ambiguios files that u see in there, like random numbers or characters, if u're unsure there is a save option under "file" choose that and post.
  • after that restart, then check if the problem still persists. if so u've 2 more option.
  • 1. go to symantec's mario.exe removal tool and use it.
  • 2. download some free spyware removal tools, (those help too!) and first update their definitions and remove the spywares.

after these steps u should be fine.

if u're uncertain of anything contact me...

Link to comment
Share on other sites
naji

naji

Posted
  • Author
Posted

guys...thanks for all the help....and thanks to XtremeMaCs' Process Explorer, i found a file named rund11.exe in the system32 folder....which was causing the mario issues...everything is back to normal after this file was deleted...

thanks all and XtremeMac...that was a pretty usefull tool u introduced... :thumbup

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...