Marioforever.exe – What Is It And How To Remove It?

What is marioforever.exe?

Marioforeve.exe is a rogue process and belongs to the worm, W32.Mariofev.A. This process is known to spread quickly through network shares and shared printers. If you find this process running on your PC, we recommend you immediately terminate it and take definite corrective measures to get rid of the worm with which it is associated.

Behavior of the marioforever.exe file

This rogue process is known to:

  • Create other malicious processes on your computer.
  • Remove other processes running on your computer.
  • Modify program files by injecting codes into them.
  • Access and read the data in your email address book and phone book.
  • Register a malicious DLL file.
  • Visit websites without your consent and knowledge.
  • Communicate with other systems on your network through HTTP protocol.
  • Download hidden and harmful codes from dubious websites.
  • Add entries to the registry to auto start itself.

Does deleting the marioforever.exe ensure its removal?

No, it doesn?t. To completely remove mariofoever.exe from your PC, you need to remove all the traces of the ?W32.Mariofev.A worm from your system.

Discussed below are the files that are added and modified by this malicious worm, plus the registry entries that this worm creates and modifies.

W32.Mariofev.A worm ? How Does It Affect Your System?

The W32.Mariofev.A worm, when executed creates the following files on your system:

  • %System%\yl.po
  • %System%\nvrsma.dll
  • %System%\ntpl.bin
  • %System%\mn.n
  • %System%\MarioForever.exe
  • %System%\gh.l
  • %System%\ccs.so
  • %System%\bmf.cs

The W32.Mariofev.A worm modifies the following files

  • %System%\user32.dll
  • %System%\dllcache\user32.dll

The W32.Mariofev.A worm creates following entries in the registry

  • HKEY_LOCAL_MACHINE\SOFTWARE\[NUMBER]\”[34 DIGIT HEX NUMBER]” = “[RANDOM DATA]”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\”mid” = “[RANDOM HEX DATA]”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\”ccnt” = “[NUMBER OF INFECTION ATTEMPTS]”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\”ztpInit_Dlls” = “nvrsma”

The W32.Marofev.A worm is known to delete several registry entries that lower the security settings of your computer. For instance, the worm may delete registry subkeys that contain the following strings:

  • VMware, Inc.\VMware Tools
  • VMware, Inc.
  • Vba32
  • Ukranian Antivirus center
  • SYSTEM\CurrentControlSet\Services\WinDefend
  • SYSTEM\ControlSet001\Services\avgntflt
  • Symantec\Symantec AntiVirus
  • Spyware Begone!
  • SOFTWIN\BitDefender Desktop\Maintenance\Install
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBlaster_is1
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClamAV
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVir PersonalEdition Classic
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware SE Personal
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-aware 6 Personal
  • PepiMK Software\SpybotSnD
  • Panda Software
  • McAfee\VirusScan
  • McAfee\McAfee AntiSpyware
  • KasperskyLab
  • Grisoft\AVGAntiSpyware
  • FRISK Software International
  • Doctor Web, Ltd.
  • ComputerAssociates\eTrustPestPatrol
  • Chilkat Software, Inc.
  • Arovax AntiSpyware
  • ALWIL Software\Avast
  • AllFilesystemObjects\shellex\ContextMenuHandlers\SpySweeper
  • *\shellex\ContextMenuHandlers\NOD32 Context Menu Shell Extension

Marioforever.exe removal process

To remove marioforever.exe, you need to remove all the files, processes, and registry entries associated with the worm, W32.Mariofev.A. Removing the worm manually can be very tedious and is not the most effective approach.

One mistake during manual removal process, such as deletion of a wrong file or removal of an essential registry entry may cause serious damage to your PC. We recommend you use the help of an advanced security tool to completely remove the W32.Mariofev.A worm from your computer.

The first thing you should do if you find this malicious process running on your PC is to disconnect your system from the network to prevent the virus from spreading to other computers on the network. Next, start your system in Safe Mode and run a malware scan of your entire PC using reliable antimalware tools, such as STOPzilla Antivirus and Spyware Cease.

It is also a good practice to follow up a virus scan and removal process with a thorough registry scan and cleanup. Cleaning up the registry helps in getting rid of any malicious entries that may be left behind within it. RegServe is an extremely popular registry cleanup tool that promises to perform a thorough registry scan and give you a healthy as well as clean registry in just a few minutes.

How to prevent marioforer.exe from entering your PC

Incorporate good system security practices to prevent this malicious process from entering and inflicting damage on your PC:

  • Install advanced Internet security software on your system.
  • Install a Firewall.
  • Do not email attachments before scanning them for viruses.
  • Do not download software from dubious websites and always scan them before executing.

To keep your PC free from malware infections, be vigilant use and perform regular preventive maintenance of your PC.