W32.Mariofev.A is a worm that attempts to spread over the Network Shares by copying itself, usually using the passwords as following:!@#, 1212, 123, 123456, 1313, 666, 777, adm, admin, administrator, administrator, asa, pass, password, qaz, qazxsw, qqq, qwerty, test, zaq, zaqwsx and zzz. To report the infection notification and upload itself, W32.Mariofev.A may contact the remote websites [http://]66.36.241.45/sdb/gate/ and [http://]66.36.241.45/sdb/gate/data.
What is more, W32.Mariofev.A may terminate the registry subkeys that contain the following strings to lower system security configurations:
*\shellex\ContextMenuHandlers\NOD32 Context Menu Shell Extension
AllFilesystemObjects\shellex\ContextMenuHandlers\SpySweeper
ALWIL Software\Avast
Arovax AntiSpyware
Chilkat Software, Inc.
ComputerAssociates\eTrustPestPatrol
Doctor Web, Ltd.
FRISK Software International
Grisoft\AVGAntiSpyware
KasperskyLab
McAfee\McAfee AntiSpyware
McAfee\VirusScan
Panda Software
PepiMK Software\SpybotSnD
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-aware 6 Personal
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware SE Personal
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVir PersonalEdition Classic
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClamAV
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBlaster_is1
SOFTWIN\BitDefender Desktop\Maintenance\Install
Spyware Begone!
Symantec\Symantec AntiVirus
SYSTEM\ControlSet001\Services\avgntflt
SYSTEM\CurrentControlSet\Services\WinDefend
Ukranian Antivirus center
Vba32
VMware, Inc.
VMware, Inc.\VMware Tools
How to Get Rid of W32.Mariofev.A?
There are several ways to detect and remove W32.Mariofev.A. The method you choose should be based on your own comfort and computer skill level. You can evaluate the methods below and choose which suits you best. Learn more on W32.Mariofev.A Manual Removal Instructions.