Security → MonaRonaDona "virus"?

thank you soooo much.. tried other resolutions and only yours worked.. where was norton and mcaffee? they did not have it even listed.. thaks again..

mrd now clean... can you help me with this simple but annoying problem? when internet explorer is open i can not roll up and down on page without long delays..seems like it reloads and just hangs for awhile. thanks..

Yeah, I just tried deleting it to, but it says access denied, and now I'm scared. I talked to my grandfather, who knows everything about computers and other stuff like that, says it's not a virus. Now I'm wondering, what does it really do then, if it is not a virus.

Yes, I also downloaded that very program, and that's how MY MonaRonaDona appeared, and I can't deleat the SRVPOOL, because my access is denied, but I am the Administrator on my PC, and I don't know what to do. I would say try to do a disk de-fragment, and do a disk clean-up, and then do a virus scan. That should help a little bit. Try it, and if it doesn't help, then IO don't know.

It is easily removed. Two different and effective and simple methods exist in this thread:

»Re: MonaRonaDona "virus"?
»Re: MonaRonaDona "virus"?

Shouldn't the regular free and purchased anti-virus scanners detect this and either prevent it or clean it from the computer?

I just joined and sent my money. Thank you to whomever is responsible for this site.

I got the MonaRonaDona virus this morning.

I tried the first fix, go to Programs, startup and delete. When I go there it says the startup file is empty?

I next tried the other fix. In the Highjack this, the only file that showed up was; R1-HKCU\Software\Microsoft\Internet Explorer\Main Windows Title = MonaRonaDona.

I did the "OTmovie", when it's moving the files it freezes, "not responding". Also on the right where the moved files are, it's saying SRVSPOOL.EXE and also UNIGAY not found.

??????????

Regular and free antivirus programs do not promise you that they will stop everything.

Remember this infection comes from a download a user willingly made, and the installation of the software from that download the user willingly made.

There is no Safe sex and there is no Safe hex.
The antivirus component that went temporarily missing here was between the ears of the user at the keyboard.

Sorry, I did the KillTrojan horse thing and it appears to have worked. Although IE is running very slow. I'll look thru the posts to see if this is related.

Thank you

The fixes are generic. You may not have all of the entries involved.

OTMOVEIT2 is not freezing (even if Explorer reports it not responding). In that particular fix I scan the entire user profile directory.

In the "Killtrojan.cmd" version, I target only specific files in specific folders, and do not comprehensively scan.

The second was written in anticipation of the MRD virus possibly morphing over time. (It has not to date done so.)

It is perfectly normal for either fix not to find all of the entries they look for. This is to be expected and should not be any cause for alarm. The fixes try to cover all bases. Your particular case surely will have pieces that are missing. This does not effect the fix.

Similarly, in the second fix you may not see with HijackThis all of the listed entries. This too is perfectly normal and should not be any cause for alarm.

If MonaRonaDona is there, either fix will remove it.

I truly have to apoligize as I'm computer illetrate.

As I mentioned in earlier post, I tried the "KillTrojan" thing (see, don't even know what to call things..LOL) and it appeared to have worked from I can gather. However, when I did a search for SRUSPOOL.EXE, it found a file, which I just deleted. Does this mean it's gone?

Also, as I said, IE is running real slow and not responding now. I know I read a post about it in this thread, but can not seem to find it. I've been sitting in front of the computer for hours and I'm brain dead.

Can someone point in the right direction to get IE working properly again?

Thank you for your help and patience with a computer moron...LOL

You need to read the entire thread.

Did you try the two fixes? If one doesn't work, try the other one. Using safe mode might be a good idea also.

»Re: MonaRonaDona "virus"?

»Re: MonaRonaDona "virus"?

MonaRonaDona is more annoyance than anything else. I cannot see how it would be related to any slowness in IE. One possibility that has surfaced in this long thread, is that it was not the only infection on the computer, just the most obvious.

Rather than spend hours in frustration, click on the "Security Cleanup" Forum, do the prerequisite steps bannered at the top of the Forum main page, and then submit a HijackThis log as a new reply. The folks there can use various utilities to ensure that there are no other problems, and if so, that they are competently removed.

You are not a moron! This is how you (all of us) learn, sometimes the hard way.

Did you try rebooting after the fix? If so, and that didn't help, hang in there, someone will probably have another suggestion. Edit: like bcastner above.

Re MonaRonaDona.
What does a layman do to try and rid himself of Mona..etc?
I have reinistated Task Manger, got rid of the screen problem, and now find that every so often my keyboard stops responding, my computer restarts and IE OE get blocked off.
I was using AVG but it didn't stop this virus.
If I copy the above suggestions i.e. @echo off.. etc, what do I copy it into-just desktop?
Please advise.

Thanks

You open notepad and copy the contents of what you highlighted and Copy'ed with your mouse.

You save the file with a CMD extension. This tells XP or Vista that it is a batch file.

You double click the new file to execute the batch instructions it contains.

I do think in your case you would be better off with the second method provided: »Re: MonaRonaDona "virus"?

I note too, that MonaRonaDona does nothing to the keyboard. I strongly suspect you have other issues. Rather than do anything further at this point with MonaRonaDona, head to the "Security Cleanup" subForum, follow the instructins bannered in red at the top of the Main Page, and post a HijackThis log as a new topic.

Take it from a fellow Appalachian-American - the folks in the cleanup forum are top-notch people, many of whom are industry-recognized experts. Take the issue over there, follow the bouncing ball and you'll get rid of MRD and any other malware that may be infesting your system

Of course you could pay some big box store tech a couple hundred smackers to borrow your files to their USB dongles, wipe your drive and reinstall Windows

My brand new lap top became infected with this two days after start up. I was unable to clear it with Norton 2008, or anything else I could figure out. I took it to my tech guys, and they have been fighting with this extortion ware for three days. They were able to clear it up, without wiping the HD, and apparently Norton now has an update to kill it, or at least most of it. DO NOT USE the unigrey anti virus, as this will worsen the infection, also do not use REISTRY CLEANER 2008, this will also worsen the effects.
Good luck if you have this brand new bug, it can be killed but with a little work.

How do I "download to desktop"?

I don't have this virus but have been reading this thread with interest.
To me it's quite amazing the amount of knowledge the people here possess.
I've been around computers awhile now and have learned to do alot with them but reading some of the posts here I realize how much of a baby I am on the tech end. A long way to go.
But KUDOS to all of you with this knowledge and so willing to share it with us and help us.
Your time and efforts are truly appreciated.
Thanks again,
Dan

You don't have to download it to there, any place you choose will be fine.
When downloading any file, the Desktop folder (or My Documents) is normally the default choice in the dialogue box as to where to save it, and makes it easy to find, as it's right there in front of you on your Desktop.

To Windows, your Desktop is a folder like any other folder. Start the download, when it comes to the section asking for the filename to be used for the saved files, on the left will be icons for common folders. Such as Desktop. Choose this as the location to save the file.

After initially not having any luck with the removal, I tried again today. It worked, but what I did different is that I checked the 04 - SRVSSPOOL.exe (it didn't say 'Global Startup) when I didn't before for the reason in parentheses. I then did the MoveIt program. It froze after it moved the info to the right side. I had to do a hard boot but as of this writing everything seems back to normal. Thank you for your help.

As for how I got it: My 12 y/o was using this computer and either checked an email or got it from a game site called Marapets that she plays at all the time. I don't have an antivirus on this old computer but I guess I will need to now!

Cheers Bill you helped me get rid of mona for good i hope! Thanks mate

As far as IE running slower and not responding. You were right, I followed your advise and did all the things in the security clean forum? and IE is back and running smoothly.

Thank you all so much for your help.

Thanks for reply. When I try to download the OTMoveit2.exe page I get 404 Error

It is a busy site.
I occasionally see the error as well due to this.

Wait a little while and try again.

if it helps..
did you click on the place to copy it to your clipboard then immediately paste that in a new browser address bar and then go to that link ? I do not get an error.

Registry fix is the culprit in this social engineering scheme. The "testimonial" of Jim Brown on the website, is from the same (no doubt) alias that is in the postings pointing to the bogus virusscanner.

The program is featured on a sponsored link on Google »pc-tools-review.com/

It now becomes very tricky to distinguish legit reviews from illegit reviews. Also, on »pc-tools-review.com/ more products get reviewed. I am now not sure that the registry scanner is the only dowload that will infect the computer with the MonaRonaDona problem.

You have to hand it to these guys: they did come up with a pretty elaborate, clever scam.

Type in "registryfix.co"m" in the google search box and you'll understand how elaborate and potentially widespread and dangerous this scam is.

The trick is in the space between registry and fix. "Registry fix 2008" is a legitimate scanner by Registryfixer Inc. "Registryfix" is the scam (ww.registryfix.com) and gets featured on numerous "comparison" sites, some may be legit (editor error by leaving out the space) and some may be part of the scam (like the link »pc-tools-review.com/)

Hans Vredeling
New York, NY

I almost fell victim to the "space issue". Here is my revised post.

Registryfix is the culprit in this social engineering scheme. The "testimonial" of Jim Brown on the website, is from the same (no doubt) alias that is in the postings pointing to the bogus virusscanner.

The program is featured on a sponsored link on Google »pc-tools-review.com/

It now becomes very tricky to distinguish legit reviews from illegit reviews. Also, on »pc-tools-review.com/ more products get reviewed. I am now not sure that the registry scanner is the only dowload that will infect the computer with the MonaRonaDona problem.

You have to hand it to these guys: they did come up with a pretty elaborate, clever scam.

Type in "registryfix.com" in the google search box and you'll understand how elaborate and potentially widespread and dangerous this scam is.

The trick is in the space between registry and fix. "Registry fix 2008" is a legitimate scanner by Registryfixer Inc. "Registryfix" is the scam (ww.registryfix.com) and gets featured on numerous "comparison" sites, some may be legit (editor error by leaving out the space) and some may be part of the scam (like the link »pc-tools-review.com/)

Hans Vredeling
New York, NY