dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
96332
share rss forum feed


Sassygal31023

@mchsi.com
reply to jimschoe

Re: MonaRonaDona "virus"?

okay ya'll I got this virus feb. 29th at 4:39am. I'm not a comp. newbie. I know comps. I couldn't find anything on this virus so I called the geek squad and they sent me here. I read everything and copied and pasted SRVSPOOL.EXE to search and found the file. I deleted it from search. Now let me tell ya'll everything I did prior to that.
I have 3 different profiles on this one comp. I went to another profile and deleted the profile but saved the major files to another profile. The virus wasn't on it. I then went back to the infected profile and tried to find out what in the heck happened and why virus protector didn't go off. Now finding out that it is a hijacking and made into a anti-virus scam. I must say this is very intelligent! I couldn't find the main file it had made so I just did a system restore. My comp. was running okay but still something wasn't right. I was still losing files and things weren't working. After I found the main file and deleted it and deleted the files that wasn't working correctly any longer and I am still going to delete the infect profile and make another. This is the simplest way I know if you are not very computer knowledge; most people can run search and right click a mouse and scroll down to delete.

Best wishes to anyone seeking help with this pain the butt virus.

Sincerely,
Sassy


NanDog
The Pup Was Female, I'M Not
Premium
join:2003-12-28
reply to bcastner
So has anyone yet figured out what the infection vector is? In googling about I can read about lots of folks with the issue but can't find any info about how they think they contracted this POS.
--
See ya across the Rainbow Bridge, my good and faithful friend!


sonikrx

@bendbroadband.com
reply to bcastner
THANK!! That did the trick. I am very thankful! I was not sure there to go after Nortons did not find the virus! But this worked. Thanks again!


wrongway

@consolidated.net
reply to jimschoe
TOO get rid of the MonaRondaDona virus,use key F8, go into Safe mode find the startup program an DELETE Srvspool.exe then restart your computer.It should be gone.....
Expand your moderator at work


theresa5790

@cgocable.net
reply to MysteryFCM

Re: MonaRonaDona "virus"?

how do i get my task mangerto work


theresa5790

@cgocable.net
reply to bcastner
hi i am trying to find task manger trooble shooting..can't find it..how do i get my task manger to work please


Rxdoxx
Premium,Ex-Mod 2002-13
join:2000-11-03
Middle River, MD
kudos:11
reply to jimschoe
said by jimschoe :

I just Tried to delete the Srvspool and it says access denied. Anyone else have any new news??
If you were registered here I could have sent you this in a message and not have to "mess" the thread discussion a little
A freebie Unlocker should free something so you can delete.
--
Was a Cruise Fanatic, one cruise on Princess cured me. Bleah


bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
kudos:7

4 edits
reply to theresa5790
I wrote two seperate fixes for this issue, including fixing the task manager, earlier in this thread. Either one will ensure that the virus is gone and your Task Manager and Title bars on IE and OE are repaired. See the first page of discussion in this thread. If you have removed the file, it will not harm things to do the full fix steps given earlier. They will repair Task Manager access among other things. Both will delete the active infector file if it still exists as well. The second one, using a freeware utility OTMOVEIT, would be the best choice, as it includes a first step using HijackThis that will ensure that no access denied errors are an issue for you. OTMOVEIT will unregister the file prior to deletion, and then schedules the actual deletion for the next restart, so it would not have access denied errors in deleting the file.

--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users



theresa5790

@cgocable.net
i did that and my task manger is still not working...


SherriStiller

@pacbell.net
reply to bcastner
Help Me IM new. I just bought a Dell Computer one month Two days ago I have the MonaRonaDona Virus. I had been accually installing MSN and their version of messenger. I have been reading your message forum but don't know what I should do. PLEASE HELP,

new


bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
kudos:7

2 edits
reply to theresa5790
The only entry that I have seen effecting the Task Manager is the one reverted by the two fixes mentioned earlier in this thread. It may be that there is now an entry in the HKLM hive as well as HKCU for the policy item effecting Task Manger.

Please do either of the following:

• I revised both earlier scripts to include the HKLM hive. You can safely rerun any of the earlier fixes in order to handle this additional registry area.

-- OR --

• Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from here:
http://downloads.malwareremoval.com/BillCastner/FixPolicies.exe
 

• Double-click FixPolicies.exe
• Click the "Install" button on the bottom toolbar of the box that will open.
• The program will create a new Folder called FixPolicies
• Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
• A black box will briefly appear and then close. This will enable your Control Panel, Task Manager and stop any Administrative warnings.

--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users

Expand your moderator at work


DevilFrank

join:2003-07-13
Reviews:
·T-Com
reply to NanDog

Re: MonaRonaDona "virus"?

said by NanDog:

So has anyone yet figured out what the infection vector is? In googling about I can read about lots of folks with the issue but can't find any info about how they think they contracted this POS.
This question is still open. Do we know the way?
--
Regards from Germany. Please excuse my stumbling English


bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
kudos:7

1 edit
It will likely stay open as a question for at least a while. The practice in the anti-malware research community is not to discuss the gory details.

It is a very safe bet that this infection, (as is the case with most) are actively researched. However, for good reason the results are not always publicly disclosed. Every Forum post, every AV software that detects the anomalous file, every online scanner that was used, .etc feeds into several common pools of identified questionable files and heuristic behaviors, and action is taken.

Which is why if your antivirus or other anti-malware tool has a "Community" or "Net" of some kind you have the option to join, please do so. In addition, letting the AV vendors know in their Forums about an issue that is not resolved with current definitions helps immensly. Some anti-malware programs will automatically submit over the internet questionable files for anlaysis if so configured. It is in your interest to use these resources to fight the good fight.

--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users

Expand your moderator at work


DevilFrank

join:2003-07-13
Reviews:
·T-Com
reply to bcastner

Re: MonaRonaDona "virus"?

I have not a problem with this malware and I do know that "my community" is informed (»forums.microsoft.com/WindowsOneC ··· SiteID=2).

But I think it is important to know which way is this malware using. Prevention is better than detection - I think.
--
Regards from Germany. Please excuse my stumbling English


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

2 edits
said by DevilFrank:

I have not a problem with this malware and I do know that "my community" is informed (»forums.microsoft.com/WindowsOneC ··· SiteID=2).

But I think it is important to know which way is this malware using. Prevention is better than detection - I think.
Yup..seems it is really getting deep out there with the UniGrapes...

»forums.microsoft.com/windowsonec ··· pageid=1

If you want a theory in Spanish try this link..

»www.psicofxp.com/forums/segurida ··· ona.html

If you want another vector theory..seems people who have downloaded and installed something called REGISTRYCLEANFIX2008.. a crack keygen thing.. also shows in many highjack logs along with MonaRonaDona. It might be a connection --
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/


zardol

@cox.net
reply to bcastner
thanx for your info on monaronadona virus.I'm a novice with computers, couldn't have gotten rid of it without all of you


DMCC

@blueyonder.co.uk
reply to HVredeling
Removed srvspool.exe as suggested. Nice one !! Disappeared completely.


Mato

@blueyonder.co.uk
reply to bcastner
Thanks for your info, I have been able to delete this MonaRonaDona virus from my system and enable task manager but to kill all Trojan in my system, what is the code should i type in notepad before saving as "KillTrojan.cmd"


bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
kudos:7

1 edit
All the text in the Quote box.
There are horizontal lines to mark the beginning and end of the Quote box.

The easier fix is a few posts below it. It uses HijackThis and a free utility called OTMOVEIT2 by Old Timer.

MonaRonaDona Remover
»Re: MonaRonaDona "virus"?


mato

@blueyonder.co.uk
reply to bcastner
Bcastner,
I still don't get it, can u copy the text that i need here
Thanks


Mato

@blueyonder.co.uk
reply to bcastner
Hay, i got the text and i save it.
When i run it a black box came up and goes off.
Wat should i do next?


MDReferee
Federal Flack
Premium
join:2001-10-21
Germantown, MD
reply to bcastner
said by bcastner:

All the text in the Quote box.
I think he's looking for something a little more in depth... you might not have caught this little statement...

said by Mato :

...but to kill all Trojan in my system...
That seems a bit more complicated, doesn't it.
--
If I didn't see it... it didn't happen!


bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
kudos:7

1 edit
reply to Mato
The black box should appear and then disappear.
The file you created should disappear as well.
Reboot and test.
You should be done with MonaRonaDona.

If you think it did not work, use the second fix method:
»Re: MonaRonaDona "virus"?


bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
kudos:7

1 edit

2 recommendations

reply to MDReferee
said by MDReferee :
That seems a bit more complicated, doesn' it.
Dunno.
Certainly the OP came here for MonaRonaDona.
Other issues are not suitable for handling in the Security subForum, and the post would get killed if I attempted to do so.

Anything that appears to be a one-to-one malware removal must be done only in the Security Cleanup Forum. The fixes I posted earlier raised some objections by some already; the fact that they were generic and not directed to a specific individual allowed them to stay.

One-on-one removal, or any other Trojan issue, would start with this: »Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance


Fred Dag

@iprimus.net.au
reply to HVredeling
I did this in XP by selecting safe mode /dos prompt & it allowed the necessary deletions that Windows won't allow.