Security → MonaRonaDona "virus"?

okay ya'll I got this virus feb. 29th at 4:39am. I'm not a comp. newbie. I know comps. I couldn't find anything on this virus so I called the geek squad and they sent me here. I read everything and copied and pasted SRVSPOOL.EXE to search and found the file. I deleted it from search. Now let me tell ya'll everything I did prior to that.
I have 3 different profiles on this one comp. I went to another profile and deleted the profile but saved the major files to another profile. The virus wasn't on it. I then went back to the infected profile and tried to find out what in the heck happened and why virus protector didn't go off. Now finding out that it is a hijacking and made into a anti-virus scam. I must say this is very intelligent! I couldn't find the main file it had made so I just did a system restore. My comp. was running okay but still something wasn't right. I was still losing files and things weren't working. After I found the main file and deleted it and deleted the files that wasn't working correctly any longer and I am still going to delete the infect profile and make another. This is the simplest way I know if you are not very computer knowledge; most people can run search and right click a mouse and scroll down to delete.

Best wishes to anyone seeking help with this pain the butt virus.

Sincerely,
Sassy

So has anyone yet figured out what the infection vector is? In googling about I can read about lots of folks with the issue but can't find any info about how they think they contracted this POS.

THANK!! That did the trick. I am very thankful! I was not sure there to go after Nortons did not find the virus! But this worked. Thanks again!

TOO get rid of the MonaRondaDona virus,use key F8, go into Safe mode find the startup program an DELETE Srvspool.exe then restart your computer.It should be gone.....

how do i get my task mangerto work

hi i am trying to find task manger trooble shooting..can't find it..how do i get my task manger to work please

If you were registered here I could have sent you this in a message and not have to "mess" the thread discussion a little
A freebie Unlocker should free something so you can delete.

I wrote two seperate fixes for this issue, including fixing the task manager, earlier in this thread. Either one will ensure that the virus is gone and your Task Manager and Title bars on IE and OE are repaired. See the first page of discussion in this thread. If you have removed the file, it will not harm things to do the full fix steps given earlier. They will repair Task Manager access among other things. Both will delete the active infector file if it still exists as well. The second one, using a freeware utility OTMOVEIT, would be the best choice, as it includes a first step using HijackThis that will ensure that no access denied errors are an issue for you. OTMOVEIT will unregister the file prior to deletion, and then schedules the actual deletion for the next restart, so it would not have access denied errors in deleting the file.

i did that and my task manger is still not working...

Help Me IM new. I just bought a Dell Computer one month Two days ago I have the MonaRonaDona Virus. I had been accually installing MSN and their version of messenger. I have been reading your message forum but don't know what I should do. PLEASE HELP,

new

The only entry that I have seen effecting the Task Manager is the one reverted by the two fixes mentioned earlier in this thread. It may be that there is now an entry in the HKLM hive as well as HKCU for the policy item effecting Task Manger.

Please do either of the following:

• I revised both earlier scripts to include the HKLM hive. You can safely rerun any of the earlier fixes in order to handle this additional registry area.

-- OR --

• Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from here:

http://downloads.malwareremoval.com/BillCastner/FixPolicies.exe
 

• Double-click FixPolicies.exe
• Click the "Install" button on the bottom toolbar of the box that will open.
• The program will create a new Folder called FixPolicies
• Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
• A black box will briefly appear and then close. This will enable your Control Panel, Task Manager and stop any Administrative warnings.

This question is still open. Do we know the way?

It will likely stay open as a question for at least a while. The practice in the anti-malware research community is not to discuss the gory details.

It is a very safe bet that this infection, (as is the case with most) are actively researched. However, for good reason the results are not always publicly disclosed. Every Forum post, every AV software that detects the anomalous file, every online scanner that was used, .etc feeds into several common pools of identified questionable files and heuristic behaviors, and action is taken.

Which is why if your antivirus or other anti-malware tool has a "Community" or "Net" of some kind you have the option to join, please do so. In addition, letting the AV vendors know in their Forums about an issue that is not resolved with current definitions helps immensly. Some anti-malware programs will automatically submit over the internet questionable files for anlaysis if so configured. It is in your interest to use these resources to fight the good fight.

I have not a problem with this malware and I do know that "my community" is informed (»forums.microsoft.com/Win ··· SiteID=2).

But I think it is important to know which way is this malware using. Prevention is better than detection - I think.

Yup..seems it is really getting deep out there with the UniGrapes...

»forums.microsoft.com/win ··· pageid=1

If you want a theory in Spanish try this link..

»www.psicofxp.com/forums/ ··· ona.html

If you want another vector theory..seems people who have downloaded and installed something called REGISTRYCLEANFIX2008.. a crack keygen thing.. also shows in many highjack logs along with MonaRonaDona. It might be a connection

thanx for your info on monaronadona virus.I'm a novice with computers, couldn't have gotten rid of it without all of you

Removed srvspool.exe as suggested. Nice one !! Disappeared completely.

Thanks for your info, I have been able to delete this MonaRonaDona virus from my system and enable task manager but to kill all Trojan in my system, what is the code should i type in notepad before saving as "KillTrojan.cmd"

All the text in the Quote box.
There are horizontal lines to mark the beginning and end of the Quote box.

The easier fix is a few posts below it. It uses HijackThis and a free utility called OTMOVEIT2 by Old Timer.

MonaRonaDona Remover
»Re: MonaRonaDona "virus"?

Bcastner,
I still don't get it, can u copy the text that i need here
Thanks

Hay, i got the text and i save it.
When i run it a black box came up and goes off.
Wat should i do next?

I think he's looking for something a little more in depth... you might not have caught this little statement...That seems a bit more complicated, doesn't it.

The black box should appear and then disappear.
The file you created should disappear as well.
Reboot and test.
You should be done with MonaRonaDona.

If you think it did not work, use the second fix method:
»Re: MonaRonaDona "virus"?

said by MDReferee :

---

That seems a bit more complicated, doesn' it.

---

Dunno.
Certainly the OP came here for MonaRonaDona.
Other issues are not suitable for handling in the Security subForum, and the post would get killed if I attempted to do so.

Anything that appears to be a one-to-one malware removal must be done only in the Security Cleanup Forum. The fixes I posted earlier raised some objections by some already; the fact that they were generic and not directed to a specific individual allowed them to stay.

One-on-one removal, or any other Trojan issue, would start with this: »Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance

I did this in XP by selecting safe mode /dos prompt & it allowed the necessary deletions that Windows won't allow.