dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
95781
share rss forum feed


theresa5790

@cgocable.net
reply to bcastner

Re: MonaRonaDona "virus"?

i did that and my task manger is still not working...



SherriStiller

@pacbell.net
reply to bcastner

Help Me IM new. I just bought a Dell Computer one month Two days ago I have the MonaRonaDona Virus. I had been accually installing MSN and their version of messenger. I have been reading your message forum but don't know what I should do. PLEASE HELP,

new



bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
kudos:7

2 edits
reply to theresa5790

The only entry that I have seen effecting the Task Manager is the one reverted by the two fixes mentioned earlier in this thread. It may be that there is now an entry in the HKLM hive as well as HKCU for the policy item effecting Task Manger.

Please do either of the following:

• I revised both earlier scripts to include the HKLM hive. You can safely rerun any of the earlier fixes in order to handle this additional registry area.

-- OR --

• Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from here:

http://downloads.malwareremoval.com/BillCastner/FixPolicies.exe
 

• Double-click FixPolicies.exe
• Click the "Install" button on the bottom toolbar of the box that will open.
• The program will create a new Folder called FixPolicies
• Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
• A black box will briefly appear and then close. This will enable your Control Panel, Task Manager and stop any Administrative warnings.

--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users

Expand your moderator at work


DevilFrank

join:2003-07-13
Reviews:
·T-Com
reply to NanDog

Re: MonaRonaDona "virus"?

said by NanDog:

So has anyone yet figured out what the infection vector is? In googling about I can read about lots of folks with the issue but can't find any info about how they think they contracted this POS.
This question is still open. Do we know the way?
--
Regards from Germany. Please excuse my stumbling English


bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
kudos:7

1 edit

It will likely stay open as a question for at least a while. The practice in the anti-malware research community is not to discuss the gory details.

It is a very safe bet that this infection, (as is the case with most) are actively researched. However, for good reason the results are not always publicly disclosed. Every Forum post, every AV software that detects the anomalous file, every online scanner that was used, .etc feeds into several common pools of identified questionable files and heuristic behaviors, and action is taken.

Which is why if your antivirus or other anti-malware tool has a "Community" or "Net" of some kind you have the option to join, please do so. In addition, letting the AV vendors know in their Forums about an issue that is not resolved with current definitions helps immensly. Some anti-malware programs will automatically submit over the internet questionable files for anlaysis if so configured. It is in your interest to use these resources to fight the good fight.

--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users

Expand your moderator at work


DevilFrank

join:2003-07-13
Reviews:
·T-Com
reply to bcastner

Re: MonaRonaDona "virus"?

I have not a problem with this malware and I do know that "my community" is informed (»forums.microsoft.com/WindowsOneC···SiteID=2).

But I think it is important to know which way is this malware using. Prevention is better than detection - I think.
--
Regards from Germany. Please excuse my stumbling English



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

2 edits

said by DevilFrank:

I have not a problem with this malware and I do know that "my community" is informed (»forums.microsoft.com/WindowsOneC···SiteID=2).

But I think it is important to know which way is this malware using. Prevention is better than detection - I think.
Yup..seems it is really getting deep out there with the UniGrapes...

»forums.microsoft.com/windowsonec···pageid=1

If you want a theory in Spanish try this link..

»www.psicofxp.com/forums/segurida···ona.html

If you want another vector theory..seems people who have downloaded and installed something called REGISTRYCLEANFIX2008.. a crack keygen thing.. also shows in many highjack logs along with MonaRonaDona. It might be a connection --
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/


zardol

@cox.net
reply to bcastner

thanx for your info on monaronadona virus.I'm a novice with computers, couldn't have gotten rid of it without all of you



DMCC

@blueyonder.co.uk
reply to HVredeling

Removed srvspool.exe as suggested. Nice one !! Disappeared completely.



Mato

@blueyonder.co.uk
reply to bcastner

Thanks for your info, I have been able to delete this MonaRonaDona virus from my system and enable task manager but to kill all Trojan in my system, what is the code should i type in notepad before saving as "KillTrojan.cmd"



bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
kudos:7

1 edit

All the text in the Quote box.
There are horizontal lines to mark the beginning and end of the Quote box.

The easier fix is a few posts below it. It uses HijackThis and a free utility called OTMOVEIT2 by Old Timer.

MonaRonaDona Remover
»Re: MonaRonaDona "virus"?



mato

@blueyonder.co.uk
reply to bcastner

Bcastner,
I still don't get it, can u copy the text that i need here
Thanks



Mato

@blueyonder.co.uk
reply to bcastner

Hay, i got the text and i save it.
When i run it a black box came up and goes off.
Wat should i do next?



MDReferee
Federal Flack
Premium
join:2001-10-21
Germantown, MD
reply to bcastner

said by bcastner:

All the text in the Quote box.
I think he's looking for something a little more in depth... you might not have caught this little statement...

said by Mato :

...but to kill all Trojan in my system...
That seems a bit more complicated, doesn't it.
--
If I didn't see it... it didn't happen!


bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
kudos:7

1 edit
reply to Mato

The black box should appear and then disappear.
The file you created should disappear as well.
Reboot and test.
You should be done with MonaRonaDona.

If you think it did not work, use the second fix method:
»Re: MonaRonaDona "virus"?



bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
kudos:7

1 edit

2 recommendations

reply to MDReferee

said by MDReferee :
That seems a bit more complicated, doesn' it.
Dunno.
Certainly the OP came here for MonaRonaDona.
Other issues are not suitable for handling in the Security subForum, and the post would get killed if I attempted to do so.

Anything that appears to be a one-to-one malware removal must be done only in the Security Cleanup Forum. The fixes I posted earlier raised some objections by some already; the fact that they were generic and not directed to a specific individual allowed them to stay.

One-on-one removal, or any other Trojan issue, would start with this: »Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance


Fred Dag

@iprimus.net.au
reply to HVredeling

I did this in XP by selecting safe mode /dos prompt & it allowed the necessary deletions that Windows won't allow.



anndy

@aol.com
reply to HVredeling

I couldn't do it following your directions but my grandson told me how. It does require an external harddrive.
Create a shortcut to the hard drive on your desktop.
Do an advanced search for SYSPRO including hidden files
Drag the files found on the search to the shortcut
Open the external harddrive and delete

Worked great!



bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
kudos:7

There is a simple fix already posted in this thread that requires no external hard drive, no Safe Mode, and no tricks. See: »Re: MonaRonaDona "virus"?



Classical62

@aol.com
reply to bcastner

Thank you for posting all of the information on fixing this virus. I am a complete novice when it comes to doing this, but the steps were easy to follow and it appears that the issue is resolved.
I woke up to this virus "announcement" before my eyes were barley open! I had been having trouble with a website and was trying to find a way to fix it...I, too, downloaded "RegistryFix2008" about Thursday or Friday. It said I had all sorts of viruses and corrupt files ( I DO have a anti-virus program) and then wanted $ to buy the program to fix it.....but when I went to find the file so I could delete it, it was no where to be found...until this morning?



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 edit

Can you tell us what website you had problems with and where you got the suggestion or though to download that registry fix.. if it is not too personal..it would really help us all to understand how or where people are getting whacked with this one in the first place. And do I then understand your first noticed the MonaRonaDona when you rebooted your PC or first turned it on the next day ?

Thanks
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/



Conestogaman

@sbcglobal.net
reply to bcastner

Thanks for the help!! I, too, woke up to this on my 'puter. I 'may' have used the registryfix2008, but don't know for sure. I was trying to clean out another problem. Your help and tutorials cured more than this one problem and my 'puter is running much bettr now! Thank you again (can I say it too much?) for your 'good fight'!!

Sincerely,

Conestogaman



Not a Comp Nerd

@montclair.edu
reply to bcastner

This worked great! I tried the "Who Lock Me" program and that was unsuccessful. I also had difficulty figuring out how to start my computer in safe mode. However, what you posted above worked perfectly and was so easy to follow!

THANK YOU SO MUCH!!!


classical62

join:2008-03-03
Vacaville, CA

1 edit
reply to Name Game

said by Name Game:

Can you tell us what website you had problems with and where you got the suggestion or though to download that registry fix.. if it is not too personal..it would really help us all to understand how or where people are getting whacked with this one in the first place. And do I then understand your first noticed the MonaRonaDona when you rebooted your PC or first turned it on the next day ?
I was trying to make a homepage on the Shelfari.com website. Rural living only enables us to have dial-up so there are some sites, like YouTube that don't work here and that's ok, but I kept getting an "Ajax Toolkit is undefined" and "Internet Script Error" so I typed into the Netscape search engine "Ajax Toolkit" and up came Registry Fix as oneof the choices. It took a few minutes and then "scanned" my computer, showed a bunch ofviruses, corrupt files, blah, blah, blah and said to fix, click here and buy the program to fix them....I already have a anti-virus, scanny thing, so I went to remove the program and couldn't find it anywhere in the PC's files. I went to ASP.Net ( I think, my head is fairly spinnig right now) to download the Ajax Toolkit, thought I did, can't find it anywhere either, shut the computer down about three times thinking it would fix the problem on Shelfari, but it didn't. Since it wasn't something I had to have, I just left the site. That was Friday. Last night I shut the computer down instead of simply letting it hibernate and when I rebooted it this morning, I found the nasty little note, about 3x5 inch size in the lower right hand side of the computer. Hope this helps you find out what or who it's from.

Thanks

ctrlaltdelet

join:2006-08-19

1 recommendation

reply to bcastner

»www.viruslist.com/en/weblog?webl···08187485

....A comparison of the code of MonaRonaDona and Unigray Antivirus show that there are many, many similarities. This leaves very little doubt that the same group is behind both MonaRonaDona and Unigray......



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to classical62

Thanks for the detail classical62. Do you recall if the name was this..RegistryCleanFix2008 for the RegistryCleaner2008.exe

»www.prevx.com/filenames/X2024140···EXE.html
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/


classical62

join:2008-03-03
Vacaville, CA

That sounds about right.
Is this passed through Emails I have sent to people? Is this Unigray anti-virus hoping I will want to buy their "protection" and that's why I got it?