dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
95902
share rss forum feed

reply to bcastner

Re: MonaRonaDona "virus"?

Thanks to "BCASTNER", I removed MonaRonaDona. IT WORKS!



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to classical62

said by classical62:

That sounds about right.
Is this passed through Emails I have sent to people? Is this Unigray anti-virus hoping I will want to buy their "protection" and that's why I got it?
Don't know about the email but I do not think so..on the other..It is not the first time some group stocked a lake..made you use their fishingpole then charged you by the inch to catch them.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/


paul newbee

@blueyonder.co.uk
reply to bcastner

Thanks so much for ur info keep up the good work



ChasG

@..amail.viennava.gov
reply to bcastner

Well Bill, I used your fix over the weekend for a friend of mine. In his case we had to go in using Safe Mode to delete the entry from the Startup folder, but once we did that everything was fine.

Thanks for posting the fix - surprising that this is not getting more attention on the main AV sites. Even if all they did was post an advisory it would be nice, but even today if you do a google search you come up with yahoo, cnet and dslreports...

Having been in the software support and development industry for years, as soon as I saw the post regarding UniGray I felt my spidey-senses go off. For the money they pay at Symantec, McAfee, TrendMicro and others, it is rare enough that none of them had anything to say about a new virus - but then to have some unknown company show up from nowhere and claim they were the only software available to deal with the threat ... well, it was pretty obvious something was not right. I hope all the people reading this contact their credit card companies immediately to protest the fraudulent charges, and take whatever other action they can to make sure whoever is behind UniGray is prosecuted. What these guys did was perpetrate a fraud.

Thanks again.



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

said by ChasG :

... What these guys did was perpetrate a fraud. Thanks again.
And somehow, I don't think that troubles them in the least. Where we may think in terms of right and wrong, others may think in terms of getting away with it or not... and how best to get away with it, at that.
--
If God wanted us to work with electrons, He'd make them big enough to see...

reply to bcastner

Thank you soooooo much! I was completely panicked!!! Your instructions were easy to follow and I VERY MUCH appreciate your help!!! (XP User)



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 edit
reply to bcastner

unigray antivirus analysis

»securitynewsfromthenet.blogspot.···sis.html

and as already posted earlier in this thread..

We detect MonaRonaDona as Trojan.Win32.Monagrey.a and Unigray Antivirus as not-a-virus:FraudTool.Win32.Unigray.a.

»www.viruslist.com/en/weblog?webl···08187485

Copyright © 1996 - 2008
Kaspersky Lab
Industry-leading Antivirus Software
All rights reserved


lordstarfyre

join:2008-03-03
91g02
reply to bcastner

Hi, I ran the KillTrojan.CMD, and now my Task Manager is disabled.

How do I turn it back on?

It appears the Trojan is gone, thanks for that, BTW!!!



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

2 edits

said by lordstarfyre:

Hi, I ran the KillTrojan.CMD, and now my Task Manager is disabled.

How do I turn it back on?

It appears the Trojan is gone, thanks for that, BTW!!!
You could try the .reg file here if the OS is XP.

»www.kellys-korner-xp.com/xp_tweaks.htm

download it at #51 called Enable the Task Manager

put it on the desktop..double click on it to install..then you might have to reboot.

Also if by chance there are other reasons your's does not work then see this link and scroll down to Task Manager and see all the situations and fixes since there are three ways to bring it up.

»www.kellys-korner-xp.com/xp_t.htm

--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/


Kim C

@as9105.com
reply to jimschoe

Try starting in safe mode(F8) you should then be able to delete it.
Don't know how to re-start the task manager though.
Best of luck.



aspen

@216.183.229.x
reply to bcastner

thank you, thank you for the help removing monaronadona and then the subsequent help with the task manager issue. I am self-employed and use my computer for my lifelihood as a daytrader, however, am completely non-tech savvy. Your instructions were excellent and worked perfectly.


BigMinge

join:2008-03-03
Wethersfield, CT
reply to bcastner

Thanks for this. I to found this when i turned my comp on.



terry_nyorks_uk

@btcentralplus.com
reply to bcastner

Thanks too to B Castner. Your batch file "killtrojan.cmd" worked well. WinXP environment.

How come Norton asleep?



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

On norton..did you try to force a manual update or try to get their daily >

»Re: Security Software Updates - 03 Mar 2008
Daily Updates Learn More

»www.symantec.com/business/securi···ions.jsp
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/



kf

@iinet.net.au
reply to bcastner

This was succesful in removing Monaronadona virus for me. Thankyou!



bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
kudos:7

1 edit

2 recommendations

reply to bcastner

Where does MonaRonaDona come from?

quote:
"We’re still researching this", says Joel Schouwenberg of Kaspersky Labs, who calls the MonaRonaDona Trojan of the past week to be "among the most elaborately orchestrated scams" he’s seen.
See if these help:
»blog.threatfire.com/
»blog.washingtonpost.com/security···_ex.html
»www.networkworld.com/news/2008/0···cam.html


dentalchick007

@comcast.net
reply to bcastner

Hey I did this to fix the virus and it worked for me! Nothing else did. Thank you so much.



sc

@rr.com
reply to bcastner

Thanks so much for the help. It worked and thank goodness it is gone.



Whateve

@charter.com
reply to HVredeling

This worked great : ) I was able to do it in safe mode but if I tried otherwise it had disabled my administration rights. My virus scan still didn't pick it up but it seems to be gone : ) Thanks so much for the information, I was at the end of my rope with this thing!



windfire55

@telus.net
reply to Sassygal31023

Be really careful as unigray says that they have the answer
to this malware,but Its a ruse,First no aunthenticity cert.
Second The product does not completely remove MRD-virus until unigray sends you a patch (monadonarona.exe)to remove
the virus and again...no authenticity certificate and It seems that I got the virus right after I had downloaded
the google tool bar,As with everyone else I seem to have recieved it through the browser it all started happening
on Febuary 29/2008



kate k

@verizon.net
reply to HVredeling

Please help. i think i removed all of monaronadona but icant change my header. i tried searching yahoo answers but nothng was useful. I also tried typing it manually Do u do that in the address box or where. somone please help me



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

said by kate k :

Please help. i think i removed all of monaronadona but icant change my header. i tried searching yahoo answers but nothng was useful. I also tried typing it manually Do u do that in the address box or where. somone please help me
Use this method
»Re: MonaRonaDona "virus"?

or this one
»Re: MonaRonaDona "virus"?

to clean everything off and get rid of the header.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/
Expand your moderator at work


Oricat

@optusnet.com.au
reply to bcastner

Re: MonaRonaDona "virus"?

Hi... Thank-you for your help with this. I have followed you instructions and all has worked very well, until the last step! After clicking "MoveIt" all results were displayed in the right hand panel as "not found" I then exited and reopened OTMoveIt, when I clicked on CleanUp a message was displayed stating "Äccess Denied"??? I tried to repeat the second step, and each time I try to move the files; they move to the results screen then the programe stops responding??? Any ideas???? This is new Laptop, running Vista, Please Help!!!



Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
kudos:13

1 edit

1 recommendation

said by Oricat :

I try to move the files; they move to the results screen then the programe stops responding??? Any ideas???? This is new Laptop, running Vista, Please Help!!!
try
"...
If you have any issues, run the steps in Safe Mode...."

edit: safe mode howto link
»www.bleepingcomputer.com/tutoria···ml#vista

Cudni
--
"Mercifully, he hit him with the soft end of the pistol."
Help yourself so God can help you.
Microsoft MVP, 2006-2007
Expand your moderator at work


Oricat

@dodo.com.au
reply to bcastner

Re: MonaRonaDona "virus"?

Fantastic... That seemed to work! Thank-you Cudni and Thanks again to Bill... Much appreciated!



bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
kudos:7

2 edits
reply to jw450

There are two versions of a complete fix for this virus on the first page of this thread.

No other site need be considered, particularly as you are asked to download a blind .RAR executable, which does not handle the Task Manager issues, the removal of the origianl dropper application, or the corruption in the IE and OE Header. You can read the reports in this thread from those who tried that fix who will attest to this.

The fixes at the beginning page of this thread are open to so that they can be read by all, and comprehensively remove MonaRonaDona. From todays Washington Post: »blog.washingtonpost.com/security···_ex.html

Direct links (You only need to use one):
»Re: MonaRonaDona "virus"?
»Re: MonaRonaDona "virus"?

These fixes have been used by thousands; the unique page view on this thread has exceeded 17,000 in two days.

Bill Castner

--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users



computeretarded

@embarqhsd.net
reply to bcastner

by live one, what do you mean? if you meant "some idiot that got the stupid monaronadona and doesn't know how to follow the directions you all have posted to fix it themselves" then i am totally your man!

email is up in the anonymizer... please respond.



computeretarded

@embarqhsd.net
reply to bcastner

also, why does my Norton or Errorsmart find this trojan? more so, why did they allow it to find it's way onto my computer in the first place?