Sassygal31023
@mchsi.com
| reply to jimschoe
Re: MonaRonaDona "virus"?
okay ya'll I got this virus feb. 29th at 4:39am. I'm not a comp. newbie. I know comps. I couldn't find anything on this virus so I called the geek squad and they sent me here. I read everything and copied and pasted SRVSPOOL.EXE to search and found the file. I deleted it from search. Now let me tell ya'll everything I did prior to that.
I have 3 different profiles on this one comp. I went to another profile and deleted the profile but saved the major files to another profile. The virus wasn't on it. I then went back to the infected profile and tried to find out what in the heck happened and why virus protector didn't go off. Now finding out that it is a hijacking and made into a anti-virus scam. I must say this is very intelligent! I couldn't find the main file it had made so I just did a system restore. My comp. was running okay but still something wasn't right. I was still losing files and things weren't working. After I found the main file and deleted it and deleted the files that wasn't working correctly any longer and I am still going to delete the infect profile and make another. This is the simplest way I know if you are not very computer knowledge; most people can run search and right click a mouse and scroll down to delete.
Best wishes to anyone seeking help with this pain the butt virus.
Sincerely,
Sassy |
|
NanDog
The Pup Was Female, I'M Not
Premium
join:2003-12-28
Tacoma, WA
 ·Rainier Connect fr..
| reply to bcastner
So has anyone yet figured out what the infection vector is? In googling about I can read about lots of folks with the issue but can't find any info about how they think they contracted this POS. 
--
See ya across the Rainbow Bridge, my good and faithful friend! |
|
sonikrx
@bendbroadband.com | reply to bcastner
THANK!! That did the trick. I am very thankful! I was not sure there to go after Nortons did not find the virus! But this worked. Thanks again! |
|
wrongway
@consolidated.net | reply to jimschoe
TOO get rid of the MonaRondaDona virus,use key F8, go into Safe mode find the startup program an DELETE Srvspool.exe then restart your computer.It should be gone..... |
|
theresa5790
@cgocable.net | reply to MysteryFCM
Re: MonaRonaDona "virus"?
how do i get my task mangerto work |
|
theresa5790
@cgocable.net | reply to bcastner
hi i am trying to find task manger trooble shooting..can't find it..how do i get my task manger to work please |
|
Rxdoxx
Premium,Mod
join:2000-11-03
Middle River, MD
clubs: 
 ·Verizon FIOS
 ·Comcast
Host:
Software
Washington & Balti..
| reply to jimschoe
said by jimschoe :
I just Tried to delete the Srvspool and it says access denied. Anyone else have any new news??
If you were registered here I could have sent you this in a message and not have to "mess" the thread discussion a little 
A freebie Unlocker should free something so you can delete.
--
Was a Cruise Fanatic, one cruise on Princess cured me. Bleah |
|
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL
4 edits | reply to theresa5790
I wrote two seperate fixes for this issue, including fixing the task manager, earlier in this thread. Either one will ensure that the virus is gone and your Task Manager and Title bars on IE and OE are repaired. See the first page of discussion in this thread. If you have removed the file, it will not harm things to do the full fix steps given earlier. They will repair Task Manager access among other things. Both will delete the active infector file if it still exists as well. The second one, using a freeware utility OTMOVEIT, would be the best choice, as it includes a first step using HijackThis that will ensure that no access denied errors are an issue for you. OTMOVEIT will unregister the file prior to deletion, and then schedules the actual deletion for the next restart, so it would not have access denied errors in deleting the file.
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
|
|
theresa5790
@cgocable.net | i did that and my task manger is still not working... |
|
SherriStiller
@pacbell.net
| reply to bcastner
 Help Me IM new. I just bought a Dell Computer one month Two days ago I have the MonaRonaDona Virus. I had been accually installing MSN and their version of messenger. I have been reading your message forum but don't know what I should do. PLEASE HELP,
new |
|
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL
2 edits | reply to theresa5790
The only entry that I have seen effecting the Task Manager is the one reverted by the two fixes mentioned earlier in this thread. It may be that there is now an entry in the HKLM hive as well as HKCU for the policy item effecting Task Manger.
Please do either of the following:
• I revised both earlier scripts to include the HKLM hive. You can safely rerun any of the earlier fixes in order to handle this additional registry area.
-- OR --
• Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from here:
• Double-click FixPolicies.exe
• Click the "Install" button on the bottom toolbar of the box that will open.
• The program will create a new Folder called FixPolicies
• Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
• A black box will briefly appear and then close. This will enable your Control Panel, Task Manager and stop any Administrative warnings.
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
|
|
DevilFrank
join:2003-07-13
·T-Com
| reply to NanDog
Re: MonaRonaDona "virus"?
said by NanDog  :So has anyone yet figured out what the infection vector is? In googling about I can read about lots of folks with the issue but can't find any info about how they think they contracted this POS. This question is still open. Do we know the way?
--
Regards from Germany. Please excuse my stumbling English |
|
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL
1 edit | It will likely stay open as a question for at least a while. The practice in the anti-malware research community is not to discuss the gory details.
It is a very safe bet that this infection, (as is the case with most) are actively researched. However, for good reason the results are not always publicly disclosed. Every Forum post, every AV software that detects the anomalous file, every online scanner that was used, .etc feeds into several common pools of identified questionable files and heuristic behaviors, and action is taken.
Which is why if your antivirus or other anti-malware tool has a "Community" or "Net" of some kind you have the option to join, please do so. In addition, letting the AV vendors know in their Forums about an issue that is not resolved with current definitions helps immensly. Some anti-malware programs will automatically submit over the internet questionable files for anlaysis if so configured. It is in your interest to use these resources to fight the good fight.
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
|
|
DevilFrank
join:2003-07-13
·T-Com
| reply to bcastner
Re: MonaRonaDona "virus"?
I have not a problem with this malware and I do know that "my community" is informed (»forums.microsoft.com/WindowsOneC···SiteID=2). 
But I think it is important to know which way is this malware using. Prevention is better than detection - I think.
--
Regards from Germany. Please excuse my stumbling English |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
2 edits | said by DevilFrank :I have not a problem with this malware and I do know that "my community" is informed (» forums.microsoft.com/WindowsOneC···SiteID=2). But I think it is important to know which way is this malware using. Prevention is better than detection - I think. Yup..seems it is really getting deep out there with the UniGrapes... 
»forums.microsoft.com/windowsonec···pageid=1
If you want a theory in Spanish try this link..
»www.psicofxp.com/forums/segurida···ona.html
If you want another vector theory..seems people who have downloaded and installed something called REGISTRYCLEANFIX2008.. a crack keygen thing.. also shows in many highjack logs along with MonaRonaDona. It might be a connection --
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/ |
|
