HVredeling
@myvzw.com
| Re: MonaRonaDona "virus"? Despite lack of information on the Internet, I was able to pinpoint the culprit that was causing my machine to start acting up due to the MonaRonaDona virus.
I was able to fix the problem and here is how.
The virus installs an executable SRVSPOOL.EXE in the startup folder of the all users account. Click Start/Programs/Startup, right click the SRVSPOOL.EXE entry and delete it. How to fix the header of your Internet explorer and how to re-enable taskmanager, is posted in numerous postings online.
Re-enable Task Manager: Troubleshooting Windows XP, Tweaks and Fixes for Windows XP
Go to this page and try #51 from the right column. Click on "enable the task
manager."
Modify header of Internet explorer: How do i get rid of monaronadona on top bar of my homepage? - Yahoo! Answers
(optionally, you can manually type "Microsoft Internet Explorer" to replace the string "MonaRonaDona".
After that, reboot your machine.
The virus puts a message on the screen. Aside from that, the task manager is disabled, the header of Internet Explorer is modified and when trying to open programs, those programs are shut down immediately.
Whatever you do, do NOT download and install the virus scanner named UniGray. That "scanner" is a scam, a non-working piece of software. The website tries to get you to register and pay for something that does nothing.
Hope this info helps those who come across this virus. It seems to be a brand new occurence given the lack of solutions found on the Internet. | |
|
jimschoe
@ameritech.net | Re: MonaRonaDona "virus"? I just Tried to delete the Srvspool and it says access denied. Anyone else have any new news?? | |
|
 | |
| | 
NanDog
The Pup Was Female, I'M Not
Premium
join:2003-12-28
Tacoma, WA
 ·Rainier Connect fr..
| Re: MonaRonaDona "virus"? said by MysteryFCM  :You really should post in the infection help forums » Security Cleanup If your suggestion was to the OP it's a bit misguided.
bcastner is one of the accredited helpers on the Security Cleanup forum: »Security Cleanup FAQ
He knows what he's doing. 
--
See ya across the Rainbow Bridge, my good and faithful friend! | |
|
| | | MysteryFCM
join:2006-10-01
England | Re: MonaRonaDona "virus"? hehe nope, my reply was to jimschoe  (I'm already familiar with BC ) | |
|
| | | | |
| | | | |
Nikki
@verizon.net | Re: MonaRonaDona "virus"? I have this virus as we speak. I am going to try and follow your response in safe mode. No I haven't gotten any messages from "UniGray Antivirus". | |
|
| | | | |
BRIAN 43
@aol.com | I AM JUST IN THE THORWS OF TRYING TO RID MYSELF OF THIS BUT UNIGRAY AS NOT COME UP AS AN OPTION, NOADWARE DID BUT DOESN'T REMOVE IT EITHER | |
|
| | | | | | |
| | | |
NanDog
The Pup Was Female, I'M Not
Premium
join:2003-12-28
Tacoma, WA
1 edit | MysteryFCM said: "hehe nope, my reply was to jimschoe (I'm already familiar with BC )"
Sorry! My bad! | |
|
| |
theresa5790
@cgocable.net | how do i get my task mangerto work | |
|
| |
|
Sassygal31023
@mchsi.com
| Re: MonaRonaDona "virus"? okay ya'll I got this virus feb. 29th at 4:39am. I'm not a comp. newbie. I know comps. I couldn't find anything on this virus so I called the geek squad and they sent me here. I read everything and copied and pasted SRVSPOOL.EXE to search and found the file. I deleted it from search. Now let me tell ya'll everything I did prior to that.
I have 3 different profiles on this one comp. I went to another profile and deleted the profile but saved the major files to another profile. The virus wasn't on it. I then went back to the infected profile and tried to find out what in the heck happened and why virus protector didn't go off. Now finding out that it is a hijacking and made into a anti-virus scam. I must say this is very intelligent! I couldn't find the main file it had made so I just did a system restore. My comp. was running okay but still something wasn't right. I was still losing files and things weren't working. After I found the main file and deleted it and deleted the files that wasn't working correctly any longer and I am still going to delete the infect profile and make another. This is the simplest way I know if you are not very computer knowledge; most people can run search and right click a mouse and scroll down to delete.
Best wishes to anyone seeking help with this pain the butt virus.
Sincerely,
Sassy | |
|
| |
windfire55
@telus.net
|  Re: MonaRonaDona "virus"?
to this malware,but Its a ruse,First no aunthenticity cert.
Second The product does not completely remove MRD-virus until unigray sends you a patch (monadonarona.exe)to remove
the virus and again...no authenticity certificate and It seems that I got the virus right after I had downloaded
the google tool bar,As with everyone else I seem to have recieved it through the browser it all started happening
on Febuary 29/2008 | |
|
|
wrongway
@consolidated.net | TOO get rid of the MonaRondaDona virus,use key F8, go into Safe mode find the startup program an DELETE Srvspool.exe then restart your computer.It should be gone..... | |
|
| |
|
Kim C
@as9105.com | Try starting in safe mode(F8) you should then be able to delete it.
Don't know how to re-start the task manager though.
Best of luck. | |
|
|
sandydie
@cox.net | cut 'svrspool' from start up menu and past on desktop. then delete. do a search for svrspool and delete. | |
|
|
Glen M Borror
@seovec.org
1 edit | Yeah, I just tried deleting it to, but it says access denied, and now I'm scared. I talked to my grandfather, who knows everything about computers and other stuff like that, says it's not a virus. Now I'm wondering, what does it really do then, if it is not a virus. | |
|
| | |
| | 
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
 ·Optimum Online
 ·Vonage
| said by Glen M Borror :
Yeah, I just tried deleting it to, but it says access denied, and now I'm scared. I talked to my grandfather, who knows everything about computers and other stuff like that, says it's not a virus. Now I'm wondering, what does it really do then, if it is not a virus.
You need to read the entire thread.
Did you try the two fixes? If one doesn't work, try the other one. Using safe mode might be a good idea also.
»Re: MonaRonaDona "virus"?
»Re: MonaRonaDona "virus"?
--
10,675 DEADLY TERROR ATTACKS SINCE 9/11~~TEAM DISCOVERY
Can't feel you anymore, don't need you anymore, don't believe you anymore, I don't need you anymore
| |
|
|
will
@alltel.net | Go To Safemode then delete it | |
|
Txboy
@verizon.net
| This fix worked! I have Vista and had to go into safe mode to delete it. I had Microsoft tech support logged into my pc and they followed the posted directions and it worked with a little work. They had no record of the virus as of yet and they copied the file to submit it. My One Care software did not catch it. I also searched Symantec. Kaspersky and Trend Micro sites for help and none had anything to offer. I could not find any damage to my pc from it. I did notice that the install date was 2-23-08. The file properties said that it was a file from Microsoft. The Microsoft Tech support person I worked with in the virus department was very good. He did a search on the file name and determined that is NOT a Microsoft File!!!
The tech went into the registry to change the setting for the task manager and also had to go there to give permissions in order to delete the file.
Good luck to everyone and thanks for the tip listed above!! | |
|
DMCC
@co.uk | Removed srvspool.exe as suggested. Nice one !! Disappeared completely. | |
|
Fred Dag
@net.au | I did this in XP by selecting safe mode /dos prompt & it allowed the necessary deletions that Windows won't allow. | |
|
anndy
@aol.com
| I couldn't do it following your directions but my grandson told me how. It does require an external harddrive.
Create a shortcut to the hard drive on your desktop.
Do an advanced search for SYSPRO including hidden files
Drag the files found on the search to the shortcut
Open the external harddrive and delete
Worked great! | |
|
| 
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs: | Re: MonaRonaDona "virus"? There is a simple fix already posted in this thread that requires no external hard drive, no Safe Mode, and no tricks. See: »Re: MonaRonaDona "virus"? | |
|
Whateve
@charter.com
| This worked great : ) I was able to do it in safe mode but if I tried otherwise it had disabled my administration rights. My virus scan still didn't pick it up but it seems to be gone : ) Thanks so much for the information, I was at the end of my rope with this thing! | |
|
kate k
@verizon.net | Please help. i think i removed all of monaronadona but icant change my header. i tried searching yahoo answers but nothng was useful. I also tried typing it manually Do u do that in the address box or where. somone please help me | |
|
| 
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| Re: MonaRonaDona "virus"? said by kate k :
Please help. i think i removed all of monaronadona but icant change my header. i tried searching yahoo answers but nothng was useful. I also tried typing it manually Do u do that in the address box or where. somone please help me
Use this method
»Re: MonaRonaDona "virus"?
or this one
»Re: MonaRonaDona "virus"?
to clean everything off and get rid of the header.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ | |
|
carebear
@rr.com
| I have the mother freaking MonaRonaDona virus. I am not very computer savy. I tried the start, then programs, then next I have no clue. I also have no clue if this is a right method to use or if someones leading me into another virus trap. It's just a pain in the butt for this to be on my screen eventhough people say its harmless. Can someone pleaseeeee walk me through this? Many thanks 3-6-08 4 pm Thanks | |
|
FRUSTERATED
@bresnan.net
| »www.viruslist.com/en/weblog?done···07796935
According to the virus list it wounds as thought unigray anti-virus created this virus. Sounds like a good conclusion since they are the only program I can find that says they can remove it and according to the article this unigray has only been around 2 weeks (how convenient)! | |
|
|
|
|
·