bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs: 
 ·Verizon Online DSL
4 edits | reply to bcastner
Re: MonaRonaDona "virus"?
MonaRonaDona Removal Tool
~~~ EDIT: You would be better doing the more comprehensive fix posted further below for Vista, XP, Windows 2003 and Windows 2008. If you have any issues, run the steps in Safe Mode.
Important Note: This fix version is likely best done in Safe Mode after creating the actual script below. The second "fix" (below): »Re: MonaRonaDona "virus"? does not have this requirement, and is likely the best overall choice.
Using your mouse, Highlight and then Right-click | Copy the entire contents of the Quote box below, including blank lines:
quote:
@echo off
cd %~dp0
REM  Quick cleanup - Restores Task Manager,
REM Fixes the IE Header, and Removes the Trojan MonaRonaDona.
REM DSLR Security Forum, Bill Castner
REM If you find this file, go ahead and delete it
TSKILL SRVSPOOL /A >nul
del /a/f/q "%systemdrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\SRVSPOOL.EXE"
rd /s/q "C:\Program Files\UniGray Antivirus">nul
rd /s/q "C:\Program Files\RegistryCleanFix2008">nul
(
echo.REGEDIT4
echo.
echo.[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
echo."DisableTaskMgr"=dword:00000000
echo.
echo.[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
echo."DisableTaskMgr"=dword:00000000
echo.
echo.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
echo."Window Title"=-
echo.
echo.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
echo."Window Title"=-
echo.
echo.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Outlook Express]
echo."Window Title"=-
echo.
echo.
)>checkit.reg
regedit /s checkit.reg
del checkit.reg
del %0
exit
Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "KillTrojan.cmd" . Exit.
Double click the new file "KillTrojan.cmd" to run the program. There is a black box that will open but there are no user prompts, and this will take only moments to complete.
Best wishes,
Bill Castner
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
|
|
Kas
@optonline.net
| Thank you for the removal tool, bcastner.
For Windows Vista it worked from safe mode.
I installed Spotmau WinCare 2008 on the same date SRVPOOL was created on my computer. I'm wondering if there is any connection between them. Did anybody who had Spotmau installed got this problem? |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| said by Kas :
Thank you for the removal tool, bcastner.
For Windows Vista it worked from safe mode.
I installed Spotmau WinCare 2008 on the same date SRVPOOL was created on my computer. I'm wondering if there is any connection between them. Did anybody who had Spotmau installed got this problem?
Can you tell us the reasons and steps that led you to even download and install Spotmau WinCare 2008 in the first place ?
Thanks
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
sonikrx
@bendbroadband.com | reply to bcastner
THANK!! That did the trick. I am very thankful! I was not sure there to go after Nortons did not find the virus! But this worked. Thanks again! |
|
SherriStiller
@pacbell.net
| reply to bcastner
 Help Me IM new. I just bought a Dell Computer one month Two days ago I have the MonaRonaDona Virus. I had been accually installing MSN and their version of messenger. I have been reading your message forum but don't know what I should do. PLEASE HELP,
new |
|
Mato
@co.uk | reply to bcastner
Re: MonaRonaDona "virus"?
Thanks for your info, I have been able to delete this MonaRonaDona virus from my system and enable task manager but to kill all Trojan in my system, what is the code should i type in notepad before saving as "KillTrojan.cmd" |
|
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL
1 edit | All the text in the Quote box.
There are horizontal lines to mark the beginning and end of the Quote box.
The easier fix is a few posts below it. It uses HijackThis and a free utility called OTMOVEIT2 by Old Timer.
MonaRonaDona Remover
»Re: MonaRonaDona "virus"? |
|
MDReferee
Federal Flack
Premium
join:2001-10-21
Germantown, MD
 ·Verizon FIOS
| said by bcastner  :All the text in the Quote box. I think he's looking for something a little more in depth... you might not have caught this little statement...
said by Mato :
...but to kill all Trojan in my system... That seems a bit more complicated, doesn't it. 
--
If I didn't see it... it didn't happen! |
|
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL
1 edit | said by MDReferee :
That seems a bit more complicated, doesn' it.
Dunno.
Certainly the OP came here for MonaRonaDona.
Other issues are not suitable for handling in the Security subForum, and the post would get killed if I attempted to do so.
Anything that appears to be a one-to-one malware removal must be done only in the Security Cleanup Forum. The fixes I posted earlier raised some objections by some already; the fact that they were generic and not directed to a specific individual allowed them to stay.
One-on-one removal, or any other Trojan issue, would start with this: »Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance |
|
Not a Comp Nerd
@montclair.edu
| reply to bcastner
This worked great! I tried the "Who Lock Me" program and that was unsuccessful. I also had difficulty figuring out how to start my computer in safe mode. However, what you posted above worked perfectly and was so easy to follow!
THANK YOU SO MUCH!!! |
|
Panicked Teacher
@qwest.net |  reply to bcastner
Thank you soooooo much! I was completely panicked!!! Your instructions were easy to follow and I VERY MUCH appreciate your help!!! (XP User) |
|
lordstarfyre
join:2008-03-03
91g02 | reply to bcastner
Hi, I ran the KillTrojan.CMD, and now my Task Manager is disabled.
How do I turn it back on?
It appears the Trojan is gone, thanks for that, BTW!!! |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
2 edits | said by lordstarfyre :Hi, I ran the KillTrojan.CMD, and now my Task Manager is disabled. How do I turn it back on? It appears the Trojan is gone, thanks for that, BTW!!! You could try the .reg file here if the OS is XP.
»www.kellys-korner-xp.com/xp_tweaks.htm
download it at #51 called Enable the Task Manager
put it on the desktop..double click on it to install..then you might have to reboot.
Also if by chance there are other reasons your's does not work then see this link and scroll down to Task Manager and see all the situations and fixes since there are three ways to bring it up.
»www.kellys-korner-xp.com/xp_t.htm
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/ |
|
terry_nyorks_uk
@btcentralplus.com
| reply to bcastner
Thanks too to B Castner. Your batch file "killtrojan.cmd" worked well. WinXP environment.
 How come Norton asleep? |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| On norton..did you try to force a manual update or try to get their daily >
»Re: Security Software Updates - 03 Mar 2008
Daily Updates Learn More
»www.symantec.com/business/securi···ions.jsp
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
Worried Novice
@btcentralplus.com | reply to bcastner
Want to say thak you very much for the advice! |
|
ME user
@charter.com | reply to bcastner
I have tried the fixes suggested. When I open the notepad named "KillTrojan.cmd" it does not do anything. I have gone thru the whole sequence 3 times.  |
|
