Security → Re: MonaRonaDona "virus"?

Thank you for the removal tool, bcastner.
For Windows Vista it worked from safe mode.
I installed Spotmau WinCare 2008 on the same date SRVPOOL was created on my computer. I'm wondering if there is any connection between them. Did anybody who had Spotmau installed got this problem?

Can you tell us the reasons and steps that led you to even download and install Spotmau WinCare 2008 in the first place ?

Thanks

THANK!! That did the trick. I am very thankful! I was not sure there to go after Nortons did not find the virus! But this worked. Thanks again!

Help Me IM new. I just bought a Dell Computer one month Two days ago I have the MonaRonaDona Virus. I had been accually installing MSN and their version of messenger. I have been reading your message forum but don't know what I should do. PLEASE HELP,

new

Thanks for your info, I have been able to delete this MonaRonaDona virus from my system and enable task manager but to kill all Trojan in my system, what is the code should i type in notepad before saving as "KillTrojan.cmd"

All the text in the Quote box.
There are horizontal lines to mark the beginning and end of the Quote box.

The easier fix is a few posts below it. It uses HijackThis and a free utility called OTMOVEIT2 by Old Timer.

MonaRonaDona Remover
»Re: MonaRonaDona "virus"?

I think he's looking for something a little more in depth... you might not have caught this little statement...That seems a bit more complicated, doesn't it.

said by MDReferee :

---

That seems a bit more complicated, doesn' it.

---

Dunno.
Certainly the OP came here for MonaRonaDona.
Other issues are not suitable for handling in the Security subForum, and the post would get killed if I attempted to do so.

Anything that appears to be a one-to-one malware removal must be done only in the Security Cleanup Forum. The fixes I posted earlier raised some objections by some already; the fact that they were generic and not directed to a specific individual allowed them to stay.

One-on-one removal, or any other Trojan issue, would start with this: »Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance

This worked great! I tried the "Who Lock Me" program and that was unsuccessful. I also had difficulty figuring out how to start my computer in safe mode. However, what you posted above worked perfectly and was so easy to follow!

THANK YOU SO MUCH!!!

Thank you soooooo much! I was completely panicked!!! Your instructions were easy to follow and I VERY MUCH appreciate your help!!! (XP User)

Hi, I ran the KillTrojan.CMD, and now my Task Manager is disabled.

How do I turn it back on?

It appears the Trojan is gone, thanks for that, BTW!!!

You could try the .reg file here if the OS is XP.

»www.kellys-korner-xp.com ··· eaks.htm

download it at #51 called Enable the Task Manager

put it on the desktop..double click on it to install..then you might have to reboot.

Also if by chance there are other reasons your's does not work then see this link and scroll down to Task Manager and see all the situations and fixes since there are three ways to bring it up.

»www.kellys-korner-xp.com ··· xp_t.htm

Thanks too to B Castner. Your batch file "killtrojan.cmd" worked well. WinXP environment.

How come Norton asleep?

On norton..did you try to force a manual update or try to get their daily >

»Re: Security Software Updates - 03 Mar 2008
Daily Updates Learn More

»www.symantec.com/busines ··· ions.jsp

Want to say thak you very much for the advice!

I have tried the fixes suggested. When I open the notepad named "KillTrojan.cmd" it does not do anything. I have gone thru the whole sequence 3 times.

Once you create the file in notepad, save it.
Rename the file "KillTrojan.bat" (instead of CMD as the file extension.

Then double click the saved and renamed file.

You may well have to manually remove the entry made to the IE Title Bar when finished: »support.microsoft.com/kb/176497

Yes, I also downloaded that very program, and that's how MY MonaRonaDona appeared, and I can't deleat the SRVPOOL, because my access is denied, but I am the Administrator on my PC, and I don't know what to do. I would say try to do a disk de-fragment, and do a disk clean-up, and then do a virus scan. That should help a little bit. Try it, and if it doesn't help, then IO don't know.

Take it from a fellow Appalachian-American - the folks in the cleanup forum are top-notch people, many of whom are industry-recognized experts. Take the issue over there, follow the bouncing ball and you'll get rid of MRD and any other malware that may be infesting your system

Of course you could pay some big box store tech a couple hundred smackers to borrow your files to their USB dongles, wipe your drive and reinstall Windows

I almost fell victim to the "space issue". Here is my revised post.

Registryfix is the culprit in this social engineering scheme. The "testimonial" of Jim Brown on the website, is from the same (no doubt) alias that is in the postings pointing to the bogus virusscanner.

The program is featured on a sponsored link on Google »pc-tools-review.com/

It now becomes very tricky to distinguish legit reviews from illegit reviews. Also, on »pc-tools-review.com/ more products get reviewed. I am now not sure that the registry scanner is the only dowload that will infect the computer with the MonaRonaDona problem.

You have to hand it to these guys: they did come up with a pretty elaborate, clever scam.

Type in "registryfix.com" in the google search box and you'll understand how elaborate and potentially widespread and dangerous this scam is.

The trick is in the space between registry and fix. "Registry fix 2008" is a legitimate scanner by Registryfixer Inc. "Registryfix" is the scam (ww.registryfix.com) and gets featured on numerous "comparison" sites, some may be legit (editor error by leaving out the space) and some may be part of the scam (like the link »pc-tools-review.com/)

Hans Vredeling
New York, NY

just wanted to say thanks to bcaster. worked like a charm and easy to execute.

bcastner, I am sur eyou have heard it a million times already, but YOU ROCK!!! Thank you for the little removal program. It kicked A$$!!!!