Re: MonaRonaDona "virus"? - dslreports.com

Author	All Replies
bcastner Premium,VIP,MVM join:2002-09-25 Chevy Chase, MD clubs: ·Verizon Online DSL 1 edit	reply to bcastner Re: MonaRonaDona "virus"? Where does MonaRonaDona come from? quote: "We’re still researching this", says Joel Schouwenberg of Kaspersky Labs, who calls the MonaRonaDona Trojan of the past week to be "among the most elaborately orchestrated scams" he’s seen. See if these help: »blog.threatfire.com/ »blog.washingtonpost.com/security···_ex.html »www.networkworld.com/news/2008/0···cam.html
	to forum · permalink · · 2008-03-03 21:35:08 ·
jefe Premium join:2001-05-19 Northport, NY	"We're still researching this" doesn't add much. I was hoping that one or more of the posters in this thread who have been infected might report how they suspect they got bitten.
jefe Premium join:2001-05-19 Northport, NY	to forum · permalink · · 2008-03-04 20:36:18 ·
Name Game Premium join:2002-07-07 North Myrtle Beach, SC 4 edits	said by jefe : "We're still researching this" doesn't add much. I was hoping that one or more of the posters in this thread who have been infected might report how they suspect they got bitten. you could start reading here as to what classical62 posted and then the rest of the thread where two others posted how they were infected. »Re: MonaRonaDona "virus"? here is another post by Wayonmyway »Re: MonaRonaDona "virus"? Then you can read these links Monday, March 3, 2008 MonaRonaDona Mystery Solved Some of these users unfortunately were persuaded over the past week or so to run a version of "RegistryCleaner2008.exe" (afec3d0f13b8f866f2c2eec122024165 for you researchers out there), as can be seen here: Along with a particular version of "RegistryCleaner2008.exe", came a little friend by the name of "srvspool.exe" and friends. Some of the infection symptoms are somewhat simple and silly compared to other threats we've been researching -- "MonaRonaDona" appears in the Internet Explorer title bar, the "DisableTaskManager" key in the registry is set so users cannot use Ctl+Alt+Del to kill the threat on their system, and "srvspool.exe" appears in the All Users startup folder. »blog.threatfire.com/ What we know about REGISTRYCLEANER2008.EXE: »www.prevx.com/filenames/X2024140···EXE.html -- Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/
	to forum · permalink · · 2008-03-04 20:43:04 ·


Thursday, 26-Nov 15:13:04	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF