|
 
HVredeling
@myvzw.com
| Re: MonaRonaDona "virus"? Despite lack of information on the Internet, I was able to pinpoint the culprit that was causing my machine to start acting up due to the MonaRonaDona virus.
I was able to fix the problem and here is how.
The virus installs an executable SRVSPOOL.EXE in the startup folder of the all users account. Click Start/Programs/Startup, right click the SRVSPOOL.EXE entry and delete it. How to fix the header of your Internet explorer and how to re-enable taskmanager, is posted in numerous postings online.
Re-enable Task Manager: Troubleshooting Windows XP, Tweaks and Fixes for Windows XP
Go to this page and try #51 from the right column. Click on "enable the task
manager."
Modify header of Internet explorer: How do i get rid of monaronadona on top bar of my homepage? - Yahoo! Answers
(optionally, you can manually type "Microsoft Internet Explorer" to replace the string "MonaRonaDona".
After that, reboot your machine.
The virus puts a message on the screen. Aside from that, the task manager is disabled, the header of Internet Explorer is modified and when trying to open programs, those programs are shut down immediately.
Whatever you do, do NOT download and install the virus scanner named UniGray. That "scanner" is a scam, a non-working piece of software. The website tries to get you to register and pay for something that does nothing.
Hope this info helps those who come across this virus. It seems to be a brand new occurence given the lack of solutions found on the Internet. | |
|
 |
jimschoe
@ameritech.net | Re: MonaRonaDona "virus"? I just Tried to delete the Srvspool and it says access denied. Anyone else have any new news?? | |
|
| | |
| | | 
NanDog
The Pup Was Female, I'M Not
Premium
join:2003-12-28
Tacoma, WA
 ·Rainier Connect fr..
| Re: MonaRonaDona "virus"? said by MysteryFCM  :You really should post in the infection help forums » Security Cleanup If your suggestion was to the OP it's a bit misguided.
bcastner is one of the accredited helpers on the Security Cleanup forum: »Security Cleanup FAQ
He knows what he's doing. 
--
See ya across the Rainbow Bridge, my good and faithful friend! | |
|
| | | | MysteryFCM
join:2006-10-01
England | Re: MonaRonaDona "virus"? hehe nope, my reply was to jimschoe  (I'm already familiar with BC ) | |
|
| | | | | |
| | | | | |
Nikki
@verizon.net | Re: MonaRonaDona "virus"? I have this virus as we speak. I am going to try and follow your response in safe mode. No I haven't gotten any messages from "UniGray Antivirus". | |
|
| | | | | |
BRIAN 43
@aol.com | I AM JUST IN THE THORWS OF TRYING TO RID MYSELF OF THIS BUT UNIGRAY AS NOT COME UP AS AN OPTION, NOADWARE DID BUT DOESN'T REMOVE IT EITHER | |
|
| | | | | | | |
| | | | |
NanDog
The Pup Was Female, I'M Not
Premium
join:2003-12-28
Tacoma, WA
1 edit | MysteryFCM said: "hehe nope, my reply was to jimschoe (I'm already familiar with BC )"
Sorry! My bad! | |
|
| | |
theresa5790
@cgocable.net | how do i get my task mangerto work | |
|
| | |
| |
Sassygal31023
@mchsi.com
| Re: MonaRonaDona "virus"? okay ya'll I got this virus feb. 29th at 4:39am. I'm not a comp. newbie. I know comps. I couldn't find anything on this virus so I called the geek squad and they sent me here. I read everything and copied and pasted SRVSPOOL.EXE to search and found the file. I deleted it from search. Now let me tell ya'll everything I did prior to that.
I have 3 different profiles on this one comp. I went to another profile and deleted the profile but saved the major files to another profile. The virus wasn't on it. I then went back to the infected profile and tried to find out what in the heck happened and why virus protector didn't go off. Now finding out that it is a hijacking and made into a anti-virus scam. I must say this is very intelligent! I couldn't find the main file it had made so I just did a system restore. My comp. was running okay but still something wasn't right. I was still losing files and things weren't working. After I found the main file and deleted it and deleted the files that wasn't working correctly any longer and I am still going to delete the infect profile and make another. This is the simplest way I know if you are not very computer knowledge; most people can run search and right click a mouse and scroll down to delete.
Best wishes to anyone seeking help with this pain the butt virus.
Sincerely,
Sassy | |
|
| | |
windfire55
@telus.net
|  Re: MonaRonaDona "virus"?
to this malware,but Its a ruse,First no aunthenticity cert.
Second The product does not completely remove MRD-virus until unigray sends you a patch (monadonarona.exe)to remove
the virus and again...no authenticity certificate and It seems that I got the virus right after I had downloaded
the google tool bar,As with everyone else I seem to have recieved it through the browser it all started happening
on Febuary 29/2008 | |
|
| |
wrongway
@consolidated.net | TOO get rid of the MonaRondaDona virus,use key F8, go into Safe mode find the startup program an DELETE Srvspool.exe then restart your computer.It should be gone..... | |
|
| | |
| |
Kim C
@as9105.com | Try starting in safe mode(F8) you should then be able to delete it.
Don't know how to re-start the task manager though.
Best of luck. | |
|
| |
sandydie
@cox.net | cut 'svrspool' from start up menu and past on desktop. then delete. do a search for svrspool and delete. | |
|
| |
Glen M Borror
@seovec.org
1 edit | Yeah, I just tried deleting it to, but it says access denied, and now I'm scared. I talked to my grandfather, who knows everything about computers and other stuff like that, says it's not a virus. Now I'm wondering, what does it really do then, if it is not a virus. | |
|
| | | |
| | | 
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
 ·Optimum Online
 ·Vonage
| said by Glen M Borror :
Yeah, I just tried deleting it to, but it says access denied, and now I'm scared. I talked to my grandfather, who knows everything about computers and other stuff like that, says it's not a virus. Now I'm wondering, what does it really do then, if it is not a virus.
You need to read the entire thread.
Did you try the two fixes? If one doesn't work, try the other one. Using safe mode might be a good idea also.
»Re: MonaRonaDona "virus"?
»Re: MonaRonaDona "virus"?
--
10,675 DEADLY TERROR ATTACKS SINCE 9/11~~TEAM DISCOVERY
Can't feel you anymore, don't need you anymore, don't believe you anymore, I don't need you anymore
| |
|
| |
will
@alltel.net | Go To Safemode then delete it | |
|
|
Txboy
@verizon.net
| This fix worked! I have Vista and had to go into safe mode to delete it. I had Microsoft tech support logged into my pc and they followed the posted directions and it worked with a little work. They had no record of the virus as of yet and they copied the file to submit it. My One Care software did not catch it. I also searched Symantec. Kaspersky and Trend Micro sites for help and none had anything to offer. I could not find any damage to my pc from it. I did notice that the install date was 2-23-08. The file properties said that it was a file from Microsoft. The Microsoft Tech support person I worked with in the virus department was very good. He did a search on the file name and determined that is NOT a Microsoft File!!!
The tech went into the registry to change the setting for the task manager and also had to go there to give permissions in order to delete the file.
Good luck to everyone and thanks for the tip listed above!! | |
|
|
DMCC
@co.uk | Removed srvspool.exe as suggested. Nice one !! Disappeared completely. | |
|
|
Fred Dag
@net.au | I did this in XP by selecting safe mode /dos prompt & it allowed the necessary deletions that Windows won't allow. | |
|
|
anndy
@aol.com
| I couldn't do it following your directions but my grandson told me how. It does require an external harddrive.
Create a shortcut to the hard drive on your desktop.
Do an advanced search for SYSPRO including hidden files
Drag the files found on the search to the shortcut
Open the external harddrive and delete
Worked great! | |
|
| | 
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs: | Re: MonaRonaDona "virus"? There is a simple fix already posted in this thread that requires no external hard drive, no Safe Mode, and no tricks. See: »Re: MonaRonaDona "virus"? | |
|
|
Whateve
@charter.com
| This worked great : ) I was able to do it in safe mode but if I tried otherwise it had disabled my administration rights. My virus scan still didn't pick it up but it seems to be gone : ) Thanks so much for the information, I was at the end of my rope with this thing! | |
|
|
kate k
@verizon.net | Please help. i think i removed all of monaronadona but icant change my header. i tried searching yahoo answers but nothng was useful. I also tried typing it manually Do u do that in the address box or where. somone please help me | |
|
| | 
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| Re: MonaRonaDona "virus"? said by kate k :
Please help. i think i removed all of monaronadona but icant change my header. i tried searching yahoo answers but nothng was useful. I also tried typing it manually Do u do that in the address box or where. somone please help me
Use this method
»Re: MonaRonaDona "virus"?
or this one
»Re: MonaRonaDona "virus"?
to clean everything off and get rid of the header.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ | |
|
|
carebear
@rr.com
| I have the mother freaking MonaRonaDona virus. I am not very computer savy. I tried the start, then programs, then next I have no clue. I also have no clue if this is a right method to use or if someones leading me into another virus trap. It's just a pain in the butt for this to be on my screen eventhough people say its harmless. Can someone pleaseeeee walk me through this? Many thanks 3-6-08 4 pm Thanks | |
|
|
FRUSTERATED
@bresnan.net
| »www.viruslist.com/en/weblog?done···07796935
According to the virus list it wounds as thought unigray anti-virus created this virus. Sounds like a good conclusion since they are the only program I can find that says they can remove it and according to the article this unigray has only been around 2 weeks (how convenient)! | |
|
|
MysteryFCM
join:2006-10-01
England | hiya dude
Been trying to find a sample of this that I can analyse but haven't been successful thus far | |
|
|
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL
| Re: MonaRonaDona "virus"? If I get a live one I will do a capture and post at MR.
Just read this "review" of Unigray Antivirus.
quote:
Re: unigray antivirus
by Kees Bakker - 2/27/08 5:20 AM
In reply to: monadonarona by Kees Bakker
I donwloaded their program and installed it (after Norton found it was virus-free). I must say it's amazing.
All it installs:
- the program itself, some 6 Mb
- an uninstall dat and exe
- an icon
- some shortcuts and pifs
- NO virus definitions
Then I ran it. It said:
Virus definition version: 02.73.88 (Februari 15, 2008)
DB version: 4.34/2008
Protecting against 679871 threads
That's fairly impressive for a company that's only on the web for 6 days.
Then (after disabling the real-time protection it offers, which is amazing on its own given the components it installed) I used it to scan my clean (according to Norton) system. It found:
- 240 viruses
- 48 malware
- 43 adware
Most of them were in Microsoft programs (like Visual Studio). And I'm sure they don't contain those viruses and malware. So these are false positives. I preferred not to run the Repair, for obvious reasons.
Then I checked for updated definitions. Couldn't harm, as I had none. So the program contacted their website (or so it said) and reported I already had the latest version (those of Februari 15, remember). Then I went to their (rather unimpressive) website and found out that they added detection for monaronadona on Februari 22.
Which leaves me wondering why so many of our new members report it cleaned it off their systems if it's a version one week older.
I'm uninstalling the program now, and still feel rather safe behind my firewall.
Somehow, I keep thinking this is a scam.
Kees
»forums.cnet.com/5208-6132_102-0.···=2715970
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
| |
|
| |
computeretarded
@embarqhsd.net
| Re: MonaRonaDona "virus"? by live one, what do you mean? if you meant "some idiot that got the stupid monaronadona and doesn't know how to follow the directions you all have posted to fix it themselves" then i am totally your man!
email is up in the anonymizer... please respond. | |
|
| |
SicilianShorty
@bresnan.net
| Don't get the unigray anti-virus, since it sounds like they are the one to create the virus. Funny how they are the only virus removal software that can find the virus. Hum!
Anyway to remove the name from your taskbar after you remove it out of windows:
Run Regedit.exe (in Windows XP or later) for your registry editor and look for string HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main (Then scroll down to window title and you will find the MonaRonaDona - DELETE IT!!!!!!!)
It should be gone next time you reboot your computer. | |
|
| jrmarto
join:2004-02-01
Norwich, CT
|
This is fascinating to me as a co-worker of my husband's called me this morning complaining of this very infection, on a laptop I just helped her buy last week. She was using the Verizon subscription antivirus product. She told me she had "cured" it by creating another adminstrator account, moving her files over, and deleting her one week old account - but asked me if I had any suggestions. Never having heard of MondRonaDona I advised her to run an online scan at Trend Micro, download spybot and adaware, and keep an eye on what was going on with her computer. I would be happy to (on Monday) walk her through creating a HJT log if anybody is interested in seeing what is on her computer. | |
|
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL
4 edits | MonaRonaDona Removal Tool
~~~ EDIT: You would be better doing the more comprehensive fix posted further below for Vista, XP, Windows 2003 and Windows 2008. If you have any issues, run the steps in Safe Mode.
Important Note: This fix version is likely best done in Safe Mode after creating the actual script below. The second "fix" (below): »Re: MonaRonaDona "virus"? does not have this requirement, and is likely the best overall choice.
Using your mouse, Highlight and then Right-click | Copy the entire contents of the Quote box below, including blank lines:
quote:
@echo off
cd %~dp0
REM Quick cleanup - Restores Task Manager,
REM Fixes the IE Header, and Removes the Trojan MonaRonaDona.
REM DSLR Security Forum, Bill Castner
REM If you find this file, go ahead and delete it
TSKILL SRVSPOOL /A >nul
del /a/f/q "%systemdrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\SRVSPOOL.EXE"
rd /s/q "C:\Program Files\UniGray Antivirus">nul
rd /s/q "C:\Program Files\RegistryCleanFix2008">nul
(
echo.REGEDIT4
echo.
echo.[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
echo."DisableTaskMgr"=dword:00000000
echo.
echo.[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
echo."DisableTaskMgr"=dword:00000000
echo.
echo.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
echo."Window Title"=-
echo.
echo.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
echo."Window Title"=-
echo.
echo.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Outlook Express]
echo."Window Title"=-
echo.
echo.
)>checkit.reg
regedit /s checkit.reg
del checkit.reg
del %0
exit
Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "KillTrojan.cmd" . Exit.
Double click the new file "KillTrojan.cmd" to run the program. There is a black box that will open but there are no user prompts, and this will take only moments to complete.
Best wishes,
Bill Castner
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
| |
|
|
See 25 replies to this post |
|
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL
4 edits | I guess we should be nicer to our Vista users. The following MonaRonaDona removal will work for either Windows XP or Windows Vista, Windows 2003 and Windows 2008:
1. Download HijackThis:
• Save HJTinstall.exe to your desktop.
• Double-click on the desktop icon for HJTinstall.exe.
• By default it will install to C:\Program Files\Trend Micro\HijackThis. It will also create a Desktop icon.
• Double click the HijackThis icon on your Desktop to start the Program. Select "System scan only".
Checkmark these items (if found):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MonaRonaDona
O4 - HKLM\..\Run: [.NET.] \FUD.exe
O4 - Global Startup: SRVSPOOL.exe
O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Program Files\RegistryCleanFix2008\RegistryCleaner2008.exe
Click "Fix checked", and when it finishes exit HijackThis.
2. Please download to your Desktop OT_MOVEIT2.exe:
Please double-click OTMoveIt2.exe to run the utility.
{Vista users -- right click and "Run as Administrator"}
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy); or click on the little highlighted text on the top right of the Code box that says "copy to clipboard":
Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window.
IMPORTANT -- Paste only into the bottom input panel (under the Yellow bar), The top panel will not help you.
Right-click and choose Paste.
Click the red Moveit button.
This will take several minutes as a guess, as I am scanning the user profile folder completely.
When it has finished, look in the the large right-hand panel that shows Results. You should see at least the principal infector files are deleted, and whatever applicable registry changes were made. (Not all might apply in your case.)
Close OTMoveIt2 when it has finished.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Now, Double click to open OTMOVEIT2 again.
Click the green button, "CleanupUp!" at the top.
{Note: it will need to access the internet to download a small script file. Please allow your Firewall to do so.}
When it finishes it will have deleted all of its qauarantines, as well as the OTMOVEIT2 program and all created folders.
Reboot.
Best wishes,
Bill Castner
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
| |
|
|
See 55 replies to this post |
|
UK HardDrive
@btcentralplus.com | Having tried unsuccessfully some of the recommendations here, I did a system restore and this seems to have worked(touch wood) 1st Feb 2008 UK 21:10pm | |
|
|
UK HardDrive
@btcentralplus.com | Re: MonaRonaDona "virus"? My previous post should have read 1st Mar 2008 as the date. Hope this solution works for you. Again, I did a system restore and this rid me of the problem. 20:15pm | |
|
|
|
See 6 replies to this post |
|
|
| |
theresa5790
@cgocable.net | hi i am trying to find task manger trooble shooting..can't find it..how do i get my task manger to work please | |
|
|
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL
4 edits | Re: MonaRonaDona "virus"? I wrote two seperate fixes for this issue, including fixing the task manager, earlier in this thread. Either one will ensure that the virus is gone and your Task Manager and Title bars on IE and OE are repaired. See the first page of discussion in this thread. If you have removed the file, it will not harm things to do the full fix steps given earlier. They will repair Task Manager access among other things. Both will delete the active infector file if it still exists as well. The second one, using a freeware utility OTMOVEIT, would be the best choice, as it includes a first step using HijackThis that will ensure that no access denied errors are an issue for you. OTMOVEIT will unregister the file prior to deletion, and then schedules the actual deletion for the next restart, so it would not have access denied errors in deleting the file.
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
| |
|
| |
theresa5790
@cgocable.net | Re: MonaRonaDona "virus"? i did that and my task manger is still not working... | |
|
| | | |
| | | |
aspen
| Re: MonaRonaDona "virus"? thank you, thank you for the help removing monaronadona and then the subsequent help with the task manager issue. I am self-employed and use my computer for my lifelihood as a daytrader, however, am completely non-tech savvy. Your instructions were excellent and worked perfectly. | |
|
zardol
@cox.net | thanx for your info on monaronadona virus.I'm a novice with computers, couldn't have gotten rid of it without all of you | |
|
mato
@co.uk | Bcastner,
I still don't get it, can u copy the text that i need here
Thanks | |
|
Mato
@co.uk | Hay, i got the text and i save it.
When i run it a black box came up and goes off.
Wat should i do next? | |
|
| |
Classical62
@aol.com
| Thank you for posting all of the information on fixing this virus. I am a complete novice when it comes to doing this, but the steps were easy to follow and it appears that the issue is resolved.
I woke up to this virus "announcement" before my eyes were barley open! I had been having trouble with a website and was trying to find a way to fix it...I, too, downloaded "RegistryFix2008" about Thursday or Friday. It said I had all sorts of viruses and corrupt files ( I DO have a anti-virus program) and then wanted $ to buy the program to fix it.....but when I went to find the file so I could delete it, it was no where to be found...until this morning? | |
|
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
1 edit | Re: MonaRonaDona "virus"? Can you tell us what website you had problems with and where you got the suggestion or though to download that registry fix.. if it is not too personal..it would really help us all to understand how or where people are getting whacked with this one in the first place. And do I then understand your first noticed the MonaRonaDona when you rebooted your PC or first turned it on the next day ?
Thanks
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/ | |
|
| | classical62
join:2008-03-03
Vacaville, CA
1 edit | Re: MonaRonaDona "virus"? said by Name Game :Can you tell us what website you had problems with and where you got the suggestion or though to download that registry fix.. if it is not too personal..it would really help us all to understand how or where people are getting whacked with this one in the first place. And do I then understand your first noticed the MonaRonaDona when you rebooted your PC or first turned it on the next day ? I was trying to make a homepage on the Shelfari.com website. Rural living only enables us to have dial-up so there are some sites, like YouTube that don't work here and that's ok, but I kept getting an "Ajax Toolkit is undefined" and "Internet Script Error" so I typed into the Netscape search engine "Ajax Toolkit" and up came Registry Fix as oneof the choices. It took a few minutes and then "scanned" my computer, showed a bunch ofviruses, corrupt files, blah, blah, blah and said to fix, click here and buy the program to fix them....I already have a anti-virus, scanny thing, so I went to remove the program and couldn't find it anywhere in the PC's files. I went to ASP.Net ( I think, my head is fairly spinnig right now) to download the Ajax Toolkit, thought I did, can't find it anywhere either, shut the computer down about three times thinking it would fix the problem on Shelfari, but it didn't. Since it wasn't something I had to have, I just left the site. That was Friday. Last night I shut the computer down instead of simply letting it hibernate and when I rebooted it this morning, I found the nasty little note, about 3x5 inch size in the lower right hand side of the computer. Hope this helps you find out what or who it's from.
Thanks
| |
|
| | | |
| | | | classical62
join:2008-03-03
Vacaville, CA | Re: MonaRonaDona "virus"? That sounds about right.
Is this passed through Emails I have sent to people? Is this Unigray anti-virus hoping I will want to buy their "protection" and that's why I got it? | |
|
| | | | |
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| Re: MonaRonaDona "virus"? said by classical62 :That sounds about right. Is this passed through Emails I have sent to people? Is this Unigray anti-virus hoping I will want to buy their "protection" and that's why I got it? Don't know about the email but I do not think so..on the other..It is not the first time some group stocked a lake..made you use their fishingpole then charged you by the inch to catch them. 
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ | |
|
|
Info Desperada
@rr.com | Thanks to "BCASTNER", I removed MonaRonaDona. IT WORKS! | |
|
ChasG
@viennava.gov
| Well Bill, I used your fix over the weekend for a friend of mine. In his case we had to go in using Safe Mode to delete the entry from the Startup folder, but once we did that everything was fine.
Thanks for posting the fix - surprising that this is not getting more attention on the main AV sites. Even if all they did was post an advisory it would be nice, but even today if you do a google search you come up with yahoo, cnet and dslreports...
Having been in the software support and development industry for years, as soon as I saw the post regarding UniGray I felt my spidey-senses go off. For the money they pay at Symantec, McAfee, TrendMicro and others, it is rare enough that none of them had anything to say about a new virus - but then to have some unknown company show up from nowhere and claim they were the only software available to deal with the threat ... well, it was pretty obvious something was not right. I hope all the people reading this contact their credit card companies immediately to protest the fraudulent charges, and take whatever other action they can to make sure whoever is behind UniGray is prosecuted. What these guys did was perpetrate a fraud.
Thanks again. | |
|
| 
Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
·Verizon Online DSL
| Re: MonaRonaDona "virus"? said by ChasG :
... What these guys did was perpetrate a fraud. Thanks again. And somehow, I don't think that troubles them in the least. Where we may think in terms of right and wrong, others may think in terms of getting away with it or not... and how best to get away with it, at that.
--
If God wanted us to work with electrons, He'd make them big enough to see... | |
|
|
tuaca2netzerocom
@untd.com
 from:
Name Game
| I was on webmonkey.com and cliked the freedownload for registrycleanfix2008. well it cost me $68 to regiser it and it fixed nothing. two days later the mona window popped up and i cant get anything install after i download. tried hijack this and afix from the norton site. | |
|
| | |
|
|
| 
jefe
Premium
join:2001-05-19
Northport, NY | Re: MonaRonaDona "virus"? "We're still researching this" doesn't add much. I was hoping that one or more of the posters in this thread who have been infected might report how they suspect they got bitten. | |
|
| |
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
4 edits | Re: MonaRonaDona "virus"? said by jefe :"We're still researching this" doesn't add much. I was hoping that one or more of the posters in this thread who have been infected might report how they suspect they got bitten. you could start reading here as to what classical62 posted and then the rest of the thread where two others posted how they were infected.
»Re: MonaRonaDona "virus"?
here is another post by Wayonmyway
»Re: MonaRonaDona "virus"?
Then you can read these links
Monday, March 3, 2008
MonaRonaDona Mystery Solved
Some of these users unfortunately were persuaded over the past week or so to run a version of "RegistryCleaner2008.exe" (afec3d0f13b8f866f2c2eec122024165 for you researchers out there), as can be seen here:
Along with a particular version of "RegistryCleaner2008.exe", came a little friend by the name of "srvspool.exe" and friends. Some of the infection symptoms are somewhat simple and silly compared to other threats we've been researching -- "MonaRonaDona" appears in the Internet Explorer title bar, the "DisableTaskManager" key in the registry is set so users cannot use Ctl+Alt+Del to kill the threat on their system, and "srvspool.exe" appears in the All Users startup folder.
»blog.threatfire.com/
What we know about REGISTRYCLEANER2008.EXE:
»www.prevx.com/filenames/X2024140···EXE.html
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/ | |
|
|
|
|
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL
2 edits | Re: MonaRonaDona "virus"? There are two versions of a complete fix for this virus on the first page of this thread.
No other site need be considered, particularly as you are asked to download a blind .RAR executable, which does not handle the Task Manager issues, the removal of the origianl dropper application, or the corruption in the IE and OE Header. You can read the reports in this thread from those who tried that fix who will attest to this.
The fixes at the beginning page of this thread are open to so that they can be read by all, and comprehensively remove MonaRonaDona. From todays Washington Post: »blog.washingtonpost.com/security···_ex.html
Direct links (You only need to use one):
»Re: MonaRonaDona "virus"?
»Re: MonaRonaDona "virus"?
These fixes have been used by thousands; the unique page view on this thread has exceeded 17,000 in two days.
Bill Castner
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
| |
|
|
|
|
·
Re: MonaRonaDona "virus"?