MysteryFCM
join:2006-10-01
England | reply to bcastner
Re: MonaRonaDona "virus"?
hiya dude 
Been trying to find a sample of this that I can analyse but haven't been successful thus far |
|
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs: 
 ·Verizon Online DSL
| If I get a live one I will do a capture and post at MR.
Just read this "review" of Unigray Antivirus.
quote:
Re: unigray antivirus
by Kees Bakker - 2/27/08 5:20 AM
In reply to: monadonarona by Kees Bakker
I donwloaded their program and installed it (after Norton found it was virus-free). I must say it's amazing.
All it installs:
- the program itself, some 6 Mb
- an uninstall dat and exe
- an icon
- some shortcuts and pifs
- NO virus definitions
Then I ran it. It said:
Virus definition version: 02.73.88 (Februari 15, 2008)
DB version: 4.34/2008
Protecting against 679871 threads
That's fairly impressive for a company that's only on the web for 6 days.
Then (after disabling the real-time protection it offers, which is amazing on its own given the components it installed) I used it to scan my clean (according to Norton) system. It found:
- 240 viruses
- 48 malware
- 43 adware
Most of them were in Microsoft programs (like Visual Studio). And I'm sure they don't contain those viruses and malware. So these are false positives. I preferred not to run the Repair, for obvious reasons.
Then I checked for updated definitions. Couldn't harm, as I had none. So the program contacted their website (or so it said) and reported I already had the latest version (those of Februari 15, remember). Then I went to their (rather unimpressive) website and found out that they added detection for monaronadona on Februari 22.
Which leaves me wondering why so many of our new members report it cleaned it off their systems if it's a version one week older.
I'm uninstalling the program now, and still feel rather safe behind my firewall.
Somehow, I keep thinking this is a scam.
Kees
»forums.cnet.com/5208-6132_102-0.···=2715970
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
|
|
jrmarto
join:2004-02-01
Norwich, CT
| reply to MysteryFCM
This is fascinating to me as a co-worker of my husband's called me this morning complaining of this very infection, on a laptop I just helped her buy last week. She was using the Verizon subscription antivirus product. She told me she had "cured" it by creating another adminstrator account, moving her files over, and deleting her one week old account - but asked me if I had any suggestions. Never having heard of MondRonaDona I advised her to run an online scan at Trend Micro, download spybot and adaware, and keep an eye on what was going on with her computer. I would be happy to (on Monday) walk her through creating a HJT log if anybody is interested in seeing what is on her computer. |
|
computeretarded
@embarqhsd.net
| reply to bcastner
by live one, what do you mean? if you meant "some idiot that got the stupid monaronadona and doesn't know how to follow the directions you all have posted to fix it themselves" then i am totally your man!
email is up in the anonymizer... please respond. |
|
SicilianShorty
@bresnan.net
| reply to bcastner
Don't get the unigray anti-virus, since it sounds like they are the one to create the virus. Funny how they are the only virus removal software that can find the virus. Hum!
Anyway to remove the name from your taskbar after you remove it out of windows:
Run Regedit.exe (in Windows XP or later) for your registry editor and look for string HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main (Then scroll down to window title and you will find the MonaRonaDona - DELETE IT!!!!!!!)
It should be gone next time you reboot your computer. |
|
