bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs: 
 ·Verizon Online DSL
4 edits | reply to bcastner
Re: MonaRonaDona "virus"?
I guess we should be nicer to our Vista users. The following MonaRonaDona removal will work for either Windows XP or Windows Vista, Windows 2003 and Windows 2008:
1. Download HijackThis:
• Save HJTinstall.exe to your desktop.
• Double-click on the desktop icon for HJTinstall.exe.
• By default it will install to C:\Program Files\Trend Micro\HijackThis. It will also create a Desktop icon.
• Double click the HijackThis icon on your Desktop to start the Program. Select "System scan only".
Checkmark these items (if found):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MonaRonaDona
O4 - HKLM\..\Run: [.NET.] \FUD.exe
O4 - Global Startup: SRVSPOOL.exe
O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Program Files\RegistryCleanFix2008\RegistryCleaner2008.exe
Click "Fix checked", and when it finishes exit HijackThis.
2. Please download to your Desktop OT_MOVEIT2.exe:
Please double-click OTMoveIt2.exe to run the utility.
{Vista users -- right click and "Run as Administrator"}
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy); or click on the little highlighted text on the top right of the Code box that says "copy to clipboard":
Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window.
IMPORTANT -- Paste only into the bottom input panel (under the Yellow bar), The top panel will not help you.
Right-click and choose Paste.
Click the red Moveit button.
This will take several minutes as a guess, as I am scanning the user profile folder completely.
When it has finished, look in the the large right-hand panel that shows Results. You should see at least the principal infector files are deleted, and whatever applicable registry changes were made. (Not all might apply in your case.)
Close OTMoveIt2 when it has finished.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Now, Double click to open OTMOVEIT2 again.
Click the green button, "CleanupUp!" at the top.
{Note: it will need to access the internet to download a small script file. Please allow your Firewall to do so.}
When it finishes it will have deleted all of its qauarantines, as well as the OTMOVEIT2 program and all created folders.
Reboot.
Best wishes,
Bill Castner
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
|
|
Conestogaman
@sbcglobal.net
|  Thanks for the help!! I, too, woke up to this on my 'puter. I 'may' have used the registryfix2008, but don't know for sure. I was trying to clean out another problem. Your help and tutorials cured more than this one problem and my 'puter is running much bettr now! Thank you again (can I say it too much?) for your 'good fight'!!
Sincerely,
Conestogaman |
|
BigMinge
join:2008-03-03
Wethersfield, CT | reply to bcastner
Thanks for this. I to found this when i turned my comp on. |
|
kf
@net.au | reply to bcastner
This was succesful in removing Monaronadona virus for me. Thankyou! |
|
dentalchick007
@comcast.net | reply to bcastner
Hey I did this to fix the virus and it worked for me! Nothing else did. Thank you so much. |
|
sc
@rr.com | reply to bcastner
Thanks so much for the help. It worked and thank goodness it is gone. |
|
Oricat
@com.au
| reply to bcastner
Hi... Thank-you for your help with this. I have followed you instructions and all has worked very well, until the last step! After clicking "MoveIt" all results were displayed in the right hand panel as "not found" I then exited and reopened OTMoveIt, when I clicked on CleanUp a message was displayed stating "Äccess Denied"??? I tried to repeat the second step, and each time I try to move the files; they move to the results screen then the programe stops responding??? Any ideas???? This is new Laptop, running Vista, Please Help!!! |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
1 edit | said by Oricat :
I try to move the files; they move to the results screen then the programe stops responding??? Any ideas???? This is new Laptop, running Vista, Please Help!!!
try
"...
If you have any issues, run the steps in Safe Mode...."
edit: safe mode howto link
»www.bleepingcomputer.com/tutoria···ml#vista
Cudni
--
"Mercifully, he hit him with the soft end of the pistol."
Help yourself so God can help you.
Microsoft MVP, 2006-2007 |
|
Oricat
@com.au | reply to bcastner
Fantastic... That seemed to work! Thank-you Cudni and Thanks again to Bill... Much appreciated! |
|
MS
@ac.za | reply to bcastner
Thanks, It Helped |
|
omputeretard
join:2008-03-04
Decatur, IN | reply to bcastner
you are the man. i am primadona free thanks to you. |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| All Hail bcastner  , All Hail!
Hopefully, this thread and this experience will cause a bit of a light bulb to come on for some of the less computer-literate.
This infection is pure social engineering.
Don't believe everything you see in a pop-up on your screen, in an e-mail, etc.
In fact, don't even open unrecognized e-mails. Simply delete them.
You have no unknown benefactor in Nigeria who has died and willed you a large amount of money, if only you could send the cash for the process to be transacted.
You have no virus or other issue with your computer simply because some random and unrecognized pop-up says so, with the "guaranteed cure right here at this link".
Etc.
And when in doubt, don't do it.
Learning from mistakes is a positive experience.
Ignoring mistakes and continuing to make the same ones is strictly a dead-end street, and potentially a ticket to a financial nightmare or identity theft merry-go-round.
It does keep folks busy in this forum, though.  |
|
Mona Moaner
@wa.gov
|  reply to bcastner
Thanks for the info to get Mona off, but now I can't shutdown my comp. However, after reboot, my task manager was enabled. I have to pull the power to shut down. It hangs when I go to Start/Shutdown. How can I fix this? I hope they shoot the b___stards that did this.
MM |
|
qwerty714
@verizon.net | reply to bcastner
it worked thank you so much you will be in my prayers tonight  |
|
omputeretard
join:2008-03-04
Decatur, IN
| reply to AB
well yeah i have learned a few things. but when i found errorsmart i was on the microsoft download site. what are they thinking? i mean its not very professional of them to go screwing people out of money. yay to corporate wool over my blind and unintelligent eyelids. it must have been an add or something that i assumed was from microsuck. |
|
omputeretard
join:2008-03-04
Decatur, IN
| reply to AB
well yeah i have learned a few things. but when i found errorsmart i was on the microsoft download site. what are they thinking? i mean its not very professinal of them to go screwing people out of money. yay to corperate wool over my blind and unintelligent eyelids. it must have been an add or something that i assumed was from microsuck. |
|
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL
| reply to Mona Moaner
MonaRonaDona (and its "fix") come nowhere near any setting that would effect your ability to do a shutdown normally.
I think it best you raise this as a new issue in the Security Cleanup Forum. Be sure to follow the prerquisite steps in large letters at the top of the Forum prior to posting.
We will run some diagnostic tests to see what is up.
Bill Castner
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
|
|
Larry G
@comcast.net | reply to bcastner
Thanks Thanks Thanks Yes, this solution really
does work.. Some of the virus software folks haven't
even found it -- their software does not identify or
do anything to help. Your article is the best solution.
Larry Gorin |
|
SingOlong
@on.ca | reply to bcastner
Cool man You are the coolest person on earth. |
|
eosab
@wideopenwest.com
| reply to bcastner
THANK YOU!!!!! I could kiss you full on the lips for posting this cure. I would have been one of those people who bought the antivirus software... after searching and getting frustrated... I was willing to try anything. You saved me $40 and restored my faith in the kindness of total strangers. Today, you are my hero.
Thanks again,
Elissa |
|
