MonaRonaDona is an extortion scheme that has spread widely and quickly recently. Most antivirus programs do not yet detect, or remove, this annoyance.
For details of the scam involved, see:
Where does MonaRonaDona come from?
Quote:
"We’re still researching this", says Joel Schouwenberg of Kaspersky Labs, who calls the MonaRonaDona Trojan of the past week to be "among the most elaborately orchestrated scams" he’s seen.
See if these help provide some detals:
http://blog.threatfire.com/
http://blog.washingtonpost.com/security ... na_ex.html
http://www.networkworld.com/news/2008/0 ... -scam.html
Removal Tool for MonaRonaDona Infection
This is essentially a copy of my earlier work here:
http://www.dslreports.com/forum/r200825 ... Dona-virus
This removal tool has helped many. There were over 19,000 unique visitors to read and use my removal steps from the DSLR site in the first 48 hours that I posted the original fixes. It was written about here:
http://blog.washingtonpost.com/security ... na_ex.html
On the DSLReports site I provide a batch script method, as well as what I will post below. The safest, easiest and likely more comprehensive removal method is the only one I will post at AumHa. You can refer to the link just above to see the batch script, and use it, if that is your preference.
Please
download the
OTMoveIt2 by OldTimer.
With your mouse,
highlight and then do a
Right-click | Copy of the
entire list of file entries in the Code box below:
Code:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Window Title
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Window Title
HKEY_CURRENT_USER\Software\Microsoft\Outlook Express\\Window Title
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Window Title
HKEY_CURRENT_USER\Software\Microsoft\Outlook Express\Window Title
C:\Program Files\RegistryCleanFix2008
C:\Program Files\UniGray Antivirus
C:\Documents and Settings\All Users\SRVSPOOL.EXE /S /D
C:\Users\SRVSPOOL.EXE /S /D
- Click to Run OTMoveIt2 on your Desktop
- :!: Important -- Of the three panels shown by OTMoveIt2, only the bottom-most panel should be used. Do NOT use the top panel. See the picture:
- Rght click in the "Paste List Of Files/Patterns To Search For and Move" lower panel (under the bottom (yellow) Section Bar bar) and choose Paste.
- Click the red Moveit! button.
- Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose
Yes.
Login
Register
FAQ
Search
