Yamaha Home Theater
Spyware, viruses, & security : monadonarona
- 2/25/08 3:08 PM
monadonarona
by Kees Bakker - 2/25/08 3:08 PM
There's a post in Newbies about this supposed malware: http://forums.cnet.com/5208-6121_102-0.html?forumID=45&threadID=285414
It's found (uniquely, it seems) found by unigray (see www.unigray.com/monaronadona.html), recommended by two members in their replies. The links sells it for $39.90.
Curious circumstances:
1. Google finds next to nothing for MONADONARONA. It needs help by telling it to search in forums.cnet.com and then it finds that discussion (only).
2. All 4 members posting (excluding me) in a time-span of less than one hour are new members and this is their only post.
I suspect an elaborate shill (and maybe scam). Marianna, Donna, Roddy, if you agree, can you add a warning to that discussion in the Newbie forum? Or even better, I think, delete it. I'm going to sleep now (midnight here), so I leave this to you for the moment.
Thanks!
Kees
Sorry, I meant "less than 1 day".
by Kees Bakker - 2/25/08 3:12 PM
In reply to: monadonarona by Kees Bakker
Still suspicious, IMO.
Kees
Don't you mean "Monaronadona"?
by Dawg Monitor - 2/25/08 4:05 PM In reply to: monadonarona by Kees Bakker
Turns out looking in Google how you searched it tells me nothing as you said, but you grouped it wrong. Try "Monaronadona" as spelled on that thread. The searched results showed about a couple of similar questions but if you look at each user asking these questions just posted his first. Also, their been one person on each post named "Justin F" answering these and suggesting unigray.
So basically your right, its a scam.
MonaRonaDona - removal
by Marianna Schmudlach - 2/25/08 4:11 PM
In reply to: monadonarona by Kees Bakker
I found this:
Somebody added it to your Titlebar - likely through registry/group policy.
Look in your registry:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"Window Title"=
--
Shenan Stanley
MS-MVP
http://groups.google.fr/group/microsoft.public.windowsxp.general/browse_thread/thread/c1abac6c4c12064e/e2a9bdcb1d2c3f9c
Re: unigray antivirus
by Kees Bakker - 2/27/08 5:20 AM
In reply to: monadonarona by Kees Bakker
I donwloaded their program and installed it (after Norton found it was virus-free). I must say it's amazing.
All it installs:
- the program itself, some 6 Mb
- an uninstall dat and exe
- an icon
- some shortcuts and pifs
- NO virus definitions
Then I ran it. It said:
Virus definition version: 02.73.88 (Februari 15, 2008)
DB version: 4.34/2008
Protecting against 679871 threads
That's fairly impressive for a company that's only on the web for 6 days.
Then (after disabling the real-time protection it offers, which is amazing on its own given the components it installed) I used it to scan my clean (according to Norton) system. It found:
- 240 viruses
- 48 malware
- 43 adware
Most of them were in Microsoft programs (like Visual Studio). And I'm sure they don't contain those viruses and malware. So these are false positives. I preferred not to run the Repair, for obvious reasons.
Then I checked for updated definitions. Couldn't harm, as I had none. So the program contacted their website (or so it said) and reported I already had the latest version (those of Februari 15, remember). Then I went to their (rather unimpressive) website and found out that they added detection for monaronadona on Februari 22.
Which leaves me wondering why so many of our new members report it cleaned it off their systems if it's a version one week older.
I'm uninstalling the program now, and still feel rather safe behind my firewall.
Somehow, I keep thinking this is a scam.
Kees
MonaRonaDona fix!
by vredeling - 2/29/08 4:15 PM In reply to: Re: unigray antivirus by Kees Bakker
NEVER download executables and DON'T pay any money to anyone to get this problem resolved. Despite what anybody says (the people that did this are actually posting responses to my postings as if I am wrong!) read the following carefully and check your machine to confirm that I am right. Fix once you have confirmed what I describe below.
Despite lack of information on the Internet, I was able to pinpoint the culprit that was causing my machine to start acting up due to the MonaRonaDona virus.
I was able to fix the problem and here is how.
The virus installs an executable SRVSPOOL.EXE in the startup folder of the all users account. Click Start/Programs/Startup, right click the SRVSPOOL.EXE entry and delete it. How to fix the header of your Internet explorer and how to re-enable taskmanager, is posted in numerous postings online.
Re-enable Task Manager: Troubleshooting Windows XP, Tweaks and Fixes for Windows XP
Go to this page and try #51 from the right column. Click on "enable the task
manager."
Modify header of Internet explorer: How do i get rid of monaronadona on top bar of my homepage? - Yahoo! Answers
(optionally, you can manually type "Microsoft Internet Explorer" to replace the string "MonaRonaDona".
After that, reboot your machine.
The virus puts a message on the screen. Aside from that, the task manager is disabled, the header of Internet Explorer is modified and when trying to open programs, those programs are shut down immediately.
Whatever you do, do NOT download and install the virus scanner named UniGray. That "scanner" is a scam, a non-working piece of software. The website tries to get you to register and pay for something that does nothing.
Hope this info helps those who come across this virus. It seems to be a brand new occurence given the lack of solutions found on the Internet.
MonaRonaDona, unable to delete SRVSPOOL.EXE from Startup
by Rbecca1965 - 2/29/08 7:06 PM In reply to: MonaRonaDona fix! by vredelingI need help please. I tried deleting the SRVSPOOL.EXE Version 1.0.0.1 file from my Startup file as you directed in you message. Unfortunately, it will not delete.
I am running on Win. XP Pro., version 5.1 with Internet Explorer 6.0.2900.2180.xpsp_sp2_gdr.050301-1519.
I am new to all of this virus stuff, and will require possible step by step instructions. I promise I am not an idiot. I just have never had anything like this before and therfore, have never had to go hunting for certain files and/or folders.
I don't know where the registry is on my pc, but I have found the above SRVSPOOL.EXE file and it is located C:drive\Documents & Settings\All Users\Start Menu\Programs\Startup. I have tried to delete it from there as well, but each time it says:
"Cannot delete SRVSPOOL: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use."
It also appears to be tagged or named that of something from Microsoft Corporation, or at least that is what is listed under in the value, when I view it's properties. It says the file was created Sunday, February 24, 2008.
I not only have the MonaRonaDona in my explorer bar, but I also have this big message stuck on my screen overlapping any and all programs that I open. It really stinks!!
All I know is that I am having huge problems with it and thankfully I have a new pc that I writing this on now. I am currently trying to clean and reconfigure the old pc up to use for my 3 year old autistic grandson, to play his educational games on, and somehow I got this stupid virus.
Please note, that since I do have both pc's online, I will be able to chat with someone live, that can perhaps help me through this. I would appreciate any and all help that you all are willing to provide.
Thanks,
Rbecca
MonaRonaDona fix - extra manual step
by vredeling - 2/29/08 7:17 PM In reply to: MonaRonaDona, unable to delete SRVSPOOL.EXE from Startup by Rbecca1965Rbecca,
You should be able to delete the file if you log off as the user you normally log on as, and log back on as administrator.
If that still doesn't work, go to http://www.kellys-korner-xp.com/xp_tweaks.htm
Go to this page and try #51 from the right column. Click on "enable the task manager." This makes a change to your registry (harmless) that will re-enable the task manager. After that, try deleting the file from your startup folder again.
Let us know if that works. It worked for me when I fixed the problem yesterday.
Hans
Kells=korner tweaks
by Rbecca1965 - 2/29/08 7:32 PM In reply to: MonaRonaDona fix - extra manual step by vredelingHans,
I am currently at the site you recommended and have gone to #51. Do I want to save or run this file. Also, am I sure I want to add the information in C:\Documents and Settings\Rebecca\Local Settins\Tempoary Internet Files\Content.IE5\I1032XYL\taskmanager[1].reg to the registry?
Thanks,
Rbecca
task manager - registry tweak
by vredeling - 2/29/08 7:44 PM In reply to: Kells=korner tweaks by Rbecca1965I believe you don't need to do this anymore since in your other posting you indicated you were able to rid your machine of the SRVSPOOL.EXE by logging on as a different user. Correct?
You may have to reboot to confirm your task manager is back. If still greyed out, then yes: doubleclick the #51 and execute. It will prompt you if you want to execute and modify the registry. Reply "yes".
Please be aware that modifying your registry can potentially be dangerous and disastrous. Only do this when you have a trusted source and someone you think you can trust. I will leave it up to you how you judge me at this point 
All that is left besides the registry tweak is the modification of the Internet Explorer header which I explained in my other post.
Hans
monaronadona/task manager vista 32bit
by Art Keetra - 3/3/08 4:28 PM In reply to: MonaRonaDona fix - extra manual step by vredelingHans
I am newish to this game. I've managed to delete the mdr viruse by selecting safe mode.
I think my task manager is disabled I've downloaded page 51 but am not sure of it's origin/content/compatability.Any advice would be appreciated.
Art
MonaRonaDona - task manager fix
by vredeling - 3/3/08 5:13 PM In reply to: monaronadona/task manager vista 32bit by Art KeetraArt,
You can safely use this tool to re-enable your taskmanager. It is a file with a .reg extension which contains registry entries. Click the link and choose to execute. When it asks to add to the registry, reply "yes".
Note: Normally, I would STRONGLY recommend to NEVER download executables or do anything that affects your registry unless you are absolutely certain the source is trusted and the modifications made are not malicious. If you are familiar with registry entries, you can also choose to save the file first and then open it in Notepad for example. You can then see which changes will be made to your registry when you doubleclick the downloaded file.
Hans
MonaRonaDona - task manager fix
by Art Keetra - 3/4/08 12:20 AM In reply to: MonaRonaDona - task manager fix by vredelingHello Hans.
Much obliged, what you have suggested will be part of a learning curve for me, will give it a bash !
Art.
Task manager
by Art Keetra - 3/4/08 4:48 AM In reply to: MonaRonaDona - task manager fix by vredelingHans.
Have downloaded 'enable task manager' p51.
Opened it up and it is in notepad form
Cannot see any link, only 4 components.
Could you please advise as to where do I go from there.
Art
Regeditor
by vredeling - 3/4/08 6:22 AM In reply to: Task manager by Art KeetraArt,
You should doubleclick the downloaded file. The .REG extension should make it to where Windows wants to add the entries to the registry. If doubleclicking doesn't work, then do the following:
hit Start/Run, enter "regedit", click OK
in the registry editor that opens up, choose File/Import, point to the file you downloaded (should be called <filename>.REG and hit "open".
Hope that works.
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
