- Worldstart's Tech Tips And Computer Help - http://www.worldstart.com -
Posted By On March 7, 2008 @ 3:02 PM In Security Help | No Comments
MonaRonaDona – Another Security Tip
I have received a number of e-mails and calls about a new threat called MonaRonaDona, so instead of a download today, here’s another security tip for you! The MonaRonaDona is a virus that will stop certain programs from running correctly and it will put a message on your Internet Explorer screen that says “MonaRonaDona.” If you search on the Internet for a fix to this issue, you will most likely come across a program called Unigray Antivirus, which claims to be the best program to fix this issue.
All I have to say is, “Do not buy the Unigray Antivirus!“
You see, the MonaRonaDona virus is not a virus at all. It’s actually just an elaborate scam. Unigray Antivirus will only fix MonaRonaDona and it will not protect your computer in any other way. It is speculated that the makers of MonaRonaDona are also the makers of Unigray Antivirus. This is a very clever way to make money from unknowing users.
So, now that you know about this scam, please don’t fall for it! If you become infected by MonaRonaDona, don’t panic. Just follow the steps below to get your system back to normal.
First, you will need two free programs from the Internet. One is called HijackThis and the other is called OTMoveIT2. Save both of these programs to your desktop or some place that’s easy to find. You can get HijackThis here and OTMoveIT2 here.
After saving them to your computer, follow these steps very carefully:
1.) Go to the location where you saved HijackThis. Double click on it and install it. After the installation is done, run the program (there should be a new icon on your desktop for it).
Next, select System Scan Only.
Place a checkmark next to these items (if found):
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MonaRonaDona
O4 – HKLM\..\Run: [.NET.] \FUD.exe
O4 – Global Startup: SRVSPOOL.exe
O4 – HKCU\..\Run: [RegistryCleanFixMFC] C:\Program Files\RegistryCleanFix2008\RegistryCleaner2008.exe
Click Fix Checked and when it finishes, go ahead and exit HijackThis.
2.) Go to the location where you saved OTMoveIT2 and double click it. (If you’re using Vista, right click on it and choose Run as Administrator).
Copy all the information found below. Highlight all of it, right click it and choose Copy.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Window Title
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Window Title
HKEY_CURRENT_USER\Software\Microsoft\Outlook Express\\Window Title
C:\Program Files\UniGray Antivirus
C:\Documents and Settings\All Users\SRVSPOOL.EXE /S /D
C:\Users\SRVSPOOL.EXE /S /D
Next, return to OTMoveIt2 and right click in the “Paste List of Files/Patterns to Search For and Move” window.
Important: Paste only into the bottom input panel (under the yellow bar). The top panel will not help you. Then just right click and choose Paste.
Now, click the red MoveIt button and wait several minutes. When it’s finished, look in the large right hand panel that says Results. You should see that at least the principal infector files were deleted and whichever applicable registry changes were made. (They may not all apply in your case). Close OTMoveIt2 when it has finished.
Note: If a file or folder cannot be moved immediately, you may be asked to reboot your computer to finish the move process. If you’re asked to reboot, simply choose Yes.
Now, double click and open OTMoveIt2 again. Click the green Clean Up! button at the top. (Note: It will need to access the Internet to download a small script file, so please allow your firewall to do so).
When it finishes, it will have deleted all of its quarantines, as well as, the OTMoveIt2 program and all the folders it created. Then just reboot your computer to finish up.
These steps should remove any signs and symptoms of MonaRonaDona. Stay safe!
Article printed from Worldstart's Tech Tips And Computer Help: http://www.worldstart.com
URL to article: http://www.worldstart.com/monaronadona/