---

Tip #4682 - MonaRonaDona

Printer Friendly Version | E-Mail This Tip

Like These Tips? Get 'Em Free In Your E-mail Everyday! E-mail Address:

MonaRonaDona - Another Security Tip

I have received a number of e-mails and calls about a new threat called MonaRonaDona, so instead of a download today, here's another security tip for you! The MonaRonaDona is a virus that will stop certain programs from running correctly and it will put a message on your Internet Explorer screen that says "MonaRonaDona." If you search on the Internet for a fix to this issue, you will most likely come across a program called Unigray Antivirus, which claims to be the best program to fix this issue.

All I have to say is, "Do not buy the Unigray Antivirus!"

You see, the MonaRonaDona virus is not a virus at all. It's actually just an elaborate scam. Unigray Antivirus will only fix MonaRonaDona and it will not protect your computer in any other way. It is speculated that the makers of MonaRonaDona are also the makers of Unigray Antivirus. This is a very clever way to make money from unknowing users.

So, now that you know about this scam, please don't fall for it! If you become infected by MonaRonaDona, don't panic. Just follow the steps below to get your system back to normal.

First, you will need two free programs from the Internet. One is called HijackThis and the other is called OTMoveIT2. Save both of these programs to your desktop or some place that's easy to find. You can get HijackThis here and OTMoveIT2 here.

After saving them to your computer, follow these steps very carefully:

1.) Go to the location where you saved HijackThis. Double click on it and install it. After the installation is done, run the program (there should be a new icon on your desktop for it).

Next, select System Scan Only.

Place a checkmark next to these items (if found):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MonaRonaDona
O4 - HKLM\..\Run: [.NET.] \FUD.exe
O4 - Global Startup: SRVSPOOL.exe
O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Program Files\RegistryCleanFix2008\RegistryCleaner2008.exe

Click Fix Checked and when it finishes, go ahead and exit HijackThis.

2.) Go to the location where you saved OTMoveIT2 and double click it. (If you're using Vista, right click on it and choose Run as Administrator).

Copy all the information found below. Highlight all of it, right click it and choose Copy.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Window Title HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Window Title HKEY_CURRENT_USER\Software\Microsoft\Outlook Express\\Window Title C:\Program Files\RegistryCleanFix2008 C:\Program Files\UniGray Antivirus C:\Documents and Settings\All Users\SRVSPOOL.EXE /S /D C:\Users\SRVSPOOL.EXE /S /D

Next, return to OTMoveIt2 and right click in the "Paste List of Files/Patterns to Search For and Move" window.
Important: Paste only into the bottom input panel (under the yellow bar). The top panel will not help you. Then just right click and choose Paste.

Now, click the red MoveIt button and wait several minutes. When it's finished, look in the large right hand panel that says Results. You should see that at least the principal infector files were deleted and whichever applicable registry changes were made. (They may not all apply in your case). Close OTMoveIt2 when it has finished.

Note: If a file or folder cannot be moved immediately, you may be asked to reboot your computer to finish the move process. If you're asked to reboot, simply choose Yes.

Now, double click and open OTMoveIt2 again. Click the green Clean Up! button at the top. (Note: It will need to access the Internet to download a small script file, so please allow your firewall to do so).

When it finishes, it will have deleted all of its quarantines, as well as, the OTMoveIt2 program and all the folders it created. Then just reboot your computer to finish up.

These steps should remove any signs and symptoms of MonaRonaDona. Stay safe!

~ Gary

Want To Comment On This Tip? Click Here! We'd love to hear from you :-)

---

Like These Tips? Get 'Em Free In Your E-mail

Computer & MS Office Tips

Computer Tips & MS Office Tips Daily - Run your Windows PC like a pro! No matter what your skill level, beginner or advanced, you'll find tons of valuable tips, tricks, and ideas in every issue (plus great software deals). Become the computer guru you've always wanted to be! The tip you've just read was in this newsletter!

Computer Tips & MS Office Tips Weekly - If you don't want our Computer Tips newsletter every day, then sign up for this weekly newsletter to get the best information of the week. Sent on Fridays

Our Other Great Newsletters

Just For Grins - Each issue includes a couple clean jokes, some funny quotes, and a hilarious reader's story. Newsletter is sent five days a week

Life's Adventures - Each issue features a short story. Some of these are of the warm and fuzzy variety, some are sad, some are a little of both, but they all deliver powerful messages. Sent every Tuesday and Thursday.

Software Deals - Every week, we send out great deals in our Software Deals newsletter. Many of these deals are exclusively for our Software Deals newsletter subscribers and can't be found with our regular specials.

Enter Email address:

Your e-mail address is safe with us!
We only use it to send you the newsletters you request. It is NEVER disclosed to a third party for any reason, ever! Plus, if you decided you don't like our newsletters (don't worry, you'll love 'em :-), unsubscribing is fast and easy.

Click Here to find out why we have over 400,000 readers who enjoy our newsletters every week! (And growing fast!)

  (Computer Tips Daily)