Solve : New Virus?

1.	Solve : New Virus?
Answer» I've heard of a new virus out called ronamonadona virus. Anyone heard of it or how prevalent it is?I searched for it, and found this: http://www.dslreports.com/forum/r20082590-MonaRonaDona-virus Quote It is clearly extortion-ware, offering on the user's screen: "Welcome to MonaRonaDona; hi, my name is Mona RonaDona. i am a virus& i am here to Wreck Your PC." Where did you hear about it?Kim Komando ShowCould have named it Roseanne Roseannadana virus.Yes I have already been INVOLVED with this one. Removal instructions. First: Have HIJACKTHIS fix these entries (if found) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MonaRonaDona O4 - HKLM\..\Run: [.NET.] \FUD.exe O4 - Global Startup: SRVSPOOL.exe O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Program Files\RegistryCleanFix2008\RegistryCleaner2008.exe Second: Download OTMoveIt2 by OldTimer. Save it to your desktop. Double-CLICK OTMoveIt2.exe to run it. (Note: If you are running on Vista, RIGHT-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): Code: [Select]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Window Title HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Window Title HKEY_CURRENT_USER\Software\Microsoft\Outlook Express\\Window Title C:\Program Files\RegistryCleanFix2008 C:\Program Files\UniGray Antivirus C:\Documents and Settings\All Users\SRVSPOOL.EXE /S /D C:\Users\SRVSPOOL.EXE /S /D Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window. *IMPORTANT --* Paste only into the bottom input panel (under the Yellow bar), The top panel will not help you. Right-click and choose Paste. Click the red Moveit! button. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. Now, Double click to open OTMoveIt2 again. Click the green CleanupUp! button at the top. Note: it will need to access the internet to download a small script file. Please allow your Firewall to do so. When it finishes it will have deleted all of its qauarantines, as well as the OTMOVEIT2 program and all created folders. Reboot the computer. If any problems still exist due to the infection. Another tool to fix the Task Manager and other policies that this virus effects. Download to your Desktop this self-extracting ZIP archive FixPolicies.exe . Double-click FixPolicies.exe Click the Install button on the bottom toolbar of the box that will open. The program will create a new Folder called FixPolicies Double-click to Open the new Folder, and then double-click the file named Fix_Policies.cmd A black box will briefly appear and then close. This will enable your Control Panel, Task Manager and stop any ADMINISTRATIVE warnings. Quote from: spock on March 05, 2008, 08:38:53 PM Could have named it Roseanne Roseannadana virus. This one only says " Nevermind ".......

Answer»

I've heard of a new virus out called ronamonadona virus. Anyone heard of it or how prevalent it is?I searched for it, and found this:

http://www.dslreports.com/forum/r20082590-MonaRonaDona-virus

Quote

It is clearly extortion-ware, offering on the user's screen: "Welcome to MonaRonaDona; hi, my name is Mona RonaDona. i am a virus& i am here to Wreck Your PC."

Where did you hear about it?Kim Komando ShowCould have named it Roseanne Roseannadana virus.Yes I have already been INVOLVED with this one.

Removal instructions.

First:

Have HIJACKTHIS fix these entries (if found)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MonaRonaDona
O4 - HKLM\..\Run: [.NET.] \FUD.exe
O4 - Global Startup: SRVSPOOL.exe
O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Program Files\RegistryCleanFix2008\RegistryCleaner2008.exe

Second:

Download OTMoveIt2 by OldTimer.

Save it to your desktop.
Double-CLICK OTMoveIt2.exe to run it. (Note: If you are running on Vista, RIGHT-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code: [Select]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Window Title
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Window Title
HKEY_CURRENT_USER\Software\Microsoft\Outlook Express\\Window Title
C:\Program Files\RegistryCleanFix2008
C:\Program Files\UniGray Antivirus
C:\Documents and Settings\All Users\SRVSPOOL.EXE /S /D
C:\Users\SRVSPOOL.EXE /S /D

Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window.
IMPORTANT -- Paste only into the bottom input panel (under the Yellow bar), The top panel will not help you.
Right-click and choose Paste.
Click the red Moveit! button.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Now, Double click to open OTMoveIt2 again.
Click the green CleanupUp! button at the top.
Note: it will need to access the internet to download a small script file. Please allow your Firewall to do so.

When it finishes it will have deleted all of its qauarantines, as well as the OTMOVEIT2 program and all created folders.

Reboot the computer.

If any problems still exist due to the infection.

Another tool to fix the Task Manager and other policies that this virus effects.

Download to your Desktop this self-extracting ZIP archive FixPolicies.exe
.

Double-click FixPolicies.exe
Click the Install button on the bottom toolbar of the box that will open.
The program will create a new Folder called FixPolicies
Double-click to Open the new Folder, and then double-click the file named Fix_Policies.cmd
A black box will briefly appear and then close. This will enable your Control Panel, Task Manager and stop any ADMINISTRATIVE warnings.

Quote from: spock on March 05, 2008, 08:38:53 PM

Could have named it Roseanne Roseannadana virus.

This one only says " Nevermind ".......

Solve : New Virus?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment