Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91850 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

MonaRonaDona and rogue Unigray


  • Please log in to reply
1 reply to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 04 March 2008 - 05:44 AM

FYI...

- http://preview.tinyurl.com/2m8h33
March 4, 2008 (Symantec Security Response Weblog) - "We have analysed samples of malware that is calling itself 'MonaRonaDona'... it seems the sole purpose of the malware is to prompt the user to enter the term "MonaRonaDona" into a search engine. This is an attempt to lead them to an application that can remove the unwelcome threat - a fix that has obviously been conveniently provided by the very people who created the virus in the first place. When the Trojan executes, it creates the file SRVSPOOL.EXE in the startup folder of all user accounts... Once the user enters the name 'MonaRonaDona' into an Internet search engine, some of the top search results will be the "fix" that the malware authors have - in all probability - also conveniently created in order to solve the problem... this is a scam and warn victims against downloading the Trojan author's application created to remove the malware, which they were charging US$39.90 for (the Unigray Web site was down at the time of writing). While the software does in fact remove the MonaRonaDona Trojan - it is the ONLY malware it removes, despite the fact that it (falsely) reports to have cleaned over 200 other threats..."

(Screenshots available at the URL above.)

:ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

    Advertisements

Register to Remove


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 04 March 2008 - 08:26 AM

Removal:

> http://www.dslreport...aRonaDona-virus
2008-03-01
:thumbup:

- http://blog.trendmic...f-monaronadona/
March 6, 2008 - "...Unconfirmed reports of initial infection happens when users click on a certain ad banner for Registry Clean Fix, a possible rogue program, to initiate stealth download of MonaRonaDona onto a system. The malware remains inactive (and impervious to detection) until users restart their systems.... Trend Micro advises users to refrain from clicking ad banners, which might lead to unexpected download of malicious files on a system or redirection to a malicious Web site. Trend Micro also implores users to be more wary of new social engineering techniques being practiced in the wild."

Edited by AplusWebMaster, 06 March 2008 - 11:25 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users