March 4, 2008 (Symantec Security Response Weblog) - "We have analysed samples of malware that is calling itself 'MonaRonaDona'... it seems the sole purpose of the malware is to prompt the user to enter the term "MonaRonaDona" into a search engine. This is an attempt to lead them to an application that can remove the unwelcome threat - a fix that has obviously been conveniently provided by the very people who created the virus in the first place. When the Trojan executes, it creates the file SRVSPOOL.EXE in the startup folder of all user accounts... Once the user enters the name 'MonaRonaDona' into an Internet search engine, some of the top search results will be the "fix" that the malware authors have - in all probability - also conveniently created in order to solve the problem... this is a scam and warn victims against downloading the Trojan author's application created to remove the malware, which they were charging US$39.90 for (the Unigray Web site was down at the time of writing). While the software does in fact remove the MonaRonaDona Trojan - it is the ONLY malware it removes, despite the fact that it (falsely) reports to have cleaned over 200 other threats..."
(Screenshots available at the URL above.)