MonaRonaDona

From Wikipedia, the free encyclopedia

MonaRonaDona

Common name	MonaRonaDona
Technical name	MonaRonaDona
Aliases	TROJ_MONAGRAY.A
Family	Vundo Trojan
Classification	Browser Hijacker
Type	Microsoft Windows
Isolation	First isolation date not known.
Point of Origin	Unknown
This box: view • talk • edit

MonaRonaDona is a browser hijacker that goes undetected by virus detection tools. . MonaRonaDona uses unique tactics through popups or alert messages stating that you are infected with a virus. It uses this sarcastic message to send users on a hunt for a MonaRonaDona remedy only to run into other malicious websites that may have been created by the designers of MonaRonaDona.

Contents 1 Vendor Description 2 Infection 3 Symptoms 4 Known Variants 5 Removal 6 References 7 See also 8 External links

[edit] Vendor Description

MonaRonaDona is known to come from various rogue programs such as Registry Clean Fix and Unigray Anti-Virus.

[edit] Infection

MonaRonaDona is usually downloaded through a the Unigray Anti-Virus program or certain ads for Registry Clean Fix. MonaRonaDona remains inactive at times and is left undiscoverable by anti-virus programs. MonaRonaDona uses stealth tactics only presenting itself with an infection message.

[edit] Symptoms

MonaRonaDona displays the following false warning message in an attempt to scare users into searching for a fix.

“Hi, My name is MonaRonaDona. I am a Virus & I am here to Wreck Your PC. If you observe strange behavior with your PC, like program windows disappearing etc, it’s me who is doing all this. I was created as a protest against the Human Rights Violation being observed throughout the world & the very purpose of my existence is to remind & stress the world to respect humanity.”

This message sends computer users searching the internet with the likelihood of them running into another malicious website spending their money on something bogus.

MonaRonaDona installs the following: Registry Keys

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MonaRonaDona

HKEY_LOCAL_MACHINE\SOFTWARE\MonaRonaDona.com HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Window Title HKEY_CURRENT_USER\Software\Microsoft\Outlook Express\\Window Title HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Window Title HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System\\DisableTaskMgr HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System\\DisableTaskMgr

[edit] Known Variants

MonaRonaDona behaves unlike other known Rogue software. MonaRonaDona has its own characteristics and may come from the rogue software Unigray Antivirus. MonaRonaDona was also identified as the TROJ_MONAGRAY.A trojan infection.

[edit] Removal

Various anti-spyware removal tools have been known aid in the removal of MonaRonaDona. SmitFraudFix is a commonly used tool for removal of MonaRonaDona and other malware infections. It can also manually be removed by doing the following:

1. Right-click on your start button and clicking "Open all users"

2. Go to programs

3. Go to startup

4. Delete "SRVSPOOL.exe"

5. Go to Recycle bin and delete it for good

[edit] References

• TrendMicro Blog - The Art, Drama, and Sophistication of MonaRonaDona
• washingtonpost.com - The MonaRonaDona Extortion Scam
• MonaRonaDona - The Pure Social Engineering Scam - Symantec

[edit] See also

• Malware
• Spyware
• Adware
• Rogue software
• Wikipedia's Spyware removal category

[edit] External links

• Non-Techie Removal Guide for MonaRonaDona
• UnigrayAntiVirus ‘MonaRonaDona’ Scam
• MonaRonaDona "virus
• answers.yahoo.com How do i get rid of monaronadona on top bar of my homepage