MonaRonaDona

Discussion in 'Malware Help (A Specialist Will Reply)' started by dlb, Feb 29, 2008.

  1. dlb

    dlb MajorGeek

    This is apparantly some new virus/malware. A search at Yahoo turned up next to nothing. It hijacks IE's title bar, disables the task manager, and will eventually remove admin priveleges to where nothing will work. I'm working on a PC now that has this... part of the infection is a text window above the clock that says this:
    Yup. That's what it says. Funny how it talks about respecting people, but opens with "I'm here to wreck your PC". That doesn't sound respectful to me. Anyway, it's a freekin' nightmare. This is a heads up more than a request for help.
     
    dlb, Feb 29, 2008
    #1
  2. dlb

    dlb MajorGeek

    UPDATE- it's gone. If anyone out there gets this one, remove it as soon as possible (duh!) as it does more damage the longer it sits on the PC. Here's how I got rid of it:
    0. turn off System Restore.
    1. remove all temp files with a deep scanner (I used Stephen Gould's free and excellent CleanUp! http://www.majorgeeks.com/CleanUp_d4895.html)
    2. run a complete scan with SUPER Antispyware with updated definitions (http://www.majorgeeks.com/SUPERAntiSpyware_d5116.html)
    3. reboot when prompted.
    4. I used an older version FixIEDef run in safe mode. The one linked to here at MG errored out and wouldn't run. Reboot when done.
    5. ran RRT to fix the task manager (http://www.majorgeeks.com/RRT_Remove_Restrictions_Tool_d5635.html this will connect to sergiwa dot com when it finishes running; it's normal so don't be alarmed)
    6. ran HijackThis 1.99.1 and fixed the remaining MonaRonaDona entry.
    7. reboot and enable system restore.
    At this point, running another scan or two with updated software (AntiVir or AVG or AdAware or whatever floats your boat) isn't a bad idea. I performed all of the above steps with the ethernet cable unplugged from the PC except when needed to update SUPER Antispyware just be sure it wouldn't spread through my (small) home network. I got to this infection early in it's life cycle, later would have been much worse I think. I have no idea where the PC's owner picked this up, so I can't warn you with specific web sites, just be careful, as always. Well, that's it, good luck, and beware the Mona ;)
     
    dlb, Feb 29, 2008
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Thanks for letting us know about this malware and how you fixed it. I believe the READ & RUN ME procedure will automatically do everything you mentioned and more and should result in logs that can be used to finish off any remaining issues.

    Note: HJT 1.99.1 is out of date now.

    Also note that there is quite abit of info already on the net about this. Ex: http://www.google.com/search?q=MonaRonaDona
     
    chaslang, Mar 1, 2008
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds