MonaRonaDona virus

Status
Not open for further replies.
i had it yesterday on my dads xp laptop. But the remover tool from that guy in Mexico sorted it for me.
Another method is to reboot in safe mode and delete the srvspool.exe.
I see you are using vista. Maybe its different.
 
Hi chaoslegend,

If you want to see about getting rid of it then follow all the steps HERE and post back with the three requested logs as attachments.

Good luck,
Kritius
 
Post a Hijackthis log, this does not sound as if it is fixed but possibly one of the symptems.

You dont really have anything to lose. How do you think that you fixed it?
 
I highly doubt you fixed it. You may have gotten rid of some of the symptoms.

Highjackthis Instructions
  • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
  • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
  • After installing, the program launches automatically, select Scan now and save a log
  • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.
    ***Under no circumstances should you add any items to the HJT ignore list. Under no circumstances should you change the directory that highjackthis downloads to. Under no circumstances should you Fix anything without specific instruction to do so. Under no circumstances should you click any buttons other that specified in the directions including AnalyzeThis!***

Download OTMoveIt2 by OldTimer.

* Save it to your desktop
* We will use this after you post a Hijackthis log

These instructions are for the use of chaoslegend only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Launch Hijackthis and select Do a System Scan Only and put check marks next to:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MonaRonaDona
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Program Files\RegistryCleanFix2008\RegistryCleaner2008.exe
O4 - HKCU\..\Run: [Windows] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRVSPOOL.exe
O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)

Then select Fix Checked

Close Hijackthis
--------------------------------------------------------------------------------------------------------
  • Right Click OTMoveIt2.exe and choose Run As Administrator).
  • Copy the lines in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Window Title
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Window Title
HKEY_CURRENT_USER\Software\Microsoft\Outlook Express\\Window Title
C:\Program Files\RegistryCleanFix2008
C:\Program Files\UniGray Antivirus
C:\Documents and Settings\All Users\SRVSPOOL.EXE /S /D
C:\Users\SRVSPOOL.EXE /S /D
Click to expand...

  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window.
    IMPORTANT -- Paste only into the bottom input panel (under the Yellow bar), The top panel will not help you.
  • Right-click and choose Paste.
  • Click the red Moveit! button.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Now, Double click to open OTMoveIt2 again.
Click the green CleanUp! button at the top.
Note: it will need to access the internet to download a small script file. Please allow your Firewall to do so.

When it finishes it will have deleted all of its quarantines, as well as the OTMOVEIT2 program and all created folders.

Reboot the computer.
---------------------------------------------------------------------------------------------------------
After Reboot

run Hijackthis Do a System Scan and Save a log and attach it back here
 
After restarting, i cant open Hijack this it says "Hijack This is already running" i tried restarting again, but it still say that
 
Go to Start -> Control Panel -> Programs and Features -> Highlight Hijackthis and select uninstall at the top

After it is uninstalled.

Highjackthis Instructions
  • download from HERE
  • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
  • After installing, the program launches automatically, select Scan now and save a log
  • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.
 
Looks like that did it for the infection. Are you having any more problems, if so please use this thread. Now to tighten up your security you should install the latest version of java.

Update your Java Runtime Environment
  • First try going to Start -> Control Panel -> double click Java
  • Select the Update TAb at the top
  • Click the Check for Updates button at the bottom
  • If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
  • After it installs the newest version Go back to Control Panel -> Programs and features
  • Uninstall any older versions of Java by highlighting and clicking uninstall

If for some reason you couldn't update through the above instructions.
  • Click the following link
    Java Runtime Environment 6 Update 5
  • The 4th option down is the one you want (click Download)
  • Check the box to agree to terms of service
  • Check the box for your operating system and click 'Download selected'at the bottom
  • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
  • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder
-------------------------------------------------------------------------------------------------------
I would also check for windows updates through Start-> control panel -> Windows Update
 
I already have the lastest verison of Java, but whenever i open Internet Explorer, it wont load, then it wont respond anymore
 
Your last log shows you having java 6 update 1 the current version is java 6 update 5.

Download to your Desktop this self-extracting ZIP archive FixPolicies.exe

• Double-click FixPolicies.exe
• Click the Install button on the bottom toolbar of the box that will open.
• The program will create a new Folder called FixPolicies
• Double-click to Open the new Folder, and then double-click the file named Fix_Policies.cmd
• A black box will briefly appear and then close. This will enable your Control Panel, Task Manager and stop any Administrative warnings.
 
Your very welcome if you have any more issues please let us know.

The instructions given in this thread are for the use of chaoslegend only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
537
Mark Fuller
M
Daniel Sims
Facial recognition software discovered in college campus vending machines
Replies
14
Views
353
Gareeth
G
T
Windows Logon Password Box Fully Populated Coming Out of Hibernation, Why?
Replies
1
Views
460
Nelson28
N

Latest posts

Back