[Moon] [Moon-net] MonaRonaDona

Darrell ve1alq at nbnet.nb.ca
Tue Mar 4 15:26:05 CET 2008 

Hi Bob & ALL;
I am now totally clean on all machines, and working fine,
UniGRAY is a Hoax.........I did run it, but never  purchased 
it.......It would have torn my System and all installed software 
completely apart.

I downloaded it and ran it......it found 18 occurrences of it in the 
FIRST Folder it scanned.
Then a bunch in another Folder.......I said what the H%$#, so I shut 
it down, even on the shutdown of UniGRAY it tried to  get you buy it.

Now I Renamed those Folders to DarrellMacromedia or what ever they 
were......re scanned them and it FOUND NOTHING??????

I then decided it was reading the Registry then tagging at 
random.......because those Folders, Darrell????   did not exist in 
the Registry.    UniGray appeared at approx. the same date as the 
Worm appeared which was approx 3 days before it nailed me.
My ISP had NOT even heard about it until I called them to see what 
they knew.....NOTHING, hi hi.

RegistryCleaner 2008 this was a Joke........it scanned everything in 
a couple of seconds, then told me it would NOT Do A COMPLETE SCAN 
until I purchased it........I DID NOT.

All is well here now since *RemoveMonaRonaDona.exe was applied.   I 
notice now someone has published a Script File to do the same 
thing.........This Script is *RemoveMonaRomaDona.exe*  de-compiled.

Looking for Credits I guess, hi hi.

Regards & GL To ALL.....I am now clean without a Reinstall, Thanks to 
*RemoveMonaRonaDona.exe*   Sorry I had not waited a couple of Days 
until this had appeared, I would not have had to do the Reinstall at 
all, guess I was infected through my IE7 Browser to early????

Darrell


At 11:52 PM 3/3/2008, Bob McCormick W1QA wrote:

> > Yesterday I done a complete CLEAN reinstall of XP-Pro on another
> > Drive and accepted nothing except Microsoft Updates for XP-Pro &
> > Office 2003.  Nothing Else has been installed
> >
> > Guess WHAT:   MonaRonaDona, or  *srvspool.exe* was on my machine this
> > AM and running extremely SLOW.
> >
> > How I noticed it this AM with a couple of Windows Explorer windows
> > open, when the Balloon Tip appeared......Balloon Tip said *My
> > Documents* MonaRomaDona.
>(snip)
>
>I don't know how this one is propagated ... but many worms
>and virsuses will use exploits in Windows.  To that extent
>if you have a vulnerable system - and another system is on
>the same subnet looking for systems to infect ...
>the system you just rebuilt may have been infected between
>the time you installed the bare copy of XP Professional
>and the time you got all the updates installed.
>
>If you start from scratch (sorry, again?!) and do a clean install
>do it on a network where there are NO other computers.  Then get
>your system up-to-date by connecting to Windows Update from behind
>a firewall - again - with no other systems on the network.
>Apply all the updates.
>
>Also don't rule out the fact that Windows isn't the only
>software that may be vulnerable -- there could be other
>things that you have loaded that could make the system
>vulnerable ...
>
>Also - I would strongly recommend that if you use any
>system for general purpose browsing and/or if you use
>HTML based email (read: evil) then you should run as
>a non-priv user on the system.
>
>Many worms, viruses and Trojans will rely on the fact
>that (for some reason) users like to be logged in with
>full administrator God-like privs ... which gives not
>only the user but any intrusive code full priv's to
>do anything the user (and code) would like to the system.
>
>(And for sorry - but any replies that say a certain
>software package needs admin priv's ... well, that's
>a crock - tell the software authors to write software
>that doesn't need elevated privs!)
>
>If I have time over the next day or two I'll see if
>I can research this one in a little more detail ...
>
>Bob W1QA
>
>
>
>
>_______________________________________________
>Moon-Net posting and subscription instructions are at 
>http://www.nlsa.com/nets/moon-net-help.html
>
>
>--
>No virus found in this incoming message.
>Checked by AVG Free Edition.
>Version: 7.5.516 / Virus Database: 269.21.4/1310 - Release Date: 
>3/4/2008 8:35 AM
>
>
>
>
>--
>No virus found in this incoming message.
>Checked by AVG Free Edition.
>Version: 7.5.516 / Virus Database: 269.21.4/1310 - Release Date: 
>3/4/2008 8:35 AM


-- 
No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.516 / Virus Database: 269.21.4/1310 - Release Date: 3/4/2008 8:35 AM

More information about the Moon mailing list