monaronadona trojan problems

  malynx 18:44 05 Mar 2008
Locked
Answered

Hi

I recently had a PC (Windows XP Entertainment edtn) that was infected by the monaronadona trojan, (aka trojan.monagrey).

Symantec released a definition for this malware yesterday, and it was supposedly removed by Norton AntiVirus.

Unfortunately there is still two pieces of evidence of the infection (that are immediately noticeable):
- "- mona rona dona" is displayed in the title bar of Internet Explorer (IE7).
- Task Manager won't run, instead displaying the message, "Task Manager has been disabled by the administrator".

Further details regarding the Task Manager issue:
there is only one account on this PC, and that is supposedly administrator account.

Subsequent anti-virus scans haven't found any viruses, and a system search for the srvspool.exe file returns no results.

So my questions:
1 - Is the virus still present, or do I just need to correct the changes caused by the previous infection.
2 - According to the removal instructions (at Symantec) System Restore has been turned off, thus deleting all restore points.
So how do I remove these remaining traces and restore my system?

I have searched this problem, but none of the advice seems to go this far - stopping with removing the desktop message.
I have found an application that purportedly fixes task manager (at kellys-korner-xp.com) but am not familiar with this site and therefore reluctant to download and execute that file.

Would uninstalling and reinstalling IE7 be an adequate solution for the title bar issue?
(Although this issue may be present in other applications too).

Any help and advice is much appreciated,
Thankyou.

  mfletch 18:47 05 Mar 2008

The virus installs an executable SRVSPOOL.EXE in the startup folder of the all users account.

Click Start/Programs/Startup, right click the SRVSPOOL.EXE entry and delete it

mfletch

  malynx 18:54 05 Mar 2008

Thanks mfletch - the SRVSPOOL.EXE file appears to have been removed - it is no longer present in the Startup folder and a system search returns no results. An anti virus scan also no longer finds the trojan.

However, at least two of the symptoms of the infection clearly remain:
1) Task Manager will not run.
2) Internet Explorer (and possibly other applications) displays "- Mona Rona Dona" in the titlebar.

  Fruit Bat /\0/\ 18:59 05 Mar 2008

Method 1

Click Start, Run and type this command exactly as given below: (better - Copy and paste)

Method 2

Download and run this REG fix click here and double-click it.

Method 3

* Click Start, Run and type Regedit.exe
* Navigate to the following branch:

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies\ System

* In the right-pane, delete the value named DisableTaskMgr
* Close Regedit.exe

Method 4: Using Group Policy Editor - for Windows XP Professional

* Click Start, Run, type gpedit.msc and click OK.
* Navigate to this branch:

User Configuration / Administrative Templates / System / Ctrl+Alt+Delete Options / Remove Task Manager

* Double-click the Remove Task Manager option.
* Set the policy to Not Configured.

  Fruit Bat /\0/\ 19:03 05 Mar 2008

Change Title Bar
Start, Run, Regedit, enter.

Expan HKEY, CurrentUser, Software, Microsoft, Internet Explorer, Main.

Highlight Main, On the right scroll down to Window Title.

Highlight Window Title. Right click, Modify and change it to what you like. Click OK.

  malynx 19:09 05 Mar 2008

Thanks for the Task Manager solutions Fruit Bat - but you forgot the paste command for Method 1! :D

How trustworthy is the site on Method 2?

Will try method 3 first - but it's a different pc to the one I'm currently using.

Thanks again.



This leaves the Title Bar issue. :(

  malynx 19:11 05 Mar 2008

LoL - a title bar solution while I was posting.

Thanks again, Fruit Bat.

  Fruit Bat /\0/\ 19:15 05 Mar 2008

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

2
very reliable it is an MS site

  malynx 19:27 05 Mar 2008
Answer

Thank you Fruit Bat:

Task manager problem - SOLVED by method 3.

Title bar problem - SOLVED too.

:)

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5 review

50 best online Adobe XD tutorials

iPad Pro 10.5in (2017) review

Comment connecter un MacBook à une TV ?