- How to make new stuff from your piles of obsolete tech
- Why your computer sucks
- 10 recession-proof IT skills
- Juniper execs share network vision
- 9-year-old plots his fifth Microsoft certification
If your computer gets infected with a Trojan called the "MonaRonaDona virus," be careful with what you use to wipe it off your computer, says antimalware software provider Kaspersky Lab. MonaRonaDona is part of an elaborate scam to sell fake antivirus software, Kaspersky researchers say.
Unlike most viruses and Trojans which try to go about their evil task as invisibly as possible, the MonaDonaRona Trojan displays a broadly visibly message in front of the victim. It says, “Welcome to MonaRonaDona. I am a Virus & I am here to wreck your PC. If you observe strange behaviour with your PC, like program Windows disappearing, etc., it’s me who’s doing this.” The message claims it’s all part of a human rights protest.
But according to Kaspersky Lab researcher Roel Schouwenberg, MonaRonaDona is mainly a way to panic victims, who then may start a Web search to find out more about it, only to find fake online stories and bogus commentary that instruct victims to use fake antivirus tools — the prominent one being called Unigray, available from the Unigray.com Web site, for about $39.00.
“There was a link at Digg and at YouTube promoting it,” says Schouwenberg, who writes about it Monday in a Kaspersky Lab blog posting.
While fake antivirus software scams have cropped up in the past, the MonaRonaDona scam may be unprecedented in terms of its reliance on social engineering in the online world to get victims to download software that removes the MonaRonaDona message but may still be in itself dangerous.
As to how the MonaRonaDona Trojan manages to propagate, Kaspersky Lab sees a link with another piece of “fake” software called RegistryCleaner 2008.
“We’re still researching this but it may be connected with this,” says Schouwenberg, who calls the MonaRonaDona Trojan of the past week to be among the most elaborately orchestrated scams he’s seen.
The bottom line is to clean computers with software from valid antimalware vendors that can detect the bad code, he adds. (Compare Antivirus products.)
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (9)
its not registrycleanerBy johngimp on March 4, 2008, 6:36 pmhi i checked registrycleaner 2008 and is clean and safe, they are not connected with this virus..
Reply | Read entire comment
MonaRonaDonaBy Anonymous on March 4, 2008, 6:55 pmI had downloaded and removed Registry Cleaner 2008 at an earlier date. I got the virus. When I did finally get rid of it I found Registry Cleaner 2008 was STILL...
Reply | Read entire comment
Registry Cleaner 2008By Anonymous on March 5, 2008, 7:25 amyour Registry Cleaner was infected thats why it got wiped out, you need to down load a new clean version of it and run it, if you registered it then all you need...
Reply | Read entire comment
monaronadonaBy Anonymous on March 6, 2008, 2:14 pmI found nothing could remove it then i downloaded unigray antivirus this removed it straight away. It only costs £20. Even though i had norton this didnt pick it...
Reply | Read entire comment
get rid of monaronadonaBy Anonymous on March 6, 2008, 6:16 pmis there anyway to get rid of monaronadona without downloading a software or buying a virus protecter?
Reply | Read entire comment
UNIGRAY SOFTWARE IS A SCAM!!! The virus installs an executable SBy Anonymous on March 8, 2008, 1:32 pmUNIGRAY SOFTWARE IS A SCAM!!! The virus installs an executable SRVSPOOL.EXE in the startup folder of the all users account. Click Start/Programs/Startup, right click...
Reply | Read entire comment
View all comments