Yes I have already been involved with this one.
Removal instructions. First: Have Hijackthis fix these entries (if found)
- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MonaRonaDona
- O4 - HKLM\..\Run: [.NET.] \FUD.exe
- O4 - Global Startup: SRVSPOOL.exe
- O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Program Files\RegistryCleanFix2008\RegistryCleaner2008.exe
Second:
Download
OTMoveIt2 by OldTimer.
- Save it to your desktop.
- Double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Window Title
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Window Title
HKEY_CURRENT_USER\Software\Microsoft\Outlook Express\\Window Title
C:\Program Files\RegistryCleanFix2008
C:\Program Files\UniGray Antivirus
C:\Documents and Settings\All Users\SRVSPOOL.EXE /S /D
C:\Users\SRVSPOOL.EXE /S /D
- Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window.
IMPORTANT -- Paste only into the bottom input panel (under the Yellow bar), The top panel will not help you.
Right-click and choose Paste.
- Click the red Moveit! button.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose
Yes. Now, Double click to open
OTMoveIt2 again.
Click the green
CleanupUp! button at the top.
Note: it will need to access the internet to download a small script file. Please allow your Firewall to do so.
When it finishes it will have deleted all of its qauarantines, as well as the OTMOVEIT2 program and all created folders.
Reboot the computer.If any problems still exist due to the infection.Another tool to fix the Task Manager and other policies that this virus effects.
Download to your
Desktop this self-extracting ZIP archive
FixPolicies.exe .
- Double-click FixPolicies.exe
- Click the Install button on the bottom toolbar of the box that will open.
- The program will create a new Folder called FixPolicies
- Double-click to Open the new Folder, and then double-click the file named Fix_Policies.cmd
- A black box will briefly appear and then close. This will enable your Control Panel, Task Manager and stop any Administrative warnings.
