Trojan:W32/MonaGray.A is a trojan horse that attempts trick victims into downloading a misleading application called Unigray Antivirus. Unigray Antivirus is a "rogue" product and is detected as Rogue:W32/Unigray.A.
Perform full computer check
Follow the steps below:
Note: Please make that your Automatic Updates are enabled and that the definition databases are current.
Remove launch points and other malware entries from the Registry
Follow the steps below:
Repeat the full computer check to make sure the malware was completely removed.
A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:
Check for the latest database updates
First check if your F-Secure security program is using the latest detection database updates, then try scanning the file again.
Submit a sample
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.
Exclude a file from further scanning
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
Note: You need administrative rights to change the settings.
Trojan:W32/MonaGray is the first component of a scam designed to trick victims into purchasing a rogue product. The trojan infects with the intent of drawing attention to itself.It displays the follow message from the System Tray:
MonaGray.A also sets Internet Explorer's title bar to "MonaRonaDona" and disables the system's Task Manager.Its primary purpose is to direct the victim to search for the term MonaRonaDona.Search engines directed to prepared results promoting "Unigray Antivirus".Example from Digg.com:
The only designed purpose of "Unigray Antivirus" is to remove the MonaGray trojan.The rogue product sold for $39.90.
As of March 13, 2008 the Unigray website is unavailable and search engine results for "MonaRonaDona" result in legitimate warnings rather than the rogue's prepared promotions.
Ask questions in our Community .
Check the user guide for instructions.
Submit a Sample
Submit a file or URL for analysis.