Trojan:W32/MonaGray.A

Classification

Malware

Trojan

W32

Trojan:W32/MonaGray.A, Trojan:W32/MonaGray.A

Summary

Trojan:W32/MonaGray.A is a trojan horse that attempts trick victims into downloading a misleading application called Unigray Antivirus. Unigray Antivirus is a "rogue" product and is detected as Rogue:W32/Unigray.A.

Removal

Trojan Disinfection

Perform full computer check

Follow the steps below:

  • 1. Open F-Secure
  • 2. Select the "Virus & Spy Protection" button
  • 3. Click the link for "Scan my computer..."
  • 4. Select "Perform full computer check" from the list
  • 5. Please note the path and filenames of the malware found
  • 6. Delete/Remove all files detected

Note: Please make that your Automatic Updates are enabled and that the definition databases are current.

Remove launch points and other malware entries from the Registry

Follow the steps below:

  • 1. From the Start Menu; select Run; type "regedit" into the Open: field; click OK.
  • 2. Once the Registry Editor has launched, navigate to the following registry keys:
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunLocate and delete the value:"Windows" = {path and filename of the malware found}
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MainLocate and delete the value:"Window Title" = "MonaRonaDona"
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersionLocate and delete the value:"SD" = {random numbers}
  • 3. Restore any modified registy value if needed:
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System"DisableTaskMgr" = "1" to "DisableTaskMgr" = {previous value}
    • Note: If you have Task Manager enabled on your system by default, you may simply delete the value:"DisableTaskMgr" = "1"

Repeat the full computer check to make sure the malware was completely removed.

Find out more

Knowledge Base

Find the latest advice in our Community Knowledge Base.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Trojan:W32/MonaGray is the first component of a scam designed to trick victims into purchasing a rogue product. The trojan infects with the intent of drawing attention to itself.It displays the follow message from the System Tray:

MonaGray.A also sets Internet Explorer's title bar to "MonaRonaDona" and disables the system's Task Manager.Its primary purpose is to direct the victim to search for the term MonaRonaDona.Search engines directed to prepared results promoting "Unigray Antivirus".Example from Digg.com:

The only designed purpose of "Unigray Antivirus" is to remove the MonaGray trojan.The rogue product sold for $39.90.

As of March 13, 2008 the Unigray website is unavailable and search engine results for "MonaRonaDona" result in legitimate warnings rather than the rogue's prepared promotions.

Date Created: -

Date Last Modified: -