MonaRonaDona

MonaRonaDona
Technical nameMonaRonaDona
AliasTROJ_MONAGRAY.A
TypeMicrosoft Windows
ClassificationBrowser Hijacker
FamilyVundo Trojan
OriginUnknown

MonaRonaDona is a browser hijacker that uses unique tactics through popups or alert messages stating that you are infected with a virus.[1][2][3] It uses this message to send users on a hunt for a MonaRonaDona remedy only to run into other malicious websites.[2][3]

Vendor description

[edit]

MonaRonaDona is known to come from various rogue programs such as Registry Clean Fix and Unigray Anti-Virus.

Infection

[edit]

MonaRonaDona is usually downloaded through the Unigray Anti-Virus program or certain ads for Registry Clean Fix. MonaRonaDona remains inactive at times and is left undiscoverable by anti-virus programs. MonaRonaDona uses stealth tactics only presenting itself with an infection message.

Symptoms

[edit]

MonaRonaDona displays the following false warning message in an attempt to scare users into searching for a fix.

“Hi, My name is MonaRonaDona. I am a Virus & I am here to Wreck Your PC. If you observe strange behavior with your PC, like program windows disappearing etc, it’s me who is doing all this. I was created as a protest against the Human Rights Violation being observed throughout the world & the very purpose of my existence is to remind & stress the world to respect humanity.”

This message sends computer users searching the internet with the likelihood of them running into another malicious website spending their money on something bogus.

MonaRonaDona installs the following Windows registry keys:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MonaRonaDona
  • HKEY_LOCAL_MACHINE\SOFTWARE\MonaRonaDona.com
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Window Title
  • HKEY_CURRENT_USER\Software\Microsoft\Outlook Express\\Window Title
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Window Title
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr

Known variants

[edit]

MonaRonaDona behaves unlike other known Rogue software. MonaRonaDona has its own characteristics and may come from the rogue software Unigray Antivirus. MonaRonaDona was also identified as the TROJ_MONAGRAY.A trojan infection.

See also

[edit]

References

[edit]
  1. ^ "The Art, Drama, and Sophistication of MonaRonaDona | TrendLabs | Malware Blog - by Trend Micro". Archived from the original on 2008-03-12. Retrieved 2008-03-12. TrendMicro Blog
  2. ^ a b Krebs, Brian (March 3, 2008). "The MonaRonaDona Extortion Scam". Blog.washingtonpost.com. Archived from the original on 2008-05-15. Retrieved 2022-07-03.
  3. ^ a b "Symantec Security Response Weblog: "MonaRonaDona" - the Pure Social Engineering Scam". Archived from the original on 2008-03-10. Retrieved 2008-03-12.