Showing results for 
Search instead for 
Did you mean: 


I have a issue with a virus called MonaRonaDona which appeared yesterday. I have tried three virus removal programs and they do nothing including McAfee. If anyone can help with I would appreciate it.

Never post personal info such as email addresses in a public forum for your own safety - MOD
5 Replies
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 2 of 6

RE: MonaRonaDona

It is not as bad as it seems as long as you don't download anything that is specifically designed to remove it, as whatever it is (I haven't yet found it) it's a scam to get money out of you.
According to what I've found it's designed in the hope that you'll purchase a certain "anti-virus" application which actually is only designed to remove it and nothing else.

It isn't anything malicious but rather an annoyance. McAfee has nothing to cover it right now, so I suggest trying the free version o0f either or both these tools:

If neither help, please use Hijackthis to post a log on one of the following forums for expert help.

Do not post the log here, we can't help!


Post the logs at a specialist Forum:








WHAT THE TECH FORUM (Formerly Tom Coyote)

Be sure to read all the sticky announcements/instructions at the top of each malware forum!
Level 9
Report Inappropriate Content
Message 3 of 6

RE: MonaRonaDona

See also: Monagrey
Level 10
Report Inappropriate Content
Message 4 of 6

RE: MonaRonaDona

As Jubo listed above, the 4265 DAT file should include the detection for the (MonaGrey) MonaRonaDona problem. Run a scan using the new DAT and see if it fixes the problems.

If it still doesn't correctly remove the trojan, please try restarting the computer into Safe Mode, then do a search for a file named: "SRVSPOOL.exe". Most folks seem to be finding it in the Start/Programs/Startup, where you can right click the SRVSPOOL.EXE entry and delete it.

Next, check the registry paths below and remove the entry if it's there:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run: "%LOCATION%\SRVSPOOL.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run: "%LOCATION%\SRVSPOOL.exe"

Once that is done, you may need to change the Internet Explorer header to remove "MonaRonaDona" from your upper Title Bar.. That can be done by following the instructions below:

Start/Run and type in "regedit" (without the quotes) followed by enter. Now you are in the registry editor. Do Ctrl-F (find) and type in "monaronadona" (again, without the quotes) and press enter. After a while, it will find the string. Doubleclick the string and change the text to "Microsoft Internet Explorer" (once again, no quotes), hit ok. Exit the registry editor and you're all done!

You may also need to re-enable your taskmanager. Go to the link below and try #51 from the right column. Click on "enable the task manager." This makes a change to your registry (harmless) that will re-enable the task manager.

Hope this helps.


Alternative removal (Advanced users)

You can download FileASSASSIN from

open FileASSASSIN and browser C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SRVSPOOL.exe and click open.FileASSASSIN will ask you if you want to delete the file click yes.

This message is more of a annoyance than to term it a trojan, because Kaspersky Labs have released a possible fix and when trying to fix the issue, it gives the Security Threat as low.

Please confirm this and correct me if wrong.

Level 10
Report Inappropriate Content
Message 6 of 6

RE: Alternative removal (Advanced users)

Well, certainly, it's not a "virus" because it doesn't have a mechanism for spreading but unfortunately, damage is being done when this particular problem is on the machine. "MonaRonaDona" is being written into the Internet Explorer title bar....Multiple files are written to the system.... Task Manager has been disabled on most machines... and many program files will not run after it's installed.. Although it's not a standard trojan that tries to "phone home", it appears as if MonaDonaRona is indeed attempting to lure users into purchasing a useless antivirus program/FraudTool known as Unigrey.. "Scamware", "Trojan" ...take your pick.

A few of the other writeups about the malware are below:

McAfee Calls It A Trojan-Monagrey

Trojan.Win32.Monagrey.a- Kaspersky Calls It A Trojan weblog

Trojan.Monagray Symantec Calls It A Trojan-Writeup About Unigrey

Symantec's Listing for Trojan.Monagray

Hope this helps.


Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community