[Moon-net] Mona

[Darrell]

Hi Dave, and for others as well.
I understand from the Internet that this Virus originated in 
Indonesia and there are several versions, or titles for it.  Many, 
many Computers have been hit World wide.

This one today acted totally different in performance than the first 
one 3 days ago, this one had no large Window on the Desk Top, just in 
the Balloon Tip and killed nearly everything from opening....except 
very, very slowly.

I found it in two locations, one in my C:\ Program Files, and it 
allowed me to delete it, the second one was in System32 Directory and 
when Right clicked to delete........slowly disappeared until you 
moved your Mouse off of it.....there it was as BIG as life again, 
sneaky little devil.
*RemoveMonaRonaDoma.exe*  KILLED it, and so far all is fine again, 
for how long????  XYL's machine is still clean today.....so far.
My Big Dual processor Machine down stairs has not been turned on 
since I acquired this Virus, and will stay that way until????

I use XP-Pro and 2 other machines on the Home network are fire walled 
and require Pass word to access, which I rarely access at all.  All 
Computers connect directly to the Internet through their own 
connection to the Gate way and  DSL Rotor, which again is fire 
walled. NOT WIRELESS Connected.

I also use Zone Alarm Pro Suite on all Computers and have it settings 
such that I can not Drag or install software across a Parathion 
without giving it permission to allow me, and then it is scanned.

Zone Alarm quarantines any E-mail attachments that are .zip  .exe, 
.rar, etc, etc & etc. and retains them until I know who the sender 
was, and I may still leave them there???

The Re-install was done on a clean formatted Drive and when I went 
Bed was fine after uSoft spent hours doing updates to XP-Pro with SP2 
imbedded (purchased that way from uSoft) years ago & Office 2003.

Ok  MUST run 14" snow in the Drive and a Broken Tractor, on Snow Blower

Regards & Thanks, Darrell... BTW Thanks for all the comments Folks, 
Biased or Otherwise, hi

At 02:43 PM 3/2/2008, you wrote:


>Hello Darryl
>
>This seems to be the most sensible thread I've found on this problem.
>
>BTW: are you installing XP Pro or XP Home?
>
>Regarding your XP reinstall "on another drive" - was the previously
>infected drive still in the PC and connected up?
>
>It would appear from all i've read that srvspool.exe is the culprit.
>The infection is simply that executaable being IPL'd from the 'Startup'
>group.
>
>What is interesting to me is the apparent migration/cross infection of
>the other PCs.  Do you operate your machines in a Windows WORKGROUP or a
>(NT or AD) Domain?
>Does your account have a 'roving profile' stored on the server?
>Do you log on as 'your-account' at more than one PC on the network?
>
>Cheeers
>-Dave
>--
>Dave Gilligan, G1OGY
>_______________________________________
>
>United Kingdom.  JO01GR
>WWW: <www.g1ogy.com> <www.m1cro.org.uk>
>GSM: +44 (0)7764 784627
>
>
>--
>No virus found in this incoming message.
>Checked by AVG Free Edition.
>Version: 7.5.516 / Virus Database: 269.21.3/1306 - Release Date: 
>3/1/2008 5:41 PM
>
>
>
>
>--
>No virus found in this incoming message.
>Checked by AVG Free Edition.
>Version: 7.5.516 / Virus Database: 269.21.3/1306 - Release Date: 
>3/1/2008 5:41 PM


-- 
No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.516 / Virus Database: 269.21.3/1306 - Release Date: 3/1/2008 5:41 PM