[Moon-net] MonaRonaDona
Bob McCormick W1QA
eme at w1qa.com
Mon Mar 3 21:52:46 CST 2008
> Yesterday I done a complete CLEAN reinstall of XP-Pro on another
> Drive and accepted nothing except Microsoft Updates for XP-Pro &
> Office 2003. Nothing Else has been installed
>
> Guess WHAT: MonaRonaDona, or *srvspool.exe* was on my machine this
> AM and running extremely SLOW.
>
> How I noticed it this AM with a couple of Windows Explorer windows
> open, when the Balloon Tip appeared......Balloon Tip said *My
> Documents* MonaRomaDona.
(snip)
I don't know how this one is propagated ... but many worms
and virsuses will use exploits in Windows. To that extent
if you have a vulnerable system - and another system is on
the same subnet looking for systems to infect ...
the system you just rebuilt may have been infected between
the time you installed the bare copy of XP Professional
and the time you got all the updates installed.
If you start from scratch (sorry, again?!) and do a clean install
do it on a network where there are NO other computers. Then get
your system up-to-date by connecting to Windows Update from behind
a firewall - again - with no other systems on the network.
Apply all the updates.
Also don't rule out the fact that Windows isn't the only
software that may be vulnerable -- there could be other
things that you have loaded that could make the system
vulnerable ...
Also - I would strongly recommend that if you use any
system for general purpose browsing and/or if you use
HTML based email (read: evil) then you should run as
a non-priv user on the system.
Many worms, viruses and Trojans will rely on the fact
that (for some reason) users like to be logged in with
full administrator God-like privs ... which gives not
only the user but any intrusive code full priv's to
do anything the user (and code) would like to the system.
(And for sorry - but any replies that say a certain
software package needs admin priv's ... well, that's
a crock - tell the software authors to write software
that doesn't need elevated privs!)
If I have time over the next day or two I'll see if
I can research this one in a little more detail ...
Bob W1QA
More information about the Moon-net
mailing list