[antivirus software] How To Easily Remove the MonaRonaDona 'Virus'

The MonaRonaDona Trojan is designed to scam infected users into shelling out $40 for a bogus scanner dubbed Unigray Antivirus. The scammers completed the hoax by positioning several forum posts from alleged victims touting the bogus Unigray Antivirus as a miracle cure for the MonaRonaDona 'virus'. In reality, removal is very simple and requires absolutely no tools, nor parting with any of your hard-earned cash. Just boot into safe mode and follow the directions below.

Difficulty: Easy

Time Required: 15 minutes

Here's How:

1. If you haven't already done so, boot into safe mode.

2. Search for and delete the following folder, if found:

   C:\Program Files\UniGray Antivirus

   You may also wish to delete the following:

   C:\Program Files\RegistryCleanFix2008

3. Search the global startup folder for the following file and delete the file if found:

   SRVSPOOL.EXE

   By default, the global startup folder location is
   C:\Documents and Settings\All Users\Start Menu\Programs\Startup

4. Click Start, click Run, type REGEDIT, and click OK. The Registry Editor will now open.

   Note: To avoid unwanted page wrapping, the following abbreviations are used in the steps below:

   HKCU = HKEY_CURRENT_USER
   HKLM = HKEY_LOCAL_MACHINE

5. To fix the title bar changes to Internet Explorer and Outlook Express caused by MonaRonaDona, browse to the following keys and delete the values indicated:

   HKCU\Software\Microsoft\Internet Explorer\Main
   Delete value: Window Title

   HKLM\Software\Microsoft\Internet Explorer\Main
   Delete value: Window Title

   HKCU\Software\Microsoft\Outlook Express
   Delete value: WindowTitle

6. To regain access to Task Manager, which was disabled by MonaRonaDona, browse to the following keys and delete the values indicated:

   HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
   Delete value: DisableTaskMgr

   HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
   Delete value: DisableTaskMgr

7. You may also wish to delete the following:

   HKCU\Software\Microsoft\Windows\CurrentVersion\Run
   Delete value: RegistryCleanFixMFC

8. Close the Registry editor by choosing File | Exit

9. Reboot the computer normally. The system should now be free of the MonaRonaDona 'virus' and the system changes made by the Trojan should now be reversed.