Content

Monagrey

Type
Trojan
SubType
Win32
Discovery Date
03/04/2008
Length
2,170,880 bytes
Minimum DAT
5245 (03/05/2008)
Updated DAT
5245 (03/05/2008)
Minimum Engine
5.1.00
Description Added
03/04/2008
Description Modified
03/04/2008 10:28 PM (PT)
Risk Assessment
Corporate User
Low-Profiled
Home User
Low-Profiled

Tab Navigation

Characteristics

-- Update March 4, 2008 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.scmagazineus.com/New-virus-tries-to-dupe-victims-into-googling-its-name/article/107612/
--

Monagrey is a trojan which modifies IE start page and prevents common applications from running.

It will modify the following registry key to run at startup:
HKEY_LOCAL_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows: "%LOCATION%\SRVSPOOL.exe"

(where %LOCATION % is the location of the folder where it resides e.g. C:\)

Upon reboot, the trojan will display a pop up window.

 

It will change IE start page to point to the following URL:

  • http://en.wikipedia.org/wiki/Human_rights

and also prevent applications with the following names in their title bar from running:

  • Date And Time
  • Windows Task Manager
  • Registry Editor
  • Irfanview
  • Google Talk
  • Macromedia
  • Adobe
  • Microsoft Visual
  • Windows Media Player
  • Winamp
  • Microsoft Office
  • Microsoft Excel
  • Microsoft Word
  • Messenger

Symptoms

  • Unexpected termination of previously mentioned applications
  • Modification of IE start page to previously mentioned URL.

Method of Infection

Trojans do not self-replicate. They spread manually, often under the premise that the executable is something beneficial. Trojans may also be received as a result of poor security practices, or un-patched machines and vulnerable systems. Distribution channels include IRC, peer-to-peer networks, email, newsgroups postings, etc

Removal

All Users:
Use specified engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

Monagrey is a trojan which modifies IE start page and prevents common applications from running.

Aliases

  • Trojan.Monagray (Symantec)
  • Trojan.Win32.Monagrey.a (KAV)

Characteristics

Characteristics -

-- Update March 4, 2008 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.scmagazineus.com/New-virus-tries-to-dupe-victims-into-googling-its-name/article/107612/
--

Monagrey is a trojan which modifies IE start page and prevents common applications from running.

It will modify the following registry key to run at startup:
HKEY_LOCAL_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows: "%LOCATION%\SRVSPOOL.exe"

(where %LOCATION % is the location of the folder where it resides e.g. C:\)

Upon reboot, the trojan will display a pop up window.

 

It will change IE start page to point to the following URL:

  • http://en.wikipedia.org/wiki/Human_rights

and also prevent applications with the following names in their title bar from running:

  • Date And Time
  • Windows Task Manager
  • Registry Editor
  • Irfanview
  • Google Talk
  • Macromedia
  • Adobe
  • Microsoft Visual
  • Windows Media Player
  • Winamp
  • Microsoft Office
  • Microsoft Excel
  • Microsoft Word
  • Messenger

Symptoms

Symptoms -

  • Unexpected termination of previously mentioned applications
  • Modification of IE start page to previously mentioned URL.

Method of Infection

Method of Infection -

Trojans do not self-replicate. They spread manually, often under the premise that the executable is something beneficial. Trojans may also be received as a result of poor security practices, or un-patched machines and vulnerable systems. Distribution channels include IRC, peer-to-peer networks, email, newsgroups postings, etc

Removal -

Removal -

All Users:
Use specified engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A