Win32/Mona, Virus.Win32.HLLW.Mona, Win32.HLLW.Mona, W32/Mona.worm, Win32.HLLW.Mona.24576
W32/Mona-A, Win32/HLLW.Mona.B, PE_MONA.A, Win32:Mona, Win32/Mona
Category: Trojan Horse
01 Feb 2001
The W32.Mona is a Trojan program that can delete files located in the A:\ drive. It can copy its code to the infected system. This Trojan also has backdoor capabilities which can be used by its remote master for a variety of purposes. These purposes include downloading or destroying important data, modifying the registry, terminating currently running processes and including the compromised system in bot networks.
W32.Mona Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a trojan horse removal tool to automatically clean W32.Mona from your computer.
More details about W32.Mona
Once this Trojan is run in the compromised system, it will copy its code to the system and then configure the registry by adding a value to a registry key so that it will execute when Windows starts. It will then go on to delete all files stored in A:\ and the copy itself as a file with the bmp.exe file extension. Backdoor Trojans like the W32.Mona malware are the most widespread and most malicious type of Trojans. This Trojan can act as remote administration tools that can open compromised machines to remote control via the Internet or LAN. It works very similarly to legitimate remote administration tools utilized by system administrators which make it very hard to detect. The only dissimilarity between the Trojan and the legitimate remote administration tool is that the Trojan is installed and executed without the user’s consent and knowledge.
The W32.Mona Trojan is also known to keep track of the local system’s diagnostics. It can also be used by remote hackers to send and receive files, execute files, launch and delete files, delete system critical data, display notifications (which are usually false) and reboot the computer system. This Trojan’s infection can be removed manually. First, users have to turn off the System Restore function of PCs running on Windows XP or ME. Next, open the Windows Task Manager and then locate the Trojan’s active process. Once found, terminate the process and then exit the Task Manager. Go on to search for all the Trojans dropped files and then delete them. Lastly, edit the registry to undo the changes that the Trojan made.