What
is Navidad Trojan Virus?
This new Internet trojan
travels via email. Every response has the
subject, "RE:" and the worm as an attachment (NAVIDAD.EXE).
This worm also displays a message box upon
execution and maps the opening of Windows
executables so that it is executed instead of the
executable that is called. This causes most
Windows programs to not work.
Also known as: I-Worm.Navidad.a, I-Worm.Navidad.b,
W32/Navidad, W32/Navidad.16896, W32/Navidad.32768
How
to Remove Navidad Trojan?
Using Spyware Doctor
to detect and remove Trojan.Navidad AUTOMATICALLY!
Manual Removal:
- Click on Start, Find, Files or Folders
- Search for REGEDIT.EXE
- Rename REGEDIT.EXE to REGEDIT.COM
- Run REGEDIT.COM
- In the left panel of the Registry Editor,
click on the "+" at left of the names to go to
the registry below: HKEY_CLASSES_ROOT\exefile\shell\open\command
- In the right panel, double-click on the
entry with the data
(Default) = "%systemdir%\WINSVRC.EXE"%1""%*"
where %systemdir% is the Windows system
directory; e.g., \WINDOWS\SYSTEM for Win 9x,
and \WINNT\SYSTEM32 for NT/2K.
- In the Edit window that appears, delete the
entire first part of the string, leaving behind
"%1"%*"
- As in step 5, go to the registry entry
below:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- Click on the entry below, then press
"DELETE"
Win32BaseServiceMOD = %systemdir%\WINSVRC.EXE
- Go to the registry entry below:
HKEY_CURRENT_USER\Software\Navidad
- Delete this key
- Reboot your system
- Scan your system with an up-to-date virus
scanner
- Rename REGEDIT.COM back to REGEDIT.EXE
Detection and Removal Instructions for Trojans
| 
(If you can not see the issued comment, please enable your browser to support javascript and refresh this page.)