Techguy
November 14, 2000, 11:50 pm
TROJ_NAVIDAD.A
Risk rating: MEDIUM
Virus type: Trojan
Destructive: N
Aliases:
W32/Navidad@M, W32.Navidad
Description:
This Internet worm propagates via Microsoft Messaging API (MAPI). It sends itself as an attachment to all address lists in the address book of the infected user. It also modifies the registry, so that it is executed at every Windows start up. It also displays a message box when it is executed.
Solution:
Warning: Please delete the registry entries before running your antivirus.
Please delete all registry entries added by this Trojan, by running "fix_reg.vbs (http://www.antivirus.com/vinfo/security/fix_reg.vbs) (This tool cannot be downloaded to an infected system. You must download this tool on a clean machine, copy it to diskette and transfer it to the infected machine using MS-DOS prompt and then run it)
Restart the computer
Scan your system with Trend antivirus and delete all files detected as TROJ_NAVIDAD.A.
As an alternative to using the tool is the following:
Click on Start|Programs|MS-DOS Prompt.
Type the DOS command below then press "ENTER"
Ren regedit.exe regedit.com
(Note: This renaming is only temporary and is necessary to be able to run Regedit)
Type exit, then press "ENTER" to return to Windows.
Click on Start|Run, type regedit, then press ENTER.
In the left panel of the Registry Editor, click on the “+” at left of the names to go to the registry below:
HKEY_CLASSES_ROOT\exefile\shell\open\
command
In the right panel of the Registry Editor, double click on the entry with the data
(Default) =
“%windir%\SYSTEM\WINSVRC.EXE”%1””%*”
where %windir% is the path where Windows is installed.
In the Edit window that appears, delete the entire first part of the string, leaving behind “%1”%*”.
As in step 5, go to the registry entry below:
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
Click on the entry below, then press "DELETE"
Win32BaseServiceMOD =
%windir%\SYSTEM\WINSVRC.EXE
Click on Start|Programs|MS-DOS Prompt
Type the DOS command below then press "ENTER"
Ren regedit.com regedit.exe
Scan your system with Trend antivirus and delete all files detected as TROJ_NAVIDAD.A.
------------------
Thank you for using Help From Techs Support Forums.
Please come again and remember to refer a friend to our site.
Techguy - Help From Techs Support Forums - Administrator
Risk rating: MEDIUM
Virus type: Trojan
Destructive: N
Aliases:
W32/Navidad@M, W32.Navidad
Description:
This Internet worm propagates via Microsoft Messaging API (MAPI). It sends itself as an attachment to all address lists in the address book of the infected user. It also modifies the registry, so that it is executed at every Windows start up. It also displays a message box when it is executed.
Solution:
Warning: Please delete the registry entries before running your antivirus.
Please delete all registry entries added by this Trojan, by running "fix_reg.vbs (http://www.antivirus.com/vinfo/security/fix_reg.vbs) (This tool cannot be downloaded to an infected system. You must download this tool on a clean machine, copy it to diskette and transfer it to the infected machine using MS-DOS prompt and then run it)
Restart the computer
Scan your system with Trend antivirus and delete all files detected as TROJ_NAVIDAD.A.
As an alternative to using the tool is the following:
Click on Start|Programs|MS-DOS Prompt.
Type the DOS command below then press "ENTER"
Ren regedit.exe regedit.com
(Note: This renaming is only temporary and is necessary to be able to run Regedit)
Type exit, then press "ENTER" to return to Windows.
Click on Start|Run, type regedit, then press ENTER.
In the left panel of the Registry Editor, click on the “+” at left of the names to go to the registry below:
HKEY_CLASSES_ROOT\exefile\shell\open\
command
In the right panel of the Registry Editor, double click on the entry with the data
(Default) =
“%windir%\SYSTEM\WINSVRC.EXE”%1””%*”
where %windir% is the path where Windows is installed.
In the Edit window that appears, delete the entire first part of the string, leaving behind “%1”%*”.
As in step 5, go to the registry entry below:
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
Click on the entry below, then press "DELETE"
Win32BaseServiceMOD =
%windir%\SYSTEM\WINSVRC.EXE
Click on Start|Programs|MS-DOS Prompt
Type the DOS command below then press "ENTER"
Ren regedit.com regedit.exe
Scan your system with Trend antivirus and delete all files detected as TROJ_NAVIDAD.A.
------------------
Thank you for using Help From Techs Support Forums.
Please come again and remember to refer a friend to our site.
Techguy - Help From Techs Support Forums - Administrator