Techguy
November 30, 2000, 10:34 am
TROJ_NAVIDAD.E
Risk rating: http://www.helpfromtechs.com/images/lowrisk.gif
Virus type: Trojan
Destructive: Y
Aliases:
EMMANUEL, NAVIDAD.E, NAVIDAD.B
Description:
This malicious Internet worm propagates via email. It uses Microsoft Messaging API to send a copy of itself as an email attachment to all lists in the address book of the infected user. A variant of TROJ_NAVIDAD.A, this Trojan differs in the icon used, the messages used and the file that it spreads. Upon execution, it displays an errors message box and prevents users from execution EXE programs.
Solution:
Warning: Please delete all registry entries created by the Trojan before running Trend antivirus.
Click on Start|Programs|MS-DOS Prompt.
Type the DOS command below then press "ENTER":
Ren regedit.exe regedit.com.
(Note: This renaming is only temporary and is necessary to be able to run Regedit)
Type exit, then press "ENTER" to return to Windows.
Click on Start|Run, type regedit, then press ENTER.
In the left panel of the Registry Editor, click on the "+" at left of the names to go to the registry below:
HKEY_CLASSES_ROOT
exefile
shell
open
command
In the right panel of the Registry Editor, double click on the entry with the data
(Default) = "%systemdir%\\WINTASK.EXE "%1"%*"
Where %systemdir% is the path where the System directory is installed.
In the Edit window that appears, delete the entire first part of the string, leaving behind "%1"%*".
As in step 5, go to the registry entry below:
HKEY_LOCAL_MACHINE
Software\Microsoft
Windows
CurrentVersion
Run
Click on the entry below, then press "DELETE"
Win32BaseServiceMOD = %systemdir%\WINTASK.EXE
As in step 5, go to the registry entry below:
HKEY_USER
Software
Click on the registry key "Emanuel", then press "DELETE".
Click on Start|Programs|MS-DOS Prompt
Type the DOS command below then press "ENTER" Ren regedit.com regedit.exe
Scan your system with your antivirus and delete all files detected as TROJ_EMMANUEL.
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.
Risk rating: http://www.helpfromtechs.com/images/lowrisk.gif
Virus type: Trojan
Destructive: Y
Aliases:
EMMANUEL, NAVIDAD.E, NAVIDAD.B
Description:
This malicious Internet worm propagates via email. It uses Microsoft Messaging API to send a copy of itself as an email attachment to all lists in the address book of the infected user. A variant of TROJ_NAVIDAD.A, this Trojan differs in the icon used, the messages used and the file that it spreads. Upon execution, it displays an errors message box and prevents users from execution EXE programs.
Solution:
Warning: Please delete all registry entries created by the Trojan before running Trend antivirus.
Click on Start|Programs|MS-DOS Prompt.
Type the DOS command below then press "ENTER":
Ren regedit.exe regedit.com.
(Note: This renaming is only temporary and is necessary to be able to run Regedit)
Type exit, then press "ENTER" to return to Windows.
Click on Start|Run, type regedit, then press ENTER.
In the left panel of the Registry Editor, click on the "+" at left of the names to go to the registry below:
HKEY_CLASSES_ROOT
exefile
shell
open
command
In the right panel of the Registry Editor, double click on the entry with the data
(Default) = "%systemdir%\\WINTASK.EXE "%1"%*"
Where %systemdir% is the path where the System directory is installed.
In the Edit window that appears, delete the entire first part of the string, leaving behind "%1"%*".
As in step 5, go to the registry entry below:
HKEY_LOCAL_MACHINE
Software\Microsoft
Windows
CurrentVersion
Run
Click on the entry below, then press "DELETE"
Win32BaseServiceMOD = %systemdir%\WINTASK.EXE
As in step 5, go to the registry entry below:
HKEY_USER
Software
Click on the registry key "Emanuel", then press "DELETE".
Click on Start|Programs|MS-DOS Prompt
Type the DOS command below then press "ENTER" Ren regedit.com regedit.exe
Scan your system with your antivirus and delete all files detected as TROJ_EMMANUEL.
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.