ARCHIVED: What is the Navidad email worm, and how do I get rid of it?
The Navidad (navidad.exe
) worm is an
executable file sent as an email attachment. The worm replies to
messages, and therefore the subject of the message will usually match
one that the recipient has previously sent.
If you run this program, the worm displays an Error
dialog box with the text "UI". If you click the button in this
dialog box, the worm sends itself by replying to each
message in the Inbox, placing Navidad.exe
in the message
body. The worm installs itself into the system tray as a
blue eye icon, and then copies itself into the Windows and Windows
system directories with the filenames winsvrc.vxd
and
winsvrc.exe
, making changes to the registry so
that it executes upon startup.
If you execute this program, you will be unable to launch other applications and will receive the error message, "Windows cannot find winsvrc.exe".
To manually remove the worm from your computer, you will need to remove the registry keys created by the worm. For instructions on dealing with, and more information about this worm, click Virus Encyclopedia page at:
and then on the Computer Associateshttp://www3.ca.com/threatinfo/virusinfo/browse.aspx
You may also wish to consult the Symantec Security Response site for information and fixes. Search on navidad
at the following URL:
http://securityresponse.symantec.com/avcenter/vinfodb.html
This is document ajbs in the Knowledge Base.
Last modified on 2018-01-18 13:05:41.