NetPlus communications     W32.Navidad Virus Information

NetPlus Users Beware! There is a new virus spreading rapidly throughout the internet. W32.Navidad is a mass mailing worm program. The worm replies using MAPI to all Inbox messages that contain a single attachment. This works with Microsoft Outlook. The worm utilizes the existing email subject line and body and attaches itself as NAVIDAD.EXE. Due to the bugs in the code, after being executed, the worm causes your system to be unusable.

W32.Navidad Fix Tool

This tool repairs damage done by the W32.Navidad worm (for more information).

To use the tool, first download the fixnavid.com file to the Windows Desktop (You must be using Internet Explorer to download this file). This file can be saved to an alternate folder; and if an alternate folder is used you will need to launch this program from that folder rather than the desktop folder. If the file has been saved to the Windows Desktop folder an icon for this program will appear on your desktop. Please note that this program has a ".com" extension and not a ".exe" extension. It is important that this extension be preserved. After the file finishes downloading launch the program by double-clicking on the fixnavid icon that appears on the desktop. If you saved this program to an alternate folder you will need to open the appropriate folder via the "My Computer" window and launch the program from that alternate folder.

What the tool does

After running the W32.Navidad Fix Tool, you will be able to launch programs just as your were able before W32.Navidad infected your computer.

 

  1. The following registry keys are removed:
    • The value Win32BaseServiceMOD is removed from the following key

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
      Windows\CurrentVersion\Run

    • HKEY_USERS\DEFAULT\Software\Navidad on Windows 95 and Windows 98 systems.

    • HKEY_CURRENT_USER\Software\Navidad on Windows NT and Windows 2000 systems.

    • The value of

      HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\
      exefile\shell\open\command

      is restored to

      "%1" %*"

      on Windows 95 and WIndows 98 systems.

    • The value of

      HKEY_CLASSES_ROOT\exefile\shell\
      open\command

      is restored to

      "%1" %*"

      on windows NT and Windows 2000 systems.

  2. The file winsvrc.vxd is removed from the Windows system directory.

This information was obtained from www.symantec.com

Thank you

NetPlus Staff

 

 

 

 

Page Counter