How to remove W32:Navidad (Navidad.Exe)

This Internet trojan spreads via email as an attachment (NAVIDAD.EXE). This worm also displays a message box upon execution and maps the opening of Windows executables so that it is executed instead of the executable that is called. This causes most Windows programs to not work.

Ways to remove the Navidad Trojan

  • The easiest way is to download Navidad Fix This is a program that can clean up the registry entries and delete the dropped file, WINSVRC.VXD.
  • After cleaning the system, restart it and run an anti-virus program to detect and clean any other infected files.

How to Manually remove W32:Nvidad

To delete this trojan Registry editing is needed.

  • Click on Start, Find, Files or Folders
  • Search for REGEDIT.EXE
  • Rename REGEDIT.EXE to REGEDIT.COM
  • Run REGEDIT.COM
  • In the left panel of the Registry Editor, click on the “+” at left of the names to go to the registry below: HKEY_CLASSES_ROOT\exefile\shell\open\command
  • In the right panel, double-click on the entry with the data
  • (Default) = “%systemdir%\WINSVRC.EXE”%1″”%*”
  • where %systemdir% is the Windows system directory; e.g., \WINDOWS\SYSTEM for Win 9x, and \WINNT\SYSTEM32 for NT/2K.
  • In the Edit window that appears, delete the entire first part of the string, leaving behind “%1″%*”
  • As in step 5, go to the registry entry below:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

  • Click on the entry below, then press “DELETE”

Win32BaseServiceMOD = %systemdir%\WINSVRC.EXE

  • Go to the registry entry below:

HKEY_CURRENT_USER\Software\Navidad

  • Delete this key
  • Reboot your system
  • Scan your system with an up-to-date virus scanner
  • Rename REGEDIT.COM back to REGEDIT.EXE
SHARE THIS ARTICLE
  • BlinkList
  • del.icio.us
  • Digg
  • Facebook
  • LinkedIn
  • Mixx
  • Reddit
  • StumbleUpon
  • Technorati
  • Twitter

Related posts:

  1. How to remove SCVHOST.exe (W32/YahLover.Worm.gen or Win32/Autorun.R.worm)
  2. How to Remove JAY.EXE and MVEO.EXE Virus
  3. How to Remove Huelar.exe (mscvhost.exe, winlogos.exe) virus
  4. How to Remove Happy99.exe (ska)
  5. How to remove TAGA LIPA ARE! Virus
  6. How to remove Taga Xpress On Kami
  7. How to remove FUN.XLS
  8. How to Remove MSBLAST.exe worm virus
  9. How to Remove Virus from USB Device
  10. How to Remove Worm MyMP3.vbs

TAGS: , , , , , , , , , ,

2 Comments

  1. How to fix “Registry Editing has been blocked by an administrator” | PCRemiX :: PC Tips and Tweaks
  2. How to fix “Registry editing has been disabled by your administrator” | Kawula Muda Kebokuning

Leave a Comment


CommentLuv Enabled

Spam Protection by WP-SpamFree