How to remove W32:Navidad (Navidad.Exe)

This Internet trojan spreads via email as an attachment (NAVIDAD.EXE). This worm also displays a message box upon execution and maps the opening of Windows executables so that it is executed instead of the executable that is called. This causes most Windows programs to not work.

Ways to remove the Navidad Trojan

  • The easiest way is to download Navidad Fix This is a program that can clean up the registry entries and delete the dropped file, WINSVRC.VXD.
  • After cleaning the system, restart it and run an anti-virus program to detect and clean any other infected files.

How to Manually remove W32:Nvidad

To delete this trojan Registry editing is needed.

  • Click on Start, Find, Files or Folders
  • Search for REGEDIT.EXE
  • Rename REGEDIT.EXE to REGEDIT.COM
  • Run REGEDIT.COM
  • In the left panel of the Registry Editor, click on the “+” at left of the names to go to the registry below: HKEY_CLASSES_ROOT\exefile\shell\open\command
  • In the right panel, double-click on the entry with the data
  • (Default) = “%systemdir%\WINSVRC.EXE”%1″”%*”
  • where %systemdir% is the Windows system directory; e.g., \WINDOWS\SYSTEM for Win 9x, and \WINNT\SYSTEM32 for NT/2K.
  • In the Edit window that appears, delete the entire first part of the string, leaving behind “%1″%*”
  • As in step 5, go to the registry entry below:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

  • Click on the entry below, then press “DELETE”

Win32BaseServiceMOD = %systemdir%\WINSVRC.EXE

  • Go to the registry entry below:

HKEY_CURRENT_USER\Software\Navidad

  • Delete this key
  • Reboot your system
  • Scan your system with an up-to-date virus scanner
  • Rename REGEDIT.COM back to REGEDIT.EXE