• Home
• Security
• News
• Software
• Search
• Sitemap
• no link
• no link
• no link
• [ Shop ]

• Categories

  • Computer Worms
  • Latest Worms (MS)
  • Latest Worms (Linux)
  • Screenshots
  • Removal Information

• Archives

  • 2009
  • 2008 - 2007
  • 2006 - 2005
  • 2004 - 2003
  • 2002 and before

W32.Navidad aka Navidad Removal

To remove W32.Navidad (on a Windows 95/98 system):
Step 1.
On the Windows taskbar, click Start > Programs > MS-DOS Prompt. The command prompt will display the current directory, which should be the Windows directory. In most cases that will be displayed as:
C:\WINDOWS>
Step 2.
Type ren REGEDIT.EXE REGEDIT.COM.
Step 3.
Press Enter.
Step 4.
Type REGEDIT.
Step 5.
Press Enter.
Step 6.
Modify the following Registry value:
HKEY_CLASSES_ROOT\exefile\shell\open\command
and change
"C:\WINDOWS\SYSTEM\winsvrc.exe "%1" %*
to
"%1" %*
For clarity, these seven characters are the following: double quote, percent sign, the numeral one, double quote, space, percent sign, and asterisk. Don't forget the space.
Step 7.
Delete the registry key:
HKEY_USERS\.DEFAULT\Software\Navidad
Step 8.
Delete Win32BaseServiceMOD from HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Step 9.
Restart your computer.
Step 10.
Using Windows Explorer, delete the \WINDOWS\SYSTEM\winsvrc.vxd file.

To remove W32.Navidad (on a Windows NT / Windows 2000 system):
On your Windows Desktop, double-click on your My Computer icon.
Press CTRL-F. A Find: All Files window should pop up. This will allow you to search for a specific file.
In the Named: field, type REGEDIT.EXE.
After it finds this file successfully, right-click on the filename REGEDIT.EXE. This will pop up a menu. Select Rename.
Type: REGEDIT.COM. This should rename the file to REGEDIT.COM.
Double-click on this program REGEDIT.COM.
Modify the following Registry value:
HKEY_CLASSES_ROOT\exefile\shell\open\command
and change
"C:\WINNT\SYSTEM32\winsvrc.exe "%1" %*
to
"%1" %*
For clarity, these seven characters are the following: double quote, percent sign, the numeral one, double quote, space, percent sign, and asterisk. Don't forget the space.
Delete the registry key:
HKEY_CURRENT_USER\Software\Navidad
Delete Win32BaseServiceMOD from :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Restart your computer.
Using Windows Explorer, delete the \WINNT\SYSTEM32\winsvrc.vxd file.
Note: Once you have sucessfully rid your computer of this worm, you should rename regedit.com back to its original name of regedit.exe.

  Advertising

Use 'DHL for You' for easy package sending in the Netherlands!

ESET NOD32 Antivirus, CNET Editors’ Choice 2009

10% Off - Trend Micro Internet Security Pro - 1 YR - Coupon Code:tmpro08

Norton 360 v3.0 - 2 year subscription

ZoneAlarm Internet Security Suite 2010 - Save 50%

Copyright (c) 1997 - 2010 virusall.com. All rights reserved.