This new Internet trojan travels via email. Every response has the subject, "RE:" and the worm as an attachment (NAVIDAD.EXE). This worm also displays a message box upon execution and maps the opening of Windows executables so that it is executed instead of the executable that is called. This causes most Windows programs to not work.
How to Clean/Delete the Navidad Trojan?
The registry needs to edited to delete this Trojan
The easiest solution to cleaning this trojan virus is to download a program to clean up the registry entries and delete the dropped file, WINSVRC.VXD. This download can be found at
http://www.antivirus.com/vinfo/security/fix_navi.com.
After cleaning the system, restart it and run an anti-virus program to detect and clean any other infected files.
How to Manually Clean the Navidad Trojan
- Click on Start, Find, Files or Folders
- Search for REGEDIT.EXE
- Rename REGEDIT.EXE to REGEDIT.COM
- Run REGEDIT.COM
- In the left panel of the Registry Editor, click on the "+" at left of the names to go to the registry below: HKEY_CLASSES_ROOT\exefile\shell\open\command
- In the right panel, double-click on the entry with
the data
(Default) = "%systemdir%\WINSVRC.EXE"%1""%*"
where %systemdir% is the Windows system directory; e.g., \WINDOWS\SYSTEM for Win 9x, and \WINNT\SYSTEM32 for NT/2K. - In the Edit window that appears, delete the entire first part of the string, leaving behind "%1"%*"
- As in step 5, go to the registry entry below:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run - Click on the entry below, then press "DELETE"
Win32BaseServiceMOD = %systemdir%\WINSVRC.EXE - Go to the registry entry below:
HKEY_CURRENT_USER\Software\Navidad - Delete this key
- Reboot your system
- Scan your system with an up-to-date virus scanner
- Rename REGEDIT.COM back to REGEDIT.EXE
Postingan
Tidak ada komentar:
Posting Komentar