Norton.com > Viruses & Risks > W32.Navidad Fix

W32.Navidad Fix

Discovered:
February 2, 2001
Updated:
August 24, 2005 12:00:00 AM
Type:
Removal Information
This tool repairs damage done by the W32.Navidad worm and the W32.Navidad.16896 worm variant.

Please click here for manual removal instructions.

To use the tool
To obtain and use this tool, follow these steps:
Click here to download the Fixnavid.com file.
When prompted, save the file to the Windows desktop.

NOTE: This file has a .com extension and not an .exe extension. It is important that you preserve this extension.

After the file finishes downloading, double-click the Fixnavid icon that appears on the desktop.

What the tool does
The tool does the following:
The value Win32BaseServiceMOD is removed from the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key.
On Windows 95/98 systems:
The registry key HKEY_USERS\DEFAULT\Software\Navidad is deleted.
The value of HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\exefile\shell\open\command is restored to "%1" %*"
On Windows NT/2000 systems:
The registry key HKEY_CURRENT_USER\Software\Navidad is deleted.
The value of HKEY_CLASSES_ROOT\exefile\shell\open\command is restored to "%1" %*"
The Winsvrc.vxd file is removed from the \Windows\System folder.

How to verify the digital signature of Fixnavid.com
To verify the digital signature of Fixnavid.com using Chktrust.exe:
Go here http://www.wmsoftware.com/free.htm
Download and save chktrust.exe into the same folder that contains Fixnavid.com.
Click Start, point to Programs, and click MS-DOS Prompt.
Change to the folder where Fixnavid.com and Chktrust.exe are stored.
If the files were saved to the Desktop folder in Windows 95 or Windows 98, the customary command to enter at the MS DOS prompt is

cd \windows\desktop

Type the following command to check the digital signature of Fixnavid.com:

chktrust -i fixnavid.com [Enter]

If the digital signature is valid, you should see a dialog box asking the following question:

"Do you want to install and run "Fix Nav ID" signed on 6/18/01 9:57 PM and distributed by Symantec Corporation."

NOTES:
The date and time that appear in this dialog box will be adjusted to your time zone if your computer is not set to the Pacific time zone.
If you are using Daylight Saving Time, the time that appears will be exactly one hour earlier.
If this dialog box does not appear, there are two possible reasons:
The tool is not from Symantec. Unless you are sure that the tool is legitimate, and that you downloaded it from the legitimate Symantec Web site, you should not run it.
The tool is from Symantec, and is legitimate. However, your operating System was previously instructed to always trust content from Symantec. For information on this, and how to view the confirmation dialog again, read the document How to restore the Publisher Authenticity confirmation dialog box.

Click Yes.
Type exit and then press Enter. This will end the MS-DOS session.

Search Threats

Search by name

Example: W32.Beagle.AG@mm