Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

W32.Navidad Fix

W32.Navidad Fix

February 02, 2001
August 24, 2005
Download Removal Tool
This tool repairs damage done by the W32.Navidad worm and the W32.Navidad.16896 worm variant.

Please click here for manual removal instructions.

To use the tool
To obtain and use this tool, follow these steps:
Click here to download the file.
When prompted, save the file to the Windows desktop.

NOTE: This file has a .com extension and not an .exe extension. It is important that you preserve this extension.

After the file finishes downloading, double-click the Fixnavid icon that appears on the desktop.

What the tool does
The tool does the following:
The value Win32BaseServiceMOD is removed from the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key.
On Windows 95/98 systems:
The registry key HKEY_USERS\DEFAULT\Software\Navidad is deleted.
The value of HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\exefile\shell\open\command is restored to "%1" %*"
On Windows NT/2000 systems:
The registry key HKEY_CURRENT_USER\Software\Navidad is deleted.
The value of HKEY_CLASSES_ROOT\exefile\shell\open\command is restored to "%1" %*"
The Winsvrc.vxd file is removed from the \Windows\System folder.

How to verify the digital signature of
To verify the digital signature of using Chktrust.exe:
Go here
Download and save chktrust.exe into the same folder that contains
Click Start, point to Programs, and click MS-DOS Prompt.
Change to the folder where and Chktrust.exe are stored.
If the files were saved to the Desktop folder in Windows 95 or Windows 98, the customary command to enter at the MS DOS prompt is

cd \windows\desktop

Type the following command to check the digital signature of

chktrust -i [Enter]

If the digital signature is valid, you should see a dialog box asking the following question:

"Do you want to install and run "Fix Nav ID" signed on 6/18/01 9:57 PM and distributed by Symantec Corporation."

The date and time that appear in this dialog box will be adjusted to your time zone if your computer is not set to the Pacific time zone.
If you are using Daylight Saving Time, the time that appears will be exactly one hour earlier.
If this dialog box does not appear, there are two possible reasons:
The tool is not from Symantec. Unless you are sure that the tool is legitimate, and that you downloaded it from the legitimate Symantec Web site, you should not run it.
The tool is from Symantec, and is legitimate. However, your operating System was previously instructed to always trust content from Symantec. For information on this, and how to view the confirmation dialog again, read the document How to restore the Publisher Authenticity confirmation dialog box.

Click Yes.
Type exit and then press Enter. This will end the MS-DOS session.