Ok my mom goes and tries to open some e-mail called navidad.exe obviously some spanish freakin think that i seen in the systray and opened it and then on the computer is wacko and wont' open anything except Internet Explorer and Outlook. I cannot do anything does anyone have suggestions?
I think I have a virus???????
- Thread starter hubbs
- Start date
If you don't have anti-virus software, try Norton's online virus scanner.
I don't remember the exact link, but since you can still use IE you can find it
I don't remember the exact link, but since you can still use IE you can find it
that's a real virus - REAL VIRUS
THIS IS A BRAND NEW VIRUS- here's what Symantec says about it: (it's on the main page - it was created on the 3rd and discovered on the 6th of this month)
The specific page about this virus is at http://www.symantec.com/avcenter/venc/data/w32.navidad.html
<< W32.Navidad
Discovered on: November 3, 2000
Last Updated on: November 11, 2000 0 9:38:15 PM PST
W32.Navidad is a mass mailing worm program. The worm replies using MAPI to all Inbox messages that contain a single attachment. This works with Microsoft Outlook. The worm utilizes the existing email subject line and body and attaches itself as NAVIDAD.EXE. Due to the bugs in the code, after being executed, the worm causes your system to be unusable.
Click here to download a tool to repair W32.Navidad damage
Category: Worm
Virus definitions: November 6, 2000
Threat assessment:
...........
>>
There's also a too that repairs the virus damage, and it also contains instructions on how to do this manually.
Hope this helps!
edit: corrected typo
THIS IS A BRAND NEW VIRUS- here's what Symantec says about it: (it's on the main page - it was created on the 3rd and discovered on the 6th of this month)
The specific page about this virus is at http://www.symantec.com/avcenter/venc/data/w32.navidad.html
<< W32.Navidad
Discovered on: November 3, 2000
Last Updated on: November 11, 2000 0 9:38:15 PM PST
W32.Navidad is a mass mailing worm program. The worm replies using MAPI to all Inbox messages that contain a single attachment. This works with Microsoft Outlook. The worm utilizes the existing email subject line and body and attaches itself as NAVIDAD.EXE. Due to the bugs in the code, after being executed, the worm causes your system to be unusable.
Click here to download a tool to repair W32.Navidad damage
Category: Worm
Virus definitions: November 6, 2000
Threat assessment:
...........
>>
There's also a too that repairs the virus damage, and it also contains instructions on how to do this manually.
Hope this helps!
edit: corrected typo
Go into: System Config Ultility > StartUp and turn off the the offending progrm/virus then get a run updated virus scan to remove the bug from your system.
Or, search the web for the signature and do a file search and manually del the bug.
Well.....That didnt' work looks like I have to format......Is there anywhere on the computer that has the CD KEY so i can look it up cuz i lost the paper.
Hubbs...
Further down the page that was linked to is manual removal instructions:
To remove W32.Navidad (on a Windows 95/98 system):
On the Windows taskbar, click Start > Programs > MS-DOS Prompt. The command prompt will display the current directory, which should be the Windows directory. In most cases that will be displayed as:
C:\WINDOWS>
Type ren REGEDIT.EXE REGEDIT.COM.
Press Enter.
Type REGEDIT.
Press Enter.
Modify the following Registry value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
exefile\shell\open\command
and change
"C:\WINDOWS\SYSTEM\winsvrc.vxd "%1" %*
to
"%1" %*
For clarity, these seven characters are the following: double quote, percent sign, the numeral one, double quote, space, percent sign, and asterisk. Don't forget the space.
Delete the registry key:
HKEY_USERS\.DEFAULT\Software\Navidad
Restart your computer.
Using Windows Explorer, delete the \WINDOWS\SYSTEM\winsvrc.vxd file.
To remove W32.Navidad (on a Windows NT / Windows 2000 system):
On your Windows Desktop, double-click on your My Computer icon.
Press CTRL-F. A Find: All Files window should pop up. This will allow you to search for a specific file.
In the Named: field, type REGEDIT.EXE.
After it finds this file successfully, right-click on the filename REGEDIT.EXE. This will pop up a menu. Select Rename.
Type: REGEDIT.COM. This should rename the file to REGEDIT.COM.
Double-click on this program REGEDIT.COM.
Modify the following Registry value:
HKEY_CLASSES_ROOT\exefile\shell\
open\command
and change
"C:\WINNT\SYSTEM32\winsvrc.vxd "%1" %*
to
"%1" %*
For clarity, these seven characters are the following: double quote, percent sign, the numeral one, double quote, space, percent sign, and asterisk. Don't forget the space.
Delete the registry key:
HKEY_CURRENT_USER\Software\Navidad
Restart your computer.
Using Windows Explorer, delete the \WINNT\SYSTEM32\winsvrc.vxd file.
Give that a try before you resort to flatlining your system.
Viper GTS
Further down the page that was linked to is manual removal instructions:
To remove W32.Navidad (on a Windows 95/98 system):
On the Windows taskbar, click Start > Programs > MS-DOS Prompt. The command prompt will display the current directory, which should be the Windows directory. In most cases that will be displayed as:
C:\WINDOWS>
Type ren REGEDIT.EXE REGEDIT.COM.
Press Enter.
Type REGEDIT.
Press Enter.
Modify the following Registry value:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
exefile\shell\open\command
and change
"C:\WINDOWS\SYSTEM\winsvrc.vxd "%1" %*
to
"%1" %*
For clarity, these seven characters are the following: double quote, percent sign, the numeral one, double quote, space, percent sign, and asterisk. Don't forget the space.
Delete the registry key:
HKEY_USERS\.DEFAULT\Software\Navidad
Restart your computer.
Using Windows Explorer, delete the \WINDOWS\SYSTEM\winsvrc.vxd file.
To remove W32.Navidad (on a Windows NT / Windows 2000 system):
On your Windows Desktop, double-click on your My Computer icon.
Press CTRL-F. A Find: All Files window should pop up. This will allow you to search for a specific file.
In the Named: field, type REGEDIT.EXE.
After it finds this file successfully, right-click on the filename REGEDIT.EXE. This will pop up a menu. Select Rename.
Type: REGEDIT.COM. This should rename the file to REGEDIT.COM.
Double-click on this program REGEDIT.COM.
Modify the following Registry value:
HKEY_CLASSES_ROOT\exefile\shell\
open\command
and change
"C:\WINNT\SYSTEM32\winsvrc.vxd "%1" %*
to
"%1" %*
For clarity, these seven characters are the following: double quote, percent sign, the numeral one, double quote, space, percent sign, and asterisk. Don't forget the space.
Delete the registry key:
HKEY_CURRENT_USER\Software\Navidad
Restart your computer.
Using Windows Explorer, delete the \WINNT\SYSTEM32\winsvrc.vxd file.
Give that a try before you resort to flatlining your system.
Viper GTS
Try Boot form flopy then hold down [Ctrl] or [F8] tot boot to a Dos prompt, then C:\WINDOWS\REGEDIT
I'm quite sure regedit can't be run from a DOS prompt.
But you could at least do the re-naming, & then try to open it in Windows...
Viper GTS
But you could at least do the re-naming, & then try to open it in Windows...
Viper GTS
Wait, Don't format the computer yet. I have the fix for Navidad. Let me know if your interested.
um.......yes i'm interested and the fix at symantec didnt' work because i deleted the files...but still when i try to open anthing it wont' do anything.
Russ I set my mom on Edoura because I didn't want her using common virus carriers but nope she didn't like it. :|
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter