Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
Navidad.E, I-Worm.Navidad.b, W32/Navidad, W95/Navidad.16896
Sent by email.
The worm uses MAPI to send emails and works with Microsoft Outlook. It searches all inbox messages and answers to all messages which have an attachment. The answer email has the same subject and body as the received email. Attachment: Emanuel.exe.
When acivated, W32/Navidad shows an error message window.
If Windows NT/2000 is installed on the system, the worm makes the following registry entry:
It modifies the following registry entry:
The worm copies itself in C:\Windir\Systemdir as Wintask.exe. It changes the registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\exefile\shell\open\command C:\Windir\Systemdir\wintask.exe "%1" %*"
Finally, it places an icon on the shortcut menu, with the message
"Come on lets party!!!".
If the icon is clicked, a window with the following button appears:
"Nunca presionar este boton" (meaning: Never press this button).
If this button is pressed, an error message appears:
"Emmanuel-God is with us!May god bless u.And Ash,Lk and LJ!!".
If this window is closed using the X button, instead of OK, the message "May GOd bless u;D" appears.
The window is closed by pressing OK.
Description inserted by Crony Walker on Tuesday, June 15, 2004