Нужен совет? Обратитесь за помощью к сообществу или специалистам.
Перейти к Avira Answers
Alias:Navidad.E, I-Worm.Navidad.b, W32/Navidad, W95/Navidad.16896
Damage:Sent by email. 
VDF Version:  

DistributionThe worm uses MAPI to send emails and works with Microsoft Outlook. It searches all inbox messages and answers to all messages which have an attachment. The answer email has the same subject and body as the received email. Attachment: Emanuel.exe.

Technical DetailsWhen acivated, W32/Navidad shows an error message window.
If Windows NT/2000 is installed on the system, the worm makes the following registry entry:


It modifies the following registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Win32BaseServiceMOD C:\Windir\Systemdir\Wintask.exe

The worm copies itself in C:\Windir\Systemdir as Wintask.exe. It changes the registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\exefile\shell\open\command C:\Windir\Systemdir\wintask.exe "%1" %*"

Finally, it places an icon on the shortcut menu, with the message
"Come on lets party!!!".

If the icon is clicked, a window with the following button appears:
"Nunca presionar este boton" (meaning: Never press this button).

If this button is pressed, an error message appears:
"Emmanuel-God is with us!May god bless u.And Ash,Lk and LJ!!".

If this window is closed using the X button, instead of OK, the message "May GOd bless u;D" appears.
The window is closed by pressing OK.
Описание добавил Crony Walker в(о) вторник, 15 июня 2004 г.

Назад . . . .
https:// Это окно зашифровано для вашей безопасности.