Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.


Threat LevelHigh threat
DistributionNot widespread
Common name:Navidad.A
Technical name:W32/Navidad
Threat level:Medium
Alias:Navidad,, W32/Navidad.A-m, I-Worm.Navidad, Troj_Navidad.A

When activated it prevents files with an EXE extension from being run and displays warnings and an error message when the infected computer is started up.

Affected platforms:

Windows XP/2000/NT/ME/98/95

Detection updated on:Oct. 29, 2007
Proactive protection:
Yes, using TruPrevent Technologies
Repair utility:Panda QuickRemover
Country of origin:AFGHANISTAN

Brief Description 


Navidad is an astute worm that is difficult to detect because it reaches computers in a reply to a previously sent e-mail message (which is infected). This message includes a file called NAVIDAD.EXE, which infects the computer when it is run.

Navidad is dangerous as it prevents many programs from being run. In other words, files with an EXE extension. It also displays warnings and an error message when the computer is started up.

It spreads very quickly by sending itself as a reply to all the e-mail messages in the Inbox of the mail program.

Visible Symptoms 


The first symptom of Navidad is an e-mail message with the following characteristics:

  • A reply to a message that a user has sent to another user (which is infected).
  • The subject is the same as the original message that was sent. The only difference is that it includes the reply tag (RE:).
  • The message is the same as that in the original e-mail message sent to the infected user.
  • The message includes an attachment called NAVIDAD.EXE.

    When the NAVIDAD.EXE file is run, Navidad activates and displays a long list of icons and messages. These appear depending on how the infected user replies to each one.

For more information on the windows displayed when Navidad activates, click here.