YOU’RE NOT VIEWING PANDA SECURITY USA. CLICK TO IMPROVE YOUR EXPERIENCE
VISIT PANDA SECURITY USA
x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with 50% off
RENEW NOW
x
48-HOUR OFFER
50%
RENEWALS
Home users only
RENEW AT A DISCOUNT
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET 50% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET 50% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET 50% OFF
x
UP TO
-60%
BUY NOW
x
UP TO
-60%
BUY NOW
Active Scan. Scan your PC free

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Navidad.A

Threat LevelHigh threatDamageSevereDistributionNot widespread

Effects 

Navidad activates when the file attached to the message is run. Then, it carries out the following actions:

  • It prevents files with an EXE extension from being run.

    When the user or the system tries to run one of these files, a message indicates that it is impossible and that the file will not be run.

  • It displays an error message when the infected computer is started up.

Infection strategy 

Navidad creates a file called WINSVRC.VXD in the Windows System directory. This file displays an eye icon in the Windows Taskbar.

Navidad creat es the following entry in the Windows Registry:

  • HKCR\ Exefile\ Shell\ Open\ Command C:\ Windows\ System\ Winsvrc.exe "%1" %*
    This prevents files with an EXE extension from being run.

Navidad modifies the following entry in the Windows Registry: 

  • HKLM\ Software\ Microsoft\ Windows\ CurrentVersion\ Run Win32BaseServiceMOD C:\ Windows\ System\ Winsvrc.Exe

    By doing this, Navidad tries (unsuccessfully) to ensure that it is activated when the affected computer is started up, as the WINSVRC.EXE file should be run.

    The WINSVRC.EXE file is not the file that Navidad has previously created (the file it creates is WINSVRC.VXD). Therefore, when the computer is started up, an error message appears indicating that the file that must be run cannot be found.

Means of transmission 

The means of transmission used by Navidad is very astute. In order to get the user’s trust, it reaches computers as a reply to a message they have sent to a user that has been infected.

Users naturally think that they have received a reply to a message that they have sent, whereas the reply actually contains a file called NAVIDAD.EXE, which will infect the computer when it is run.

As Navidad is sent in a reply to a message, the message characteristics vary (depending on the original message). However, the attached file is always NAVIDAD.EXE. For more information on this message, consult the section Visible symptoms.

How does Navidad reply to the users that have sent a message to the infected user? By replying to all the messages in the Inbox (both read and unread).

The replies sent by Navidad and the way in which it is sent are not dependent on the mail program installed.

ARE YOU FACING ANY PC OR INTERNET RELATED PROBLEMS?
FREE SUPPORT INCLUDED. CALL US 24/7

powered by Anytech365