$ 11.99|https://store.pandasecurity.com/300/purl-vpn?currencies=USS&x-track=55499&cart=iA001PVPNS05&language=en&quantity=1&enablecoupon=false&coupon=1STMOFFPD&x-coupon=1STMOFFPD&x-market=usa&x-track=190478|$ 0.00|$;PREFIX;.;,;11;99;0;00

It ends in:

Days Hours Minutes

It ends in:

Days Hours Minutes

The best protection with a 60% discount

Apply discount

Get 40% discount! Discover the plan that suits you best!

See offer

Get 40% discount! Discover the plan that suits you best!

See offer

Renew and get 50% off*

Only available for 48 hours!

::

*For home users only

Renew at a discount
::

Renew and get 50% off*

Renew
*Home users only

*For home users only Renew and get 50% off*

::
Renew

Special offer: Renew and get 50% off**

Only available for 48 hours!

::

*For home users only

Renew at a discount

*For home users only Special offer: Renew and get 50% off*

::04
Renew

Hello!

You’re about to visit our web page in English
Would you like to continue?

Yes, I want to visit the web page in English No, I want to visit the web page in

If this is not what you’re looking for,

Visit our Welcome Page!

Call us 24/7 and get a free diagnosis 951 203 528

Active Scan. Scan your PC free

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Navidad.A

 
Threat LevelHigh threatDamageSevereDistributionNot widespread

Effects 

Navidad activates when the file attached to the message is run. Then, it carries out the following actions:

  • It prevents files with an EXE extension from being run.

    When the user or the system tries to run one of these files, a message indicates that it is impossible and that the file will not be run.

  • It displays an error message when the infected computer is started up.

Infection strategy 

Navidad creates a file called WINSVRC.VXD in the Windows System directory. This file displays an eye icon in the Windows Taskbar.

Navidad creat es the following entry in the Windows Registry:

  • HKCR\ Exefile\ Shell\ Open\ Command C:\ Windows\ System\ Winsvrc.exe "%1" %*
    This prevents files with an EXE extension from being run.

Navidad modifies the following entry in the Windows Registry: 

  • HKLM\ Software\ Microsoft\ Windows\ CurrentVersion\ Run Win32BaseServiceMOD C:\ Windows\ System\ Winsvrc.Exe

    By doing this, Navidad tries (unsuccessfully) to ensure that it is activated when the affected computer is started up, as the WINSVRC.EXE file should be run.

    The WINSVRC.EXE file is not the file that Navidad has previously created (the file it creates is WINSVRC.VXD). Therefore, when the computer is started up, an error message appears indicating that the file that must be run cannot be found.

Means of transmission 

The means of transmission used by Navidad is very astute. In order to get the user’s trust, it reaches computers as a reply to a message they have sent to a user that has been infected.

Users naturally think that they have received a reply to a message that they have sent, whereas the reply actually contains a file called NAVIDAD.EXE, which will infect the computer when it is run.

As Navidad is sent in a reply to a message, the message characteristics vary (depending on the original message). However, the attached file is always NAVIDAD.EXE. For more information on this message, consult the section Visible symptoms.

How does Navidad reply to the users that have sent a message to the infected user? By replying to all the messages in the Inbox (both read and unread).

The replies sent by Navidad and the way in which it is sent are not dependent on the mail program installed.

ARE YOU FACING ANY PC OR INTERNET RELATED PROBLEMS?
FREE SUPPORT INCLUDED. CALL US 24/7

powered by Anytech365