Skip Over Navigation Links
Center for Information TechnologyAntivirus
Antivirus Home Page
Contact Us
Questions or Comments
Disclaimers

Software
Current client downloads:
VScan Engine/Dat (SuperDat) -5.2.00/4.0.5378
VirusScan Enterprise 8.5i (with Patch 6) - Windows NT/2000/XP/2003
VirusScan Enterprise 7.1 - Windows NT/2000/XP/2003
Virex (OS X) Engine/Def - 7.2(v1.1)/080903
Virex (OS 9.x) Engine/Def - 6.2/071001
Linux & Solaris Engine/Dat - 5.2.00/4.0.5196
Symantec Antivirus - 10.1.7.7000
Symantec Antivirus - 10.2
Clean Boot 1.0
Stinger v3.8.0 virus removal tool (Updated 09/10/07)
Current server downloads:
VirusScan Enterprise 8.5
VirusScan Enterprise 7.1
NetShield NetWare - 4.6.2
NetShield NetWare - 4.6.3
NetShield NetWare Engine Update - 4.4.00
ePO agent for NetWare
ScanMail eManager - 3.0

Information
ePO 3.0/VirusScan 7.0 Presentation
Virex 7.x Installation Instructions
VirusScan FAQs
VirusScan Instructions
Additional Resources

Archives
List of Viruses

Virus Archives

Virus Warning - W32/Navidad@MM.worm Last Updated 12/01/00

This worm uses MAPI to spread itself. It will arrive as an attachment in a response to a letter sent to an infected user. The attachment is:
NAVIDAD.EXE.

When the worm is run it displays a window titled: "Error" which reads "UI". In the system tray in the lower right hand corner near the clock a blue eye icon appears. A copy of the trojan is saved to the file "winsvrc.vxd" in the WINDOWS SYSTEM directory.

The worm also creates the following registry key values:

  • HKEY_CURRENT_USER\SOFTWARE\Navidad
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
    Win32BaseServiceMOD=C:\WINDOWS\SYSTEM\winsvrc.exe
  • HKEY_CLASSES_ROOT\exefile\shell\open\command\(default)=C:\WINDOWS\SYSTEM\winsvrc.exe "%1" %*

For additional information see:

http://vil.nai.com/vil/content/v_98881.htm from NAI.

Do NOT execute email attachments!

This archive is not intended to be comprehensive. For a more complete virus library, please visit NAI's Virus Information Library at http://vil.nai.com.

Contact NIH Help Desk for assistance:
866-319-4357 (toll free), 301-496-4357 (6-HELP) (local), 301-496-8294 (TDD)
http://ithelpdesk.nih.gov/support
Register for iForgotMyPassWord

National Institutes of HealthCenter for Information Technology
National Institutes of Health
Bethesda, Maryland 20892

Questions or Comments | Disclaimers | Privacy Policy

 Department of Health and Human ServicesHealth and Human Services
Washington, D.C. 20201
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -