How to get rid of the Navidad Virus?
(Cannot find WINSVRC.EXE)
How to get rid of the Navidad Virus?(Cannot find WINSVRC.EXE) |
|
Created: 9th March 2001
I have written this document to pass on knowledge that I gained trying to get rid of the Navidad virus. A client of mine was very badly infected with the Navidad virus, and it took me a while to figure out to how to run the anti-virus software (Norton) and then even after the virus was remove, I still could not run any programs on the computer.
At the time, I didn't find the information contained at McAfee or Norton to me very useful, so I wrote this document.
When the Navidad virus infects a computer, it modifies the system registry so that when you attempt to run an exectuable program you get a "Cannot Find WINSVRC.EXE" error message. This makes it very difficult to run the anti-virus program, as the exeutable program is an EXE.
If you are successful using this document or would like to make a comment or even ask a question, please drop me a line at Mark Letheren.
If you have the Navidad virus and you cannot run the anti-virus program like McAfee or Norton from Windows, you need to run the COMMAND.COM (it isn't an EXE) through Windows Explorer, so you are then in DOS. Once in DOS, you can run an executable as it goes through a different process which bypasses the traps laid out my the Navidad virus.
On Windows NT, I was unable to run the MS DOS prompt through the regular Start, Programs, Accessories, MS DOS because the "Cannot Find WINSVRC.EXE" message kept coming up. I was able to run it by Double Clicking "My Computer" from the Desktop and then selecting the directories Windows, System32 and then locating COMMAND.COM.
Once I was in DOS, I was able to run the anti-virus program by going to the CD drive, and locating the SETUP.EXE program to run the Anti-Virus program.
Even once the the Navidad virus had been removed and I had rebooted the workstation, I was still getting the "Cannot Find WINSVRC.EXE" error message. To finally get rid of this, I had to open the registry by again running the COMMAND.COM (see section above), and then from the WINNT directory, I ran REGEDIT.
In the Registry Edit program I then searched for any reference for the term WINSVRC and deleted that key.
Once I had done this, I rebooted the computer and everything was fine.