Also known as W32.Watchit, this worm is more of an annoyance than an actual danger.

Christmas has come early in the world of Internet viruses. Navidad is a worm from South America that infects users of Microsoft Outlook. The attachment is an .exe file that installs an eyeball icon in the lower right hand corner of the Windows desktop. Navidad does not contain a dangerous payload, however it does make several changes to the Windows Registry file.

How It Works
Navidad is an e-mail worm that arrives in the Outlook Inbox as a reply to a message previously sent. The attached file is NAVIDAD.EXE, and clicking on this attachment will load the worm. While loading, an error dialog box will appear on the screen. Navidad contains a bug in its own programming, and when that part of the program loads, the letters "UI" display in a dialog box. To remove the dialog box, Windows users typically click "OK," however, in doing so, the Navidad worm continues to load.

Navidad reads all the e-mail addresses listed in Outlook as well as any MAPI clients installed, copying and sending itself out via e-mail as replies. Navidad also makes several changes to the Windows Registry, therefore, removing this worm should be done with great care. Please read the detailed removal instructions available from McAfee or Trend Micro.

Avoiding the Navidad Worm

Here are the basic steps to keep the Navidad worm from attacking your PC:

• Download Microsoft's Outlook Security Patch. If you haven't already installed it, download the Outlook 98 Security Patch or the Outlook 2000 Security Patch (which requires the Office 2000 Service Release 1a). Please note that this patch does not include Outlook Express.
• "Don't open attachments!" One of the best ways to prevent virus infections is not to open attachments, especially when viruses such as Navidad are being circulated. Even if the e-mail is from a known source, be careful. A few viruses take the mailing lists from an infected computer and send out new messages with its destructive payload attached. Always scan the attached files first for viruses. Unless it's a file or an image you are expecting, delete it.
• Stay informed. Did you know that there are virus and security alerts almost every day? Keep up-to-date on breaking viruses and solutions.
• Get protected. If you don't already have virus protection software on your machine, you should. If you're a home or individual user, it's as easy as downloading any of these five-star programs then following the installation instructions. If you're on a network, check with your network administrator first. If you're not sure if your existing anti-virus software is up-to-date, scan your system for free to find out.
• Scan your system regularly. If you're just loading anti-virus software for the first time, it's a good idea to let it scan your entire system. It's better to start with your PC clean and free of virus problems. Often the anti-virus program can be set to scan each time the computer is rebooted or on a periodic schedule. Some will scan in the background while you are connected to the Internet. Make it a regular habit to scan for viruses.
• Update your anti-virus software. Now that you have virus protection software installed, make sure it's up-to-date. Some anti-virus protection programs have a feature that will automatically link to the Internet and add new virus detection code whenever the software vendor discovers a new threat.