This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Indication of Infection
- Presence of the EYE icon in the lower right corner of your screen
- When the cursor is placed over the EYE icon, the text, "Lo estamos mirando..." is displayed. Translated this means, we are watching it.
- When the "eye" icon is clicked, a button appears reading, "Nunca presionar este boton". Translated this means, never press this button.
- When the button is pressed, a messages box is displayed entitled, "Feliz Navidad", which reads "Lamentablemente cayo en la tentacion y perdio su computadora". Translated this reads, Merry Christmas, Unfortunately you've given in to temptation and lose your computer.
Methods of Infection
W32/Navidad@M is spreading on its own despite a bug in the program. This worm will arrive as an email attachment with the name Navidad.exe. Running the attachment infects your machine.
This worm can be terminated on a system - when Navidad is running, click on the eye in the system tray. When the dialog box with the big button labeled don't press me (sic) appears, press the little close window button in the top right corner (marked X)
Another message box pops up , pressing OK on this message box makes the worm exit - the eye disappears and the program terminates.
TROJ_NAVIDAD.B, TROJ_NAVIDAD.C, TROJ_NAVIDAD.D, TROJ_NAVIDAD.E, Emanuel, Emmanuel, I-Worm.Navidad, Navidad, TROJ_EMMANUEL, TROJ_NAVIDAD.A, W32.Navidad, W32.Navidad.16896, W32/Navidad-B, W32/Navidad.e@M, W32/Navidad.f@M, W32/Navidad.gen@M, Win32/Navidad.Worm