The Smiley Face virus is a worm infection called W32.Navidad.16896, or Navidad.E, as it is known by Symantec, a major security software program manufacturer. This particular worm infects computers by itself, meaning it copies itself from one computer to another through email attachments in the Microsoft Email program, Outlook 6. This is an old infection, it has been around since as early as November of 2000 and is one of the original email and spam infections. Removal is recommended, or it could cause serious damage to your computer.
The smiley Face worm adds a smiley face to dialogue boxes in which errors are displayed. It also adds a smiley face to the start up screen and the shut down screen, called in tech and texting terms, a "Winking smiley face emoticon. " An icon will show up in the tray of the taskbar that looks like a flower. It shows up when you try to click on an executable file (any program that has the extension ".exe" on the end) Upon mouse over of the icon, a yellow box displays the message "Come on lets party!!!" If you try to click the icon, a dialogue box states "Nuncar presionar esa buton" which means, "never press this button" in Spanish. If you do press the button, it displays another dialogue box with the title "Emanual…" and the text "Emmanuel-God is with us!May god bless u.And Ash, Lk and LJ!!!" If you attempt to close the box with the close button, instead of the "Close" button, a message appears stating "May GOd bless u;D" All these dialogues are in Spanish, and all typos are seen every time. Other symptoms include slow boot and shut down times, added registry keys and automatic email replies using Outlook to send attachments.
Before attempting the removal process, always consult an IT professional and back up your data. Disable System Restore so it can be cleaned with the rest of the PC. Disable Autorun so when you execute the antivirus program from the flash drive, it does not get infected. Once you have taken these steps, go to an uninfected computer and download the W32.Navidad Fix, a worm removal tool made to remove the Smiley face worm, from Symatec.com. This is in case the worm has affected the PC enough that you cannot access the Internet. Save the tool to the flash drive, making sure not to change the ".com' file extension. If it gets changed to ".exe," the virus will infect it immediately.
Go to the Symantec.com site and try to download the Fixnavid.com removal tool. Save it to the desktop, making sure not to change the file extension ".com" to anything else. When it finishes downloading, check its digital signature to be sure the tool is authentic by going to the site http://www.wmsoftware.com/free.htm. Then from the site, download chktrust.exe and save it in the same folder as Fixnavid.com. In the Windows 95, 95, 20000 and NT operating systems, Click "Start," then "Programs," then click "MS-DOS Prompt" and switch to the folder in which the two files are stored. In the prompt screen, type "chktrust -i fixnavid.com" exactly, without the quotes. If the download is really the removal tool, a dialogue box appears with the question ""Do you want to install and run "Fix Nav ID" signed on //_ 00:00 _M and distributed by Symantec Corporation." It should have the current date and time where the blanks are. If it does, then type "Yes" in the prompt and then press "Enter to run the tool. The tool will run automatically and when finished, a dialogue box appears with the results. Click "OK" to finish. In Windows XP, click "Start" then "Run" and in the box that opens, type "cmd" to open the command prompt which, in Windows XP, is the Command Line Prompt. Follow the instructions above until finished.