Technical Details

This Trojan has a malicious payload. It is a Windows PE EXE file. It is 13,824 bytes in size. It is packed using UPX. The unpacked file is approximately 32KB in size. It is written in C++.


The Trojan also copies its executable file to the Windows system directory under the following names:


In order to ensure that the Trojan is launched automatically when the system is rebooted, the Trojan registers its executable file in the system registry:

"(Default)" = "%System%\NavbwvLw32.Exe"


When launching, the Trojan scans the system for widnows with the following names and terminates them:

Norton AntiVirus
eSafe Desktop Watch
eTrust EZ AntiVirus
Panda AntiVirus Titanium
PC-Cillin 2002
PC-Cillin 2003
F-Secure Anti-Virus
Sophos AntiVirus
ZoneAlarm Pro
Tiny Personal Firewall
McAfee Firewall
Norton Personal FireWall

The Trojan then ceases running.

Removal Instructions

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

  1. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
  2. Delete the following system registry key: (see What is a system registry and how do I use it for details on how to edit the registry).
    "(Default)" = "%System%\NavbwvLw32.Exe"
  3. Delete the following files:
  4. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).