W32/Neshta-A

    Category: Viruses and SpywareProtection available since:02 Apr 2019 00:14:20 (GMT)
    Type: Win32 executable file virusLast Updated:02 Apr 2019 00:14:20 (GMT)
    Prevalence: Small Number of Reports

    Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

    W32/Neshta-A is an appending virus for the Windows platform.

    W32/Neshta-A will search for files to infect on logical drives including network shares.

    When W32/Neshta-A is installed the following files are created:

    \svchost.com

    The following registry entry is set or modified, so that svchost.com is run when files with extensions of EXE are opened/launched:

    HKCR\exefile\shell\open\command
    (default)
    \svchost.com "%1" %*

    Win32/Neshta.A creates the mutex fO- while searching for files to infect.

    The file directx.sys in the Windows folder is updated with the path of the last infected file to be run.

    Win/Netsha-A connects to remote serve in Russia and uses POST to upload information gathered from the infected system, such as currently installed applications, running programs, and SMTP email accounts.

    Download Sophos HomeDownload
    Sophos Home

    Free business-grade security for the home.

    Endpoint Protection