W32/Neshta-A

Category: Viruses and SpywareProtection available since:02 Apr 2019 00:14:20 (GMT)
Type: Win32 executable file virusLast Updated:02 Apr 2019 00:14:20 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Neshta-A is an appending virus for the Windows platform.

W32/Neshta-A will search for files to infect on logical drives including network shares.

When W32/Neshta-A is installed the following files are created:

\svchost.com

The following registry entry is set or modified, so that svchost.com is run when files with extensions of EXE are opened/launched:

HKCR\exefile\shell\open\command
(default)
\svchost.com "%1" %*

Win32/Neshta.A creates the mutex fO- while searching for files to infect.

The file directx.sys in the Windows folder is updated with the path of the last infected file to be run.

Win/Netsha-A connects to remote serve in Russia and uses POST to upload information gathered from the infected system, such as currently installed applications, running programs, and SMTP email accounts.