Contacts
the main

What kind of Win32 APANAS virus. Belarusian pest - something (Neshta). Neshta anti-virus databases are determined

Win32.neshta. - Belarusian virus of 2005. The name of the virus comes from the Belarusian word nestayMeaning something. The program is windows Application (exe file). Written on Delphi. The size of the original malware - 41 472 bytes. it file virus - The type of virus that is no longer popular in our time, where Troyans have long become the leaders ...

In bases antivirus software Neshta is determined like this:

  • Virus.win32.neshta - Kaspersky
  • Win32.hllp.neshta - Dr. Web.
  • Win32.neshta - Nod32.
  • Win32.neshuta - Symantec.

Symptoms VirusNeshta.: You are trying to run a program or game, but nothing happens. Some users are trying very quickly and very much with a left mouse button - but to no avail. Even the selection of a shortcut and pressing on the keyboard to the key to mogs. Any file with extension.exe has become more than 41472 bytes. Or your antivirus cooked, they say "Nesta" inside ... Then you got to the desired doctor ...

Infection with Neshta virus: in windows folderThe Neshta virus finds and deletes the svchost.com file, and creates a new file with the same name ... But this is a file with the body of our virus.

An entry is created in the registry:
@ \u003d "% Windir% \\ svchost.com \\"% 1 \\ "% *"

Thus, all EXE files in the system at startup will be called a newly svchost.com, which will run the virus. The virus itself will look for files with the exe extension, and infect them adding their own malicious code To them, thereby increasing the file size on the number of bytes already said above (41472 bytes).

Treatment of the virusNeshta.: antivirus tested by me, at the time of writing the article, did not want to treat the files infected with the virus, but only offered to remove them - which means losing important launched programs and games. I decided to send all infected files to quarantine and then reanimate them (restore) from there, when my antivirus learns to treat this disease. But still need surgical intervention. I explain:

Create a text document and make the following data in it:

Regedit4 @ \u003d "\\"% 1 \\ "% *" @ \u003d "\\"% 1 \\ "% *"

Note: An empty line after REGEDIT4 is required.

We save a document as: any file name.reg and launch it. The offer to add information to the registry is responsible - yes. After that, you can treat antivirus. I hope at the time of reading this article all antiviruses will learn to treat this virus, and not delete it together with the files you need. (I already created this file and attached to this article. You can download it by reference, which is located at the end of this article: neshta.reg)

Prevention of virusNeshta.: any antivirus SO fresh bases, and firewall (firewall) ... and of course hands growing from shoulders.

Hello,

Unfortunately this is the case. If possible, do not use the infected system until you detect the active infection (see below) to avoid its further distribution.

Because it is a file virus and it infects legitimate files by introducing their code in them. Even if you, with the help of Hitman Pro and Cureit, detect the original body of the virus itself, caused infection, then from infection so still fail to get rid of completely. Requires urgent treatment, and, not by some point manual attempts with an active infected OS, as you do, but directly with boot disk (LiveCD), producing actions on the system when it is not active.

What should be done:
- Download ISO-image of the boot disk from the company or
- Write down the loaded image on the USB flash drive or CD / DVD, which will be at hand (CD can be too small), if necessary, using special software (for example, free or)
- boot from the recorded image of the boot disk, guided by the instructions
- Working with a graphic shell LiveCD, on the desktop it is necessary to select the update components and get the most recent antivirus databases, after which you run the built-in utility for the full system check and all Disc
- all previously detected safe infected objects (for example, your programs) must be treatOtherwise, you will lose your software and even your own data if you select quarantine or delete from a disk as an action detected. Delete or send to quarantine can only be separate files viruses, including those who discovered svchost.com, the rest just treat!
- Reboot the system after the treatment process and make sure that there are no further signs of presence. active infection in system


For cooperation, please contact our or by correspondence. Free help In infection and technical problems it turns out on the forum, and it is necessary to create new topic In a suitable section.

Any point on the map may be the center of the world. It is not bad and not good. He is just there. There is no virtue and dishonor. There are only you alone with your conscience. And so until the race is completed until the end comes until we turn into the ghosts that they themselves seemed to themselves. (c) k / f "Legend"

From indecision we lose more than from the wrong decision. (c) Karmel soprano

Win32.neshta - Belarusian virus of 2005. The name of the virus comes from the Belarusian word Neba, meaning something. The program is a Windows application (EXE file). Written on Delphi. The size of the original malware - 41 472 bytes. This file virus is the type of virus that is no longer popular in our time, where the leaders have long become a trojan ...
The Neshta anti-virus databases are determined as follows:

  • Virus.win32.neshta - Kaspersky
  • Win32.hllp.neshta - Dr. Web.
  • Win32.neshta - nod32
  • Win32.neshuta - Symantec.
Neshta virus symptoms: You are trying to run a program or game, but nothing happens. Some users are trying very quickly and very much with a left mouse button - but to no avail. Even the selection of a shortcut and pressing on the keyboard to the key to mogs. Any file with extension.exe has become more than 41472 bytes. Or your antivirus cooked, they say "Nesta" inside ... then you got to the desired doctor ...
Infection by the Neshta virus: in the Windows folder, the Neshta virus finds and deletes the svchost.com file, and creates a new file with the same name ... But this is a file with the body of our virus.
An entry is created in the registry:
@ \u003d "% Windir% \\ svchost.com \\"% 1 \\ "% *"
Thus, all EXE files in the system at startup will be called a newly svchost.com, which will run the virus. The virus itself will look for files with the extellion exe, and infect them adding their malicious code to them, thereby increasing the size of the file on the number of bytes already said above (41472 bytes).

Treatment of the Neshta virus: Antiviruses tested by me, at the time of writing the article, did not want to treat the files infected with the virus, but only offered to remove them - which means losing important launched programs and games. I decided to send all infected files to quarantine and then reanimate them (restore) from there, when my antivirus learns to treat this disease. But still need surgical intervention. I explain:
Create a text document and make the following data in it:
Regedit4.


@="\"%1\" %*"
@="\"%1\" %*"
Note: An empty line after REGEDIT4 is required.
Save the document as: any file name.Reg and run it. The offer to add information to the registry is responsible - yes. After that, you can treat antivirus. I hope at the time of reading this article all antiviruses will learn to treat this virus, and not delete it together with the files you need. (I already created this file and attached to this article. You can download it by reference, which is located at the end of this article: neshta.reg)
Prevention of the Neshta virus: any antivirus with fresh bases, and firewall (firewall) ... Well, of course the hands growing out of the shoulders.

Here you have two files attending nonsense (someone lazy to create a file above the described instruction)



Did you like the article? Share it
Recommended articles on the topic
Cellular - what it is on the iPad and what's the differenceCellular - what it is on the iPad and what's the difference
Go to digital television: What to do and how to prepare?Go to digital television: What to do and how to prepare?
Social polls work on the InternetSocial polls work on the Internet
Visitors are now discussing
Savin recorded a video message to the TyumentsSavin recorded a video message to the Tyuments Tenda.
Menu of Soviet tables What was the name of Thursday in Soviet canteensMenu of Soviet tables What was the name of Thursday in Soviet canteens ASUS.
How to make B.How to make in the "Word" list alphabetically: useful tips Android
How to see classmates who retired from friends?How to see classmates who retired from friends? ASUS.