The Belarusian pest is something (neshta). The Belarusian pest is something (neshta) In the databases of anti-virus programs, Neshta is defined as follows
Programs 

The Belarusian pest is something (neshta). The Belarusian pest is something (neshta) In the databases of anti-virus programs, Neshta is defined as follows

Win32.Neshta- Belarusian virus of 2005. The name of the virus comes from the Belarusian word noshta, meaning something. The program is a Windows application (exe file). Written in Delphi. The size of the original malicious file is 41,472 bytes. This is a file virus - a type of virus that is no longer popular in our time, where Trojans have long become leaders...

In antivirus program databases, Neshta is defined as follows:

  • Virus.Win32.Neshta - Kaspersky
  • Win32.HLLP.Neshta - Dr. Web
  • Win32.Neshta - NOD32
  • Win32.Neshuta - Symantec

SymptomsvirusNeshta: You are trying to start a program or game, but nothing happens. Some users try to click the left mouse button very quickly and a lot - but to no avail. Even selecting a shortcut and pressing a key on the keyboard can't work. Any file with the .exe extension has become larger by 41472 bytes. Or your antivirus cursed, saying “Nesta” is inside... Then you have come to the right doctor...

Neshta virus infection: in the Windows folder, the Neshta virus finds and deletes the file svchost.com, and creates a new file with the same name... but this is already a file with the body of our virus.

An entry is created in the registry:
@=»%WINDIR%\svchost.com\»%1\» %*»

Thus, all exe files on the system, when launched, will call the newly-minted svchost.com, which will launch the virus. The virus itself will look for files with the exe extension and infect them by adding its malicious code to them, thereby increasing the file size by the number of bytes already mentioned above (41472 bytes).

Treatment of the virusNeshta: The antiviruses I tested, at the time of writing, did not want to treat virus-infected files, but only offered to delete them - which means losing important running programs and games. I decided to send all infected files to quarantine and then resuscitate (restore) them from there when my antivirus learns to treat this disease. But surgery is still needed. I explain:

Create a text document and enter the following data into it:

REGEDIT4 @="\"%1\" %*" @="\"%1\" %*"

Note: an empty line after REGEDIT4 is required.

Save the document as: any file name.reg and run it. To the proposal to add information to the registry, we answer - YES. After this, you can treat with an antivirus. I hope by the time you read this article, all antiviruses will learn to treat this virus, and not delete it along with the files we need. (I have already created this file and attached it to this article. You can download it from the link at the end of this article: neshta.reg)

Virus preventionNeshta: any antivirus with the latest databases, and a firewall (firewall) ... and of course hands growing from shoulders.

Win32.Neshta - Belarusian virus of 2005. The name of the virus comes from the Belarusian word neshta, meaning something. The program is a Windows application (exe file). Written in Delphi. The size of the original malicious file is 41,472 bytes. This is a file virus - a type of virus that is no longer popular in our time, where Trojans have long become leaders...
In antivirus program databases, Neshta is defined as follows:

  • Virus.Win32.Neshta - Kaspersky
  • Win32.HLLP.Neshta - Dr. Web
  • Win32.Neshta - NOD32
  • Win32.Neshuta - Symantec
Symptoms of the Neshta virus: you are trying to launch a program or game, but nothing happens. Some users try to click the left mouse button very quickly and a lot - but to no avail. Even selecting a shortcut and pressing a key on the keyboard can't work. Any file with the .exe extension has become larger by 41472 bytes. Or your antivirus cursed, saying “Nesta” is inside... Then you have come to the right doctor...
Infection with the Neshta virus: in the Windows folder, the Neshta virus finds and deletes the file svchost.com, and creates a new file with the same name... but this is already a file with the body of our virus.
An entry is created in the registry:
@="%WINDIR%\svchost.com \"%1\" %*"
Thus, all exe files on the system, when launched, will call the newly-minted svchost.com, which will launch the virus. The virus itself will look for files with the exe extension and infect them by adding its malicious code to them, thereby increasing the file size by the number of bytes already mentioned above (41472 bytes).

Treatment of the Neshta virus: the antiviruses I tested, at the time of writing, did not want to treat files infected with the virus, but only offered to delete them - which means losing important running programs and games. I decided to send all infected files to quarantine and then resuscitate (restore) them from there when my antivirus learns to treat this disease. But surgery is still needed. I explain:
Create a text document and enter the following data into it:
REGEDIT4


@="\"%1\" %*"
@="\"%1\" %*"
Note: an empty line after REGEDIT4 is required.
Save the document as: any file name.reg and run it. To the proposal to add information to the registry, we answer - YES. After this, you can treat with an antivirus. I hope by the time you read this article, all antiviruses will learn to treat this virus, and not delete it along with the files we need. (I have already created this file and attached it to this article. You can download it from the link at the end of this article: neshta.reg)
Prevention of the Neshta virus: any antivirus with fresh databases, and a firewall (firewall) ... and of course, hands growing from the shoulders.

Here are two files that treat Neshta (who is too lazy to create a file according to the instructions described above)

Hello,

Unfortunately it is so. If possible, do not use an infected system until you have neutralized the active infection (see below) to avoid its further spread.

Because it is a file virus and it infects legitimate files by injecting its code into them. Even if you use Hitman Pro and CureIT to neutralize the original body of the virus that caused the infection, you still won’t be able to get rid of the infection completely. Urgent treatment is required, and not with some targeted manual attempts with an active infected OS as you are doing, but directly using a boot disk (LiveCD), performing actions on the system when it is not active.

What should be done:
- Download an ISO image of a boot disk from the company or
- Write the downloaded image to a flash drive or CD/DVD, whatever is at hand (the CD may be too small), if necessary, using special software (for example, free or)
- Boot from the recorded boot disk image, following the instructions
- Working with the LiveCD graphical shell, on the desktop you need to select update components and get the latest anti-virus databases, then run the built-in utility to conduct a full system scan and everyone disks
- All previously detected safe infected objects (for example, your programs) must be treat, otherwise you will lose your software and even your own data if you choose quarantine or deletion from disk as the action taken on a detected object. You can only delete or quarantine individual virus files, including the one you discovered svchost.com, the rest just treat!
- Reboot the system after the treatment process and make sure there are no further signs of active infection in the system


For questions regarding cooperation, please contact us or via correspondence. Free help with infections and technical problems is provided on the forum; in this case, you need to create a new topic in the appropriate section.

Any point on the map can be the center of the world. He is neither bad nor good. He just is. There is no virtue or dishonor here. There is only you alone with your conscience. And so on until the race is over, until the end comes, until we turn into the ghosts we seemed to ourselves. (c) film "Legend"

You lose more from indecision than from a wrong decision. (c) Carmela Soprano

Well, here's your first piece of advice.

This virus is still found today, even though people have various anti-virus programs. This is what my husband wrote in his drafts...

Maybe someone will find this information useful. I was looking for a defragmenter on the Internet and... I found it with a crack :). My Comodo antivirus immediately screamed - the win32.neshta.a virus, but I did not take its arguments into account and allowed it to install.

Here's what is known about him: Neshta- malicious code (later a virus) appeared in Belarus at the end of 2005. The virus got its name possibly from the transliteration of the Belarusian word "neshta", meaning “something”, “something”, and possibly the name of the city. Neshta belongs to the category of file viruses - currently not very popular among virus programs.

In antivirus program databases Neshta is known as Virus.Win32.NeshtaWin32.HLLP.Neshta(Dr. Web) Win32.NeshtaWin32.Neshuta("Symantec Antivirus"), Win32:Trojan-gen(“avast!”).

(“Kaspersky Anti-Virus”), (NOD32),

When you run an infected program on a “clean” machine, the virus copies its body to a file svchost.com(size - 41,472 bytes) in the Windows directory. After this, registers this file in the system registry at , as a result of which the launch of any exe file on the infected machine will be preceded by the launch of the virus file. Then, the virus scans the available logical drives of the computer and infects exe files that meet certain criteria (usually the vast majority of exe files). After infection, the operation of the computer is not disrupted.

To restore your computer's functionality after uninstalling Neshta with an antivirus, you may need to change the value of the key in the registry at HKCR\exefile\shell\open\command With "%Windows%\svchost.com „%1" %*"""%1" %*"- NO mention of windows\svchost.com on

It has been discovered that if it is impossible to copy its body to the Windows folder, the virus tries to copy itself to the administrator account profile. And registers its launch in the registry from there.

I downloaded the utility from Kaspersky and ran it - it didn’t find the virus. I downloaded the utility from Doctor Web and ran it – it didn’t find the virus. A very unpleasant moment. I had to use my head).

Method of treating the win32.neshta.a virus:

First– reinstall the system completely, having previously removed it from DOS with an antivirus. In this case, you will lose all EXE files infected with NESHTA.
Second. Unfortunately, most antiviruses do not treat files infected with NESHTA, but simply delete them. But, y DRWEB There is a free utility called CUREIT. You can download it for free from the DRWEB website. You will also need a registry file, which you can make yourself as follows. Create a text document and enter the following data into it:


@="\"%1\" %*"
@="\"%1\" %*"

Note: An empty line after REGEDIT4 is required.


Save and close the text document. Then, change the document extension from TXT to REG. We run the resulting registry file and agree to adding data. Then we run the CUREIT utility and conduct a full system check. Surprisingly, the utility now sees the virus and treats it calmly. The utility from Kaspersky still does not detect the infection - which is unfortunate. Well, let's continue... To proposals like “treat” we agree “yes for everyone.”

Treatment of 120 gigs took 8.5 hours, treated 950 files with the exe extension.

views


You may also like

Chinese language on Skype Chinese language for advanced students

Chinese language on Skype Chinese language for advanced students

0
Setting up an ADSL modem How to connect an adsl modem to a laptop

Setting up an ADSL modem How to connect an adsl modem to a laptop

0
MTS Satellite TV: Basic package, tariffs, channels and equipment cost

MTS Satellite TV: Basic package, tariffs, channels and equipment cost

0