Home / malware Virus:Win32/Neshta.C
First posted on 15 February 2019.
Source: MicrosoftAliases :
Virus:Win32/Neshta.C is also known as Win32/Neshta, W32/HLLP.41472, Worm.Generic.246589, Win32/Neshta.A, Win32.HLLP.Neshta, Win32/Neshta.A, Virus.Win32.Neshta.a, W32/HLLP.41472.e, W32/Neshta.A, W32/Neshta.A, W32.Neshuta, PE_NESHTA.A, Win32.Neshta.B.
Explanation :
Virus:Win32/Neshta.C is a prepending file virus that infects Windows executable files on all drives except A:, B: or CD-ROM drives. InstallationWhen this virus executes, it drops the following files: %SystemRoot%svchost.com - virus body %SystemRoot%directx.sys - contains the full path and file name of the first file The registry is modified to run the virus copy every time a file with extension ".EXE" is run. In subkey: HKCRexefileshellopencommand Sets value: "@"
From data: ""%1" %*" To data: "%windir%svchost.com "%1" %*" Spreads via... File infection Virus:Win32/Neshta.C infects files by prepending its virus code to Windows executable files. When an infected file runs, the virus code executes first. The virus drops the clean host file as the following and then executes the host: %TEMP%3582-490.exe Analysis by Shawn Wang Last update 15 February 2019
