Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus.Win32.Neshta.a mass exe file damage


  • Please log in to reply
3 replies to this topic

#1 maxxlst

maxxlst

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 06 May 2009 - 04:08 PM

Thanks for any helped or suggestions received.
I have a machine infected with the following
 Win32.Neshta.A [PCTools]
 W32.Neshuta [Symantec]
 Virus.Win32.Neshta.a [Kaspersky Lab]
 W32/HLLP.41472.e [McAfee]
 PE_NESHTA.A [Trend Micro]
 W32/Bloat-A [Sophos]
 Virus:Win32/Neshta.A [Microsoft]


Following the removal instructions is easy enough but the damage its caused is another story.
It seems most exe files have been infected with the neshta virus. So far, Ive yet to find a clean/cure for those exe files. I would prefer not to redo the machine if at all possible but at this point it seems to be the case. If anybody has some suggestion its much appreciated.

Avast, kaspersky, and microsoft failed to repair the exe files. I'm running XP pro srp 2 (needs to be patched). Avast is currently on the system and persistently pops up that an ".exe" file is infected when browsing through folders.

Thanks

BC AdBot (Login to Remove)

 


#2 maxxlst

maxxlst
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 06 May 2009 - 05:14 PM

Does anybody suggest using Dr web cureit? I have found reference that it fixed exe files damaged by neshta. I wasnt sure about the website and therefore hesitant to attempt using the product.

Thanks

#3 Bahaa Tawfik

Bahaa Tawfik

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 22 November 2010 - 03:08 AM

i have same problem with Win32.Neshta.a virus .. i did full scan with nod32 and kaspersky but still have same problem .. the .exe file infected ..
any idea how to remove that virus without format ??
thanks in advance


#4 boone7

boone7

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 10 October 2011 - 05:32 PM

I know this post is old but for anyone who has encountered this virus there is useful tool to fix your files. BEWARE! If you use a standard anti-virus program that simply removes your files (like AVG) it will eliminate all infected exe files which means you will basically prevent your computer from booting or running anything. Use Microsoft Safety Scanner (just google that and it will be the top result). Choose 32 or 64 bit version depending on what your system is running and run a full scan.

Microsoft Safety Scanner will clean all (or at least most) infected exe files in your system. In some cases it cannot clean all files (will say 'Partially removed'). You can see which files were not cleaned by going to your Windows directory (usually C:\Windows, although you can click Start > Run for Windows 2000/XP or just click Start in Windows 7/Vista and type in %WINDIR% and it will go to your windows folder). Then find a folder called Debug and within will be a file msert.log. Open this with Notepad and search for 'failed'. This will provide you with a list of files that did not clean properly.

In some cases if NTOSKRNL.exe or other important exe files are infected, your system will not boot properly. Run System File Checker in Windows and hopefully you have your Windows installation discs. If so, it can repair these files to their original state and save Windows from not being able to boot. Alternatively if you are already unable to boot with 'ntoskrnl.exe corrupted or missing' message, you will have to use Recovery Console from the Windows boot CD and use the 'explode' command to extract files from the Windows CD I386 folder to your windows directory.

As far as what the virus does on your system, it changes a registry setting to where anytime you run an application, it replaces that application with an infected copy. It also appears to spread by scanning your system for files to infect and possibly over the network as well.

More details here:
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FNeshta.A




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users