Short Bio

This is the detection for the Neshta family of viruses, which has been around since at least 2010. To gain persistence, it changes the default value for the registry key, HKEY_CLASSES_ROOT\exefile\shell\open\command, to “%SystemRoot%\ “%1″ %*”.

It spreads by adding the virus code to other executable files.


Malwarebytes can remove the infection, but it can not repair infected files; therefore, depending on how long this virus has been running on the infected system, it may be beyond repair. It is sometimes advisable to back up the non-executable files and format the machine.

Cybersecurity info you can’t do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Select your language