Short bio

Virus.Neshta is Malwarebytes’ detection name for the Neshta family of viruses which has been around since at least 2010, targeting Windows systems.


To gain persistence, Virus.Neshta changes the default value for the registry key HKEY_CLASSES_ROOT\exefile\shell\open\command, to “%SystemRoot%\ “%1″ %*”.


After removal of the infected files the system may be missing vital files for programs to run. Depending on the duration of the infection and the removed files, the system may even be inoperable.

Type and source of infection

Virus.Neshta spreads by adding the virus code to other executable files.


Malwarebytes blocks Virus.Neshta by using real-time protection.

block Virus.Neshta

Malwarebytes blocks Virus.Neshta

Home remediation

Malwarebytes can detect and remove Virus.Neshta without further user interaction.

  1. Please download Malwarebytes to your desktop.
  2. Double-click MBSetup.exe and follow the prompts to install the program.
  3. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  4. Click on the Get started button.
  5. Click Scan to start a Threat Scan.
  6. Click Quarantine to remove the found threats.
  7. Reboot the system if prompted to complete the removal process.

Business remediation

How to remove Virus.Neshta with the Malwarebytes Nebula console

You can use the Malwarebytes Anti-Malware Nebula console to scan endpoints.

endpoint menu Nebula endpoint tasks menu

Choose the Scan + Quarantine option. Afterwards you can check the Detections page to see which threats were found.

Nebula detections

On the Quarantine page you can see which threats were quarantined and restore them if necessary.

Nebula Quarantaine

Select your language