Short bio

This is the detection for the Neshta family of viruses, targeting Windows systems which has been around since at least 2010.


To gain persistence, Virus.Neshta changes the default value for the registry key HKEY_CLASSES_ROOT\exefile\shell\open\command, to “%SystemRoot%\ “%1″ %*”.

Type and source of infection

Virus.Neshta spreads by adding the virus code to other executable files.


Malwarebytes blocks Virus.Neshta by using real-time protection.

block Virus.Neshta

Malwarebytes blocks Virus.Neshta


Malwarebytes can detect and remove Virus.Neshta without further user interaction.

  1. Please download Malwarebytes to your desktop.
  2. Double-click MBSetup.exe and follow the prompts to install the program.
  3. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  4. Click on the Get started button.
  5. Click Scan to start a Threat Scan.
  6. Click Quarantine to remove the found threats.
  7. Reboot the system if prompted to complete the removal process.

Select your language