Just ran a free malwarebytes scan on my PC for the first time in a few months and it detected 'Neshta.Virus.FileInfector.DDS' in my downloads folder, in OP.GG+Setup+1.0.33.exe
I downloaded and installed OP.GG over a year ago and have not ran it in about a year.
I immediately quarantined the file after it was detected by malwarebytes.
I haven't downloaded any sketchy software so I don't know where this has come from and I haven't even used OP.GG in a long time. My PC runs fine, no signs of any malware and not slow at all.
Additionally, here is the hash provided in the scan report:
07FCFB98343F311E0944B59E8BBEF20E56BF00A3FA28368317B5580D8B79932D
Here is the virustotal entry for this hash: https://www.virustotal.com/gui/file/07fcfb98343f311e0944b59e8bbef20e56bf00a3fa28368317b5580d8b79932d
I have done some of my own research and looking at the 'symptoms' of Neshta (provided on the nordvpn and malwarebytes website), my PC does not have any of those.
- svchost.com is not present in Task Manager or C:\Windows\
- could not locate any files named directx.sys or tmp503.tmp on my system
- my PC seems to run fine, can access everything
- perhaps most importantly, I have checked the value of the registry key on my system for HKEY_CLASSES_ROOT exefile shell open command, and it has not been altered (malwarebytes says that Neshta will alter it to “%SystemRoot%svchost.com “%1″ %*”)
Malwarebytes now scans with 0 detections.
Am I safe? Or could this even be a false positive? If anyone needs more details in order to make a more accurate diagnostic, please let me know. Thanks for any replies!