beanbunny

Thank you for your response! How can you confirm and how did you conclude that it is a false positive? So that I can be certain that my PC is not compromised by the Neshta malware. Thanks :)

I am not sure if it is a false positive or not - it was flagged as malware and that is what I am assuming it to be (jumping to conclusions would be to say it is a false positive). One thing I am confused about is: If it is in fact malware, then it must have been infected by Neshta somehow - and if the OP.GG file itself is safe, then where did Neshta come from and how did it end up on my PC? I posted here so that users with expert knowledge could help me determine whether it really is malware and what I can do about it, potentially identifying the root cause. Thanks :)

Just ran a free malwarebytes scan on my PC for the first time in a few months and it detected 'Neshta.Virus.FileInfector.DDS' in my downloads folder, in OP.GG+Setup+1.0.33.exe I downloaded and installed OP.GG over a year ago and have not ran it in about a year. I immediately quarantined the file after it was detected by malwarebytes. I haven't downloaded any sketchy software so I don't know where this has come from and I haven't even used OP.GG in a long time. My PC runs fine, no signs of any malware and not slow at all. Additionally, here is the hash provided in the scan report: 07FCFB98343F311E0944B59E8BBEF20E56BF00A3FA28368317B5580D8B79932D Here is the virustotal entry for this hash: https://www.virustotal.com/gui/file/07fcfb98343f311e0944b59e8bbef20e56bf00a3fa28368317b5580d8b79932d I have done some of my own research and looking at the 'symptoms' of Neshta (provided on the nordvpn and malwarebytes website), my PC does not have any of those. - svchost.com is not present in Task Manager or C:\Windows\ - could not locate any files named directx.sys or tmp503.tmp on my system - my PC seems to run fine, can access everything - perhaps most importantly, I have checked the value of the registry key on my system for HKEY_CLASSES_ROOT exefile shell open command, and it has not been altered (malwarebytes says that Neshta will alter it to “%SystemRoot%svchost.com “%1″ %*”) Malwarebytes now scans with 0 detections. Am I safe? Or could this even be a false positive? If anyone needs more details in order to make a more accurate diagnostic, please let me know. Thanks for any replies!