Jump to content

HerdProtect detected this as Win32/Neshta.A


Recommended Posts

Malwarebytes scans ran clean but after running HerdProtect it said an executable that was part of K-Lite Codec Pack was infected with Win32/Neshta.A.


Here are the analysis results:








MD5: 93d91df628a99c41583c9680137ac147

SHA1: 7aae1c966bce3b0a6e99fce07aac28ee2a8247dc

SHA256: 2787cab4879ecb30f9f6f01f7bd5c583c0515713c00ded3753757a335752c1e


It also came with a few other files in the same directory that I thought it might not run without.


I didn't post this in the "Newest Malware Threats" section because this could have been on my system for a while now so I wouldn't consider this as "new".


(And yes I removed it)


Link to post
Share on other sites

It doesn't matter.  You should NOT be posting suspect files in this sub-forum.  The sub-forum is for removal of malware on a system not for evaluating files for inclusion nor exclusion from MBAM.  If it was a true virus, you could get other people's systems infected.


The Win32/Neshta is a file infecting virus.  This is a "true virus" not something that everyone falsely calls a virus.


As a file infecting virus it is something that MBAM does not target.  If the system did have a Win32/Neshta infection, you would have numerous files being infected.


It is a False Positive detection on their part. 


This is shown by the fact you don't have more files on that system being detected as well as having the First submission date [ 2015-04-16 03:40:43 UTC ( 5 months, 1 week ago ) ] being ~5 months ago.  If it was a file infected by the pre-pending file infecting virus then there would be several anti virus vendors detecting this within this period.

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.