Jump to content

Win32 / Neshta


Recommended Posts

W32/Neshta is a true virus.  It is a file infecting virus.   Too many call anything and everything a virus when in fact, they are not viruses.


MBAM targets mainly non-viral malware.  The exception being a virus dropper ( a malware file that drops a virus and starts a virus infection but is not infected with the virus ) and worms ( such as Internet worms and AutoRun worms ).
 
MBAM is incapable of removing malicious code that has been prepended, appended or cavity injected into a legitimate file.  That means if a file infecting virus infects a legitimate file MBAM will be unable to remove the malicious code.  An anti virus application should be able to remove malicious code from an infected file and hopefully bring it back to its preinfected state.  Which may or may not return the file to its original, non infected, checksum value.
 
A file infecting virus will prepend, append or cavity inject malicious code into a legitimate file.  Once infected, that infected file can further the infection by infecting other legitimate files.
 
On the other hand there are trojans that will prepend, append or cavity inject malicious code into a legitimate file.   However that file can not infect other files.  The infection stops with that targeted file.  These files are either deemed to be "trojanized" or "patched".  Since MBAM can not remove the added malicious code, at best MBAM will try to replace the trojanized file with a legitimate, unaltered, file. 

HTH

 

Link to post
Share on other sites

4 hours ago, David H. Lipman said:

W32/Neshta is a true virus.  It is a file infecting virus.

....

MBAM is incapable of removing malicious code that has been prepended, appended or cavity injected into a legitimate file.  That means if a file infecting virus infects a legitimate file MBAM will be unable to remove the malicious code.  An anti virus application should be able to remove malicious code from an infected file and hopefully bring it back to its preinfected state.  Which may or may not return the file to its original, non infected, checksum value.

3

But this...

2017-10-19_22h50_19.thumb.png.ee1f57158fe236d8f4ee3921415a9807.png

Link to post
Share on other sites

On 10/27/2017 at 12:40 PM, Ole said:

hi, made a tutorial how to delete the Win32 Neshta virus here:
How to remove Win32 Neshta virus

Kaspersky Free has everything finished and repaired. Now it's okay, but Malwarebytes is no longer on my computer. No need to reinstall programs. Kaspersky all improved. Thanks

Edited by Qurajber
Link to post
Share on other sites

On 10/20/2017 at 1:46 PM, Qurajber said:

I believed that I was with Malwarebytes protected. I made a mistake. Kaspersky is my rescue. I'm sad about Malwarebytes

3 hours ago, Qurajber said:

Now it's okay, but Malwarebytes is no longer on my computer.

Most here use and suggest an AV with MB. I would keep both. Also, use better habits on the web.

Link to post
Share on other sites

  • Staff

From here: https://forums.malwarebytes.com/topic/191650-malwarebytes-3-frequently-asked-questions/#comment-1077438

Quote

 

What is an antivirus replacement, and how can Malwarebytes 3.0 replace my antivirus?
Antivirus replacements utilize signature-less and behavior-based detection technologies to catch the latest and most relevant threats, as opposed to anti-virus programs that rely on large databases of signatures that can quickly become outdated and are typically ineffective against many modern threats. In combination, all of our technologies can replace antivirus if a customer wishes to do so. Over 50% of our home user customers have already replaced their Symantec, McAfee, etc. with Malwarebytes Anti-Malware Premium. We believe in layered defense and built Malwarebytes 3.0 Premium to provide the right mix of proactive and signature-less technologies to combat modern threats and zero-day malware. The combination of our Anti-Malware, Anti-Exploit, Anti-Ransomware, Website Protection, and Remediation technologies provides better coverage against modern and zero-day threats than the traditional antivirus companies that charge more for less effective protection.

Traditional antivirus vendors have struggled to keep pace with rapidly-changing malware, especially ransomware and data breaches where 0-hour protection has become the only meaningfully-relevant protection. In today’s modern threat world, where professional malware writers make their living engineering new ways to bypass protection, it is more important than ever to utilize signature-less technology and layered security to provide the greatest possible chance of defense. It is just as important to provide comprehensive remediation capabilities to clean up active malware when all else fails.

Prior to Malwarebytes 3.0, our software was intended to be layered together with a traditional antivirus. Malwarebytes 1.x and 2.x contained only two primary layers of defense (Malware Protection and Website Protection) plus remediation, none of which is fully signature-less. But in Malwarebytes 3.0, with the addition of the three signature-less anti-exploit layers and the signature-less anti-ransomware layer, Malwarebytes defense against real-world threats has finally surpassed that of the traditional AVs.

We didn’t originally expect to draw this conclusion. But after we developed the anti-exploit, anti-ransomware, and other Application Behavioral Protection technology in Malwarebytes 3.0, our researchers tested our performance against the full landscape of real-world threats and found we offered our users more comprehensive protection at a better price with Malwarebytes 3.0 than by recommending you buy a separate traditional AV. So we did it.

For our users who do prefer to continue using a traditional antivirus alongside Malwarebytes, by all means please continue to do so. Malwarebytes will always maintain compatibility with all major security software on the market, both free and paid. In particular, Microsoft’s traditional antivirus Windows Defender is included by default and for free with Windows 8 and 10, and is a useful additional layer alongside Malwarebytes 3.0.

So in summary, our recommendations are:

  • If you would prefer to use only one security product, choose Malwarebytes 3.0 Premium. Based on our testing, Malwarebytes 3.0 alone provides excellent protection against today’s threat landscape.
  • If you would prefer to pay for only one security product, choose Malwarebytes 3.0 Premium and add a free traditional antivirus like Windows Defender (pre-installed for free in Windows 8 and 10). Malwarebytes installs alongside Windows Defender by default, so this is the default configuration in Windows 8 and 10.
  • If you would prefer to pay for two security products, by all means feel free to do so. Malwarebytes is compatible with all major security products on the market.
 


 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.