Jump to content

Hijack.exe/Neshta virus

Recommended Posts

Hi there, please help. I have a ransomware that malwarebytes identified as Neshta virus and/or Hijack.exe, maybe both? Any how, I found two txt files in my C:ProgramData folder that look like information for the keys . . . IDk.txt and pubk.txt which I am attaching picks of. .... the IDk.txt has the same number that is in the renamed file extension after an email address....all files now have    .[rebkeilo@gmail.com][K52QSAVLC86FO0Y].heirloom   following the regular names of the file.  The other items I believe are found in a temp folder under users>owner>appdata>local>temp>3582-490 which I have attached pics of this too. In addition there is a huge file in my recycle bin and even more files in a hidden recycle bin (attached pics also).  

I have MB Premium and this seemed to occur after doing an upate to use a new search bar protection feature - I have 2 computers infected, this is the most important one and I have declined to add the new feature on my other computers just to be safe.

Thanks in advance.20201207_194517.thumb.jpg.18abbf3169f2f64620aca3e2053f9d2f.jpg20201211_090524.thumb.jpg.c30eff4d522c3f3a9e6602b1fdf32de3.jpgFRST.txtAddition.txt20201213_160054.thumb.jpg.488cf36d00ae5b8ae31cb7a0d347561b.jpg20201213_160033.thumb.jpg.286d74087e454699becb364558060709.jpg20201211_090529.thumb.jpg.81b70ef39324f07a36bf4b22455022a6.jpg20201213_153947.thumb.jpg.53853cc94a6228ecb94f9fbce5e6b8e2.jpg20201213_150111.thumb.jpg.ca2ee1a2dc876c57e4bd169197e07841.jpg20201213_143528.thumb.jpg.b0660a4e57a76a4e178aa15b82c94a5f.jpg

Link to post
Share on other sites

  • Root Admin

Hello @Dcal2005

This virus infects files by prepending its virus code to executable files. Most AV can probably stop the spread of the virus but cannot undo the damage. 






My advice, back up your personal data documents, music, videos only, not the entire computer. Then format the drive and reinstall Windows otherwise you'll spend the next few years fighting the damage done.

If your personal data has been encrypted then see if there is any decryptor available. If not remove the drive and set it aside in the hopes that maybe in the future one will be availabe.

Please see the following topic for further assistance

Ransomware Help & Tech Support at Bleeping Computer



Link to post
Share on other sites

  • 3 weeks later...
  • 2 weeks later...

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.