Jump to content

Recommended Posts

I think I may have a virus that's in my actual hardware possiblity my motherboard

 

so I have had this issue occur about 3-4 times and it's really strange. my windows defender starts giving everything a false positive as a neshta, even a malwarebytes scan detects everything as a neshta things like my video games & apps. also I can't open any programs as I get a windows error saying I need an app to open this executable. I can't open task bar things as it says the .lnk is not found and my startup apps don't seem to be running. I have factory reset my pc a few times before then after a month it happens again. please if anyone can help me I will be very grateful

Link to post
Share on other sites

  • Root Admin

Hello @itzzdripz

 

Please run the following steps and post back the logs as an attachment when ready.
Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
If you still have trouble downloading the software please click on Reveal Hidden Contents below for examples of how to allow the download.

 

Spoiler
 
 
 
 

 

Spoiler

 

When downloading with some browsers you may see a different style of screens that may block FRST from downloading. The program is safe and used hundreds of times a week by many users.

Example of Microsoft Edge blocking the download

image.png

image.png

image.png

 

 



STEP 01

  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Double-click to run the program
  • Accept the End User License Agreement.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, if items are found please click Quarantine.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here each time
  • Please attach the Additions.txt log to your reply as well.
  • On your next reply, you should be attaching frst.txt and additions.txt to your post, every time.

 

Thanks

  • Like 1
Link to post
Share on other sites

Anti rootkit results:

Spoiler

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.789.19041.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.904000 GHz
Memory total: 17093353472, free: 12339146752

Downloaded database version: v2021.05.23.04
Downloaded database version: v2021.05.23.04
Downloaded database version: v2018.01.20.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     05/23/2021 21:47:02
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\WppRecorder.sys
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\system32\drivers\mssecflt.sys
\SystemRoot\system32\drivers\SgrmAgent.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\tpm.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\IntelTA.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\sdbus.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\urscx01000.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorAC.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\urschipidea.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\uaspstor.sys
\SystemRoot\System32\drivers\sdstor.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\BasicDisplay.sys
\SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\CimFS.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afunix.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\gwdrv.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\System32\drivers\ndiscap.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\System32\drivers\Vid.sys
\SystemRoot\System32\drivers\winhvr.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\bam.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\tapsurfshark.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\DriverStore\FileRepository\umbus.inf_amd64_b78a9c5b6fd62c27\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\nvaei.inf_amd64_7c6a46822965d62a\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\RzDev_006e.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\Netwtw08.sys
\SystemRoot\system32\DRIVERS\wdiwifi.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\DriverStore\FileRepository\heci.inf_amd64_d03b0ac4e472b285\x64\TeeDriverW10x64.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\UEFI.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\System32\drivers\NvModuleTracker.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\THXVAD.sys
\SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_16a14542b63c02af\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\MTConfig.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\Drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\RzCommon.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\MBfilt64.sys
\SystemRoot\System32\drivers\GeneStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\drivers\dump_iaStorAC.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\cldflt.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\bindflt.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\msquic.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\drivers\rassstp.sys
\SystemRoot\System32\DRIVERS\NDProxy.sys
\SystemRoot\System32\drivers\AgileVpn.sys
\SystemRoot\System32\drivers\rasl2tp.sys
\SystemRoot\System32\drivers\raspptp.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\drivers\ndiswan.sys
\SystemRoot\system32\DRIVERS\wintunshark.sys
\SystemRoot\System32\Drivers\mbamswissarmy.sys
\SystemRoot\System32\Drivers\MbamChameleon.sys
\SystemRoot\system32\DRIVERS\mwac.sys
\??\C:\WINDOWS\system32\drivers\mbae64.sys
\??\C:\WINDOWS\system32\DRIVERS\mbam.sys
\SystemRoot\system32\DRIVERS\farflt.sys
\??\C:\WINDOWS\system32\drivers\7143278D.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2021.05.23.04
  rootkit: v2021.05.23.04

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffdb87cabe8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffdb87cabe9040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffdb87cabe8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffdb87ca90cc40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffdb87ca7dc050, DeviceName: \Device\0000003c\, DriverName: \Driver\iaStorAC\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2608920301
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid bd69560-4602-8248-b4b7-1242698397
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2608920301
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid bd69560-4602-8248-b4b7-1242698397
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128

    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 904592c4-55a0-4ea4-ba84-f52970d6eb1
    FirstLBA 2048  Last LBA 206847
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 0 is bootable
    Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID a0e23ad8-335a-4cc7-b6d3-d8a8233e1b47
    FirstLBA 206848  Last LBA 239615
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 462a5e1e-8f24-4e60-9c61-e3e3ecea793f
    FirstLBA 239616  Last LBA 1953523711
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffdb87cabea060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffdb87cabe96d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffdb87cabea060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffdb87cabe7060, DeviceName: \Device\00000042\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9857FE70

Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 8064  Numsec = 30269568
    Partition is not bootable
    Partition file system is FAT32

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 15502147584 bytes
Sector size: 512 bytes

Done!
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\41df2fcf9a9346b76951333f4dab4279\System.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\0d8221a8b90e41f3f67c7f896837f3ea\System.Drawing.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f008860128a592d0bc7f6d6e681ab75e\System.Windows.Forms.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime\e763e62bcdd01ce8e2b44ca99a933f35\System.Runtime.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\55aae4691cf88f4ff23b7d2d6ac81120\System.Core.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a93d5a4474f6e448f24c8dfc32d0ac4f\System.Configuration.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\6f2327b15393625267b20f0c05769e5d\System.Xml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\3f2cba81c354e4e1d7d23c95fc6ba9d0\System.ServiceProcess.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\d769debbeaa6144697fb6a913677bc8a\System.ServiceModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Linq\1cb5ce2ec40f8e97a9f811e9d5adb992\System.Linq.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Collections\3aec2ac2166546a60b9dfa6745e02b59\System.Collections.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt1e58aa76#\483d9143846bd7a1c5bd071603055ace\System.Runtime.Extensions.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Threading\b13b28b756ec15a329067a2f76ed873e\System.Threading.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Reflection\a3923e8920f2d18c852eb0715fbd5c1d\System.Reflection.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Globalization\9a0bbba8f2cde0faebb40dcb502fe481\System.Globalization.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Resoc6338000#\ed833df9b87b54a87d5aadc3d811a44d\System.Resources.ResourceManager.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Linqbd02a4fb#\ad036e412db5adcbcc648a580b19f92e\System.Linq.Expressions.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Refl9c203d4d#\254b89598f0e172e6657ffce5d1ddc82\System.Reflection.Extensions.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Diaga973505f#\ca96b8e9d2c2e1e06e418efb1fdf55ce\System.Diagnostics.Tools.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\0c14fbb7a824301f701d82e897dfe253\System.Runtime.Serialization.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\10bbfd6af5ed951f5e9512b55d59cf34\SMDiagnostics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\7dcf5fdefaa937f93faeaa362500d6ae\System.ServiceModel.Internals.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\d02200824ed2b87cdac0039ed53b7f64\System.IdentityModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\853455b204d439e7bd30fa1508e153ad\System.Xml.Linq.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\f5ae6038554f2039da1bc32a49da3030\System.Numerics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\47d570561322368a79532cd95f1cb1aa\System.Data.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\dac4ee22895f8d99c489a2194c65babd\System.Management.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\845ae9b467122c5b11b858687dd019d4\Microsoft.VisualBasic.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\51f72e22d9a7d6c17fdf59fba645001f\System.Deployment.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\45bd76353770714935afa9aed2dd44aa\System.Net.Http.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\c126f51227d33668d25914455ffcfdd1\WindowsBase.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\3782bffbc103ff5911e45a4d477d3b3a\System.Security.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\ed53dcf77bc4a61a138c3340ef88ed2e\Microsoft.CSharp.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\73cc8219586f01c6b4fe539775928147\System.Configuration.Install.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\4c0d1a1842b565cb2909eaeeab94e1e7\Accessibility.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\3a192f7319b3798c8442665824c07c33\System.Transactions.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\c2415371a3a86b0024f3c0da46f2203d\System.Xaml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\aa9c1b7d97605c62da47f787bf616815\PresentationCore.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\54aeaf6b2def839e952f6490456d8838\PresentationFramework.ni.dll" is sparse (flags = 32768)
File "C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe" is sparse (flags = 32768)
Infected: C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\elevation_service.exe --> [Virus.Neshta]
Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{C9C2B807-7731-4F34-81B7-44FF7779522B} --> [Virus.Neshta]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{C9C2B807-7731-4F34-81B7-44FF7779522B} --> [Virus.Neshta]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C9C2B807-7731-4F34-81B7-44FF7779522B} --> [Virus.Neshta]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{C9C2B807-7731-4F34-81B7-44FF7779522B} --> [Virus.Neshta]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MicrosoftEdgeElevationService --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Roaming\Spotify\SpotifyMigrator.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Roaming\Spotify\SpotifyStartupTask.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Roaming\Telegram Desktop\Updater.exe --> [Virus.Neshta]
Infected: C:\ProgramData\BadlionClient\jre1.8.0_202\bin\java.exe --> [Virus.Neshta]
Infected: C:\ProgramData\BadlionClient\jre1.8.0_202\bin\javacpl.exe --> [Virus.Neshta]
Infected: C:\ProgramData\BadlionClient\jre1.8.0_202\bin\javaw.exe --> [Virus.Neshta]
Infected: C:\ProgramData\BadlionClient\jre1.8.0_202\bin\javaws.exe --> [Virus.Neshta]
Infected: C:\ProgramData\BadlionClient\jre1.8.0_202\bin\jp2launcher.exe --> [Virus.Neshta]
Infected: C:\ProgramData\BadlionClient\jre1.8.0_202\bin\ssvagent.exe --> [Virus.Neshta]
Infected: C:\ProgramData\BadlionClient\jre1.8.0_202\bin\unpack200.exe --> [Virus.Neshta]
Infected: C:\ProgramData\BadlionClient\jre1.8.0_51\bin\java.exe --> [Virus.Neshta]
Infected: C:\ProgramData\BadlionClient\jre1.8.0_51\bin\javacpl.exe --> [Virus.Neshta]
Infected: C:\ProgramData\BadlionClient\jre1.8.0_51\bin\javaw.exe --> [Virus.Neshta]
Infected: C:\ProgramData\BadlionClient\jre1.8.0_51\bin\javaws.exe --> [Virus.Neshta]
Infected: C:\ProgramData\BadlionClient\jre1.8.0_51\bin\ssvagent.exe --> [Virus.Neshta]
Infected: C:\ProgramData\BadlionClient\jre1.8.0_51\bin\unpack200.exe --> [Virus.Neshta]
Infected: C:\ProgramData\BadlionClient\jre1.8.0_51\bin\jp2launcher.exe --> [Virus.Neshta]
Infected: C:\ProgramData\Battle.net\Agent\Agent.exe --> [Virus.Neshta]
Infected: C:\ProgramData\Battle.net\Agent\BlizzardError.exe --> [Virus.Neshta]
Infected: C:\ProgramData\Battle.net\Agent\Agent.7380\Agent.exe --> [Virus.Neshta]
Infected: C:\ProgramData\Microsoft\VisualStudio\Packages\Microsoft.VisualStudio.Debugger.JustInTime,version=16.2.28915.88\VsJustInTimeDebuggerRegistrationHelper.exe --> [Virus.Neshta]
Infected: C:\ProgramData\Microsoft\VisualStudio\Packages\Microsoft.VisualStudio.Initializer,version=16.4.29313.120\VSInitializer.exe --> [Virus.Neshta]
Infected: C:\ProgramData\Microsoft\VisualStudio\Packages\Win10SDK_10.0.19041,version=10.0.19041.1\winsdksetup.exe --> [Virus.Neshta]
Infected: C:\ProgramData\Razer\Synapse3\Service\Bin\RzLightingEngineHelper.exe --> [Virus.Neshta]
Infected: C:\ProgramData\Razer\Synapse3\Uninstall\APO0520Drv\APO0520DrvUninstaller.exe --> [Virus.Neshta]
Infected: C:\ProgramData\Razer\Synapse3\Uninstall\PID006eDrv\PID006eDrvUninstaller.exe --> [Virus.Neshta]
Infected: C:\ProgramData\Razer\Synapse3\Uninstall\PID0520Drv\PID0520DrvUninstaller.exe --> [Virus.Neshta]
Infected: C:\ProgramData\Razer\Synapse3\Uninstall\RazerGameProfile\RazerGameProfileUninstall.exe --> [Virus.Neshta]
Infected: C:\ProgramData\Razer\Synapse3\Uninstall\RazerStringTranslations\RazerStringTranslationsUninstall.exe --> [Virus.Neshta]
Infected: C:\ProgramData\Razer\Synapse3\Uninstall\RazerSynapse\RazerSynapseUninstall.exe --> [Virus.Neshta]
Infected: C:\ProgramData\Razer\Synapse3\Uninstall\RazerSynapseConfigurationData\RazerSynapseConfigurationDataUninstall.exe --> [Virus.Neshta]
Infected: C:\ProgramData\Razer\Synapse3\Uninstall\Razer_110_0\Razer_110_0Uninstall.exe --> [Virus.Neshta]
Infected: C:\ProgramData\Razer\Synapse3\Uninstall\Razer_1312_0\Razer_1312_0Uninstall.exe --> [Virus.Neshta]
Infected: C:\ProgramData\Razer\Synapse3\Uninstall\RzComDriver\RzComDriverUninstaller.exe --> [Virus.Neshta]
Infected: C:\ProgramData\Razer\Synapse3\Uninstall\THXService\THXServiceUninstaller.exe --> [Virus.Neshta]
Infected: C:\ProgramData\Razer\Synapse3\Uninstall\THXVAD\THXVADUninstaller.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\lunarclient-updater\pending\Lunar Client v2.7.1.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\CitizenFX_uninstall_1620601178.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\9BDAD914-BFD1-460A-9555-8D4F4B3DDDAE\DismHost.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\owippjqh.hiw\feedback.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\owippjqh.hiw\setup.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\owippjqh.hiw\vswhere.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\owippjqh.hiw\vs_installer.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\owippjqh.hiw\vs_installershell.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\fjsc3pqw.3qv\feedback.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\fjsc3pqw.3qv\setup.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\fjsc3pqw.3qv\vswhere.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\fjsc3pqw.3qv\vs_installer.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\fjsc3pqw.3qv\vs_installershell.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\xmly5ms1.srh\feedback.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\xmly5ms1.srh\setup.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\xmly5ms1.srh\vswhere.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\xmly5ms1.srh\vs_installer.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\xmly5ms1.srh\vs_installershell.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\l3coyry0.e4k\feedback.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\l3coyry0.e4k\setup.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\l3coyry0.e4k\vswhere.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\l3coyry0.e4k\vs_installer.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\l3coyry0.e4k\vs_installershell.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\~nsu.tmp\Un_A.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\pojvljwu.msi\vs_installer.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\pojvljwu.msi\feedback.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\pojvljwu.msi\setup.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\pojvljwu.msi\vswhere.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\pojvljwu.msi\vs_installershell.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\2rbn45dd.t3g\vs_installer.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\2rbn45dd.t3g\feedback.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\2rbn45dd.t3g\setup.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\2rbn45dd.t3g\vswhere.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\2rbn45dd.t3g\vs_installershell.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\342lzuzc.vgq\feedback.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\342lzuzc.vgq\setup.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\342lzuzc.vgq\vswhere.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\342lzuzc.vgq\vs_installer.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\342lzuzc.vgq\vs_installershell.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\3fbni1kt.kx3\feedback.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\3fbni1kt.kx3\setup.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\3fbni1kt.kx3\vswhere.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\3fbni1kt.kx3\vs_installer.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\3fbni1kt.kx3\vs_installershell.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\FiveM\FiveM.app\FiveM_Diag.exe --> [Virus.Neshta]
Infected: C:\Program Files (x86)\Surfshark\SurfsharkDiagnostics.exe --> [Virus.Neshta]
Infected: C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe --> [Virus.Neshta]
Infected: C:\Program Files (x86)\ClownfishVoiceChanger\APOConfig.exe --> [Virus.Neshta]
Infected: C:\Program Files (x86)\GlassWire\GWUnlock.exe --> [Virus.Neshta]
Infected: C:\Program Files (x86)\Steam\GameOverlayUI.exe --> [Virus.Neshta]
Infected: C:\Program Files (x86)\Steam\steamerrorreporter.exe --> [Virus.Neshta]
Infected: C:\Program Files (x86)\Steam\steamerrorreporter64.exe --> [Virus.Neshta]
Infected: C:\Program Files (x86)\Steam\streaming_client.exe --> [Virus.Neshta]
Infected: C:\Program Files (x86)\Steam\WriteMiniDump.exe --> [Virus.Neshta]
Infected: C:\Program Files\Cheat Engine 7.2\standalonephase1.dat --> [RiskWare.HackTool]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$R08ICJ5.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$R0CUD3W.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$RF01RU5.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$RFJTBNR.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$RAAUW0V.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$RC3B80M.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$RCTHJHN.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$RD36L9N.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$REA5109.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$RRT9Q4P.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$RSGOYJ5.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$RSS11MH.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$RU26Z2D.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$RWF0OZ7.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$RWFHZSZ.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$RWNR8GJ.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$RZ5NGM4.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$R5UKAIB.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$ROQPV0K.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$RPQ505N.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$RPQYIKG.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$RQ4N8YS.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$RGPNQK6\crackme.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$RVOLU7X\crackme.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$RWYVKFY\zoony.exe --> [Virus.Neshta]
Infected: C:\$Recycle.Bin\S-1-5-21-2482991623-1771563531-3408294001-1001\$R5H8CGI.289x64\Set-up.exe --> [Virus.Neshta]
Infected: C:\Users\admin\AppData\Local\Temp\VS\Setup\3b65be0a-98e9-4c4d-82b0-4d609c7ec059\vs_setup_bootstrapper.exe --> [Virus.Neshta]
Infected: HKLM\SOFTWARE\CLASSES\EXEFILE\SHELL\OPEN\COMMAND| --> [Hijack.ExeFile]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\EXEFILE\SHELL\OPEN\COMMAND| --> [Hijack.ExeFile]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\EXEFILE\SHELL\OPEN\COMMAND| --> [Hijack.ExeFile]
Infected: HKCR\exefile\shell\open\command| --> [Broken.OpenCommand]
Scan finished
 

 

Step 1 results:

Spoiler

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/23/21
Scan Time: 9:44 PM
Log File: 9650b27c-bc31-11eb-b052-1c697a3cfe86.json

-Software Information-
Version: 4.3.3.116
Components Version: 1.0.1292
Update Package Version: 1.0.40842
License: Trial

-System Information-
OS: Windows 10 (Build 19042.985)
CPU: x64
File System: NTFS
User: DESKTOP-KPOJ3QQ\admin

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 391499
Threats Detected: 134
Threats Quarantined: 0
Time Elapsed: 14 min, 0 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 5
Virus.Neshta, HKLM\SOFTWARE\CLASSES\TYPELIB\{C9C2B807-7731-4F34-81B7-44FF7779522B}, No Action By User, 7558, 645219, , , , , , 
Virus.Neshta, HKLM\SOFTWARE\CLASSES\INTERFACE\{C9C2B807-7731-4F34-81B7-44FF7779522B}, No Action By User, 7558, 645219, , , , , , 
Virus.Neshta, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C9C2B807-7731-4F34-81B7-44FF7779522B}, No Action By User, 7558, 645219, , , , , , 
Virus.Neshta, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{C9C2B807-7731-4F34-81B7-44FF7779522B}, No Action By User, 7558, 645219, , , , , , 
Virus.Neshta, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MicrosoftEdgeElevationService, No Action By User, 7558, 645219, , , , , , 

Registry Value: 0
(No malicious items detected)

Registry Data: 1
Hijack.ExeFile, HKLM\SOFTWARE\CLASSES\EXEFILE\SHELL\OPEN\COMMAND|, No Action By User, 6236, 293008, 1.0.40842, , ame, , , 

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 128
Virus.Neshta, C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\90.0.818.66\ELEVATION_SERVICE.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 7E37D766247059F57B1749CC981DAE75, 4B681840018519BD755191705A1E0330557A33943F165F80A01FDA3641DB4CD3
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\BADLIONCLIENT\JRE1.8.0_202\BIN\JAVACPL.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, C016F429428E81B9DAA65B7D7082CC34, 5A828B8949AE26128840CBC9F7FE5D370F5597DF9B28438E81C60BEC6CDC813F
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\BADLIONCLIENT\JRE1.8.0_202\BIN\JAVA.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 51D2A32C3F3B5389ABC3821CC48E6DAA, 3A9DABF18E88035B9033B4A11FF67086494447AEBEFA3614DAF2C0B8A071C26C
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\BADLIONCLIENT\JRE1.8.0_202\BIN\JAVAW.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, F76C983E597987A1128F2702FA7BCE77, 964160945361B9118AF4C7686EF595E50E1CBA336B5D481B92B26810CCA69047
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\BADLIONCLIENT\JRE1.8.0_202\BIN\JAVAWS.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 805E8ABE36C708DBCC349552D2337DE1, 1A4BEECA183A0CBCE641F35236A813FDB44EA6FBD379D9E791D1CB6D56E3F55F
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\BADLIONCLIENT\JRE1.8.0_51\BIN\JAVA.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, B9EF20463B1B0C2D358BA89A1723EA0A, D9AC3650F919115543081C86F9C8E59757D69B16BA5F9A2B7563924D8906B5C1
Virus.Neshta, C:\PROGRAMDATA\BADLIONCLIENT\JRE1.8.0_202\BIN\UNPACK200.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 9FE4E4DAC0B968C505FC4B5E8E39A199, 918212BD18E60019A7172EED6D789E04A2B544B7BD6DF7621DB59E62293E45E2
Virus.Neshta, C:\PROGRAMDATA\BADLIONCLIENT\JRE1.8.0_202\BIN\JP2LAUNCHER.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , EB05E51B298E26F291F9E0B187DEAA3C, 0731FE0297C6C083DC4AEEA26AC2B937833B2486A568C9A0F3CF4EE18D579EC7
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\BADLIONCLIENT\JRE1.8.0_51\BIN\JAVAW.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 70AE6CC4DAE9EF27E27B7992510F49AD, B821E9E87FDBA4AF4686F50819A95503852803E415DA752C542E9F2BAB6800CC
Virus.Neshta, C:\PROGRAMDATA\BADLIONCLIENT\JRE1.8.0_202\BIN\SSVAGENT.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , A39449ED4B6920DAE9FD93B03F6707D5, 89A8E26648C70086AF66EE0EAB60CC44EF8CEED39BB9DABBB423124BD910AB07
Virus.Neshta, C:\PROGRAMDATA\BADLIONCLIENT\JRE1.8.0_51\BIN\JP2LAUNCHER.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 7DCF40870ABD5B15E52C6C9A98CD7C58, 12DDC98DF6D669059FDD9D150C157153EFC7A0BEFF096AFC61642D498E4C9F77
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\BADLIONCLIENT\JRE1.8.0_51\BIN\JAVAWS.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 486DFE4AE7B268E915965D57F89B3192, E55A26110AF56CB269B4A5AA4E70F201586E27331E4BCADF48D2F284056A68D6
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\BADLIONCLIENT\JRE1.8.0_51\BIN\JAVACPL.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, CC434D2686BFF261BBC7F3A147B486A4, DBAA9AAACAC27747D274CFE02EF1F9C20C3534842C2FB2B07A6807688DB1D38F
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\BATTLE.NET\AGENT\AGENT.7380\AGENT.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 1D7159DC8DF5ED37353B9F24CAC1274E, 9383FEEFA469120E1C4C60CFDB6B85BF37466C81B535AB4E4AFBF762B04DABC8
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\BATTLE.NET\AGENT\AGENT.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, C874D33783664DB060D7B359ACC7510B, 82403C5B1DCD4596DD771D7D80D864E495951E4596DD68606148381AD934C474
Virus.Neshta, C:\PROGRAMDATA\BADLIONCLIENT\JRE1.8.0_51\BIN\SSVAGENT.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 25E2F0674BC6FF2B55FCE2732D62CDAE, 00FE78BE00BB75BC1A179B96CC0C6292DD9E41F2A662399E4A89E19F14D4357A
Virus.Neshta, C:\PROGRAMDATA\BADLIONCLIENT\JRE1.8.0_51\BIN\UNPACK200.EXE, No Action By User, 7558, 645219, 1.0.40842, 59A126313EAB2D53C228BB38, dds, 01258521, 21868A81F6E6534656F38E024F55C970, 4FCEF4E9E89B133F53ABFE8EE71AC4EA3F22FDACE3CC50EC854D454538609B6F
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\BATTLE.NET\AGENT\BLIZZARDERROR.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, C8D2976F36DABFDAE905B27A6168B20E, CC318A3C5B80407EC192A2FB738F9347FD95753C5DE0446386FDD1D8567CF344
Virus.Neshta, C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\MICROSOFT.VISUALSTUDIO.DEBUGGER.JUSTINTIME,VERSION=16.2.28915.88\VSJUSTINTIMEDEBUGGERREGISTRATIONHELPER.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 750FB1D881CFCE464C7DA67B22D6D673, 56A83935EE36FC2293D1A34BEBEA1C9BAA3B06D8D2AEDC7AD16B3CC0D364B46B
Virus.Neshta, C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\MICROSOFT.VISUALSTUDIO.INITIALIZER,VERSION=16.4.29313.120\VSINITIALIZER.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , CE25BF222D9BF2BDF30DEA5ED1715363, A847684866F2CE43756F86F8650F17FC2C3F78C1559FF2263BD6926DBF6EDAF8
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\WIN10SDK_10.0.19041,VERSION=10.0.19041.1\WINSDKSETUP.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 0695A4B16517404FB7323644E7168E5E, 59C44217A9C3C08BF6645AD5AF63F47EE02D2B8AB8D745138381D3480AECB68F
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\RAZER\SYNAPSE3\UNINSTALL\APO0520DRV\APO0520DRVUNINSTALLER.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, ABE8D574CC5D54A7129857F9EFFEA945, 9DEBD7378FE467BFDBFB8B3E777AE60FBB87CEC0C281D1A69CFE0FFC008ADBF2
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\RAZER\SYNAPSE3\UNINSTALL\RAZERGAMEPROFILE\RAZERGAMEPROFILEUNINSTALL.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 104A5A7F65DCA7AC2F5B78C2940586C0, 2EACC0D999A97A23511B0BF99564C507A6A7EB8D10166AFE4486A99AAAE269D8
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\RAZER\SYNAPSE3\UNINSTALL\RZCOMDRIVER\RZCOMDRIVERUNINSTALLER.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, BE39FF841E548F4C86B870728B5FB26F, 60E02A9D8EC4082DCF6265CE99B60473EAA0A2A71EE55820C46495215D26819C
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\RAZER\SYNAPSE3\UNINSTALL\PID006EDRV\PID006EDRVUNINSTALLER.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 3D1B93CD32A609EFA6C9EC5C242906AC, EA4C69E605D2219233824B345E26F95E4B1A09BDF853687B50CF7B896B3C4276
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\RAZER\SYNAPSE3\UNINSTALL\RAZERSYNAPSE\RAZERSYNAPSEUNINSTALL.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 75512F86BABB2528E6F551766BB81B76, 41F7EA6839711DA99299C268D06C28BE868571B48B8DFC6A1591A62A6CE29172
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\RAZER\SYNAPSE3\UNINSTALL\THXSERVICE\THXSERVICEUNINSTALLER.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 1E52CD738C2518D7236EED5DC5097ADA, 5A1BD44ABDA110CEE00F885F94072F483FDF29C5AEDA02EB687F06DD37E746FC
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\RAZER\SYNAPSE3\UNINSTALL\PID0520DRV\PID0520DRVUNINSTALLER.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 9A0126858E44E474DE93D41EA6FCD156, 39D9EFBE7FB5568809868A672AB933BD2EDC43FB47FA3E712E8C1C10E74BBFBD
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\RAZER\SYNAPSE3\UNINSTALL\RAZER_110_0\RAZER_110_0UNINSTALL.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 3AC66CDF8CD22BD75A5BBE58B1799D67, 4EBDE7F118C192A3ABB39153CA648F34F5A810160E6E98226D43BC0F21FCD2B1
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\RAZER\SYNAPSE3\SERVICE\BIN\RZLIGHTINGENGINEHELPER.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 61465DF8C55E34DB184B24B9EB4CC23C, E0F40A50D48FC86575A8980366CC4E8CF634708FB4A818F6119709AE6C0D1122
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\RAZER\SYNAPSE3\UNINSTALL\RAZER_1312_0\RAZER_1312_0UNINSTALL.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, B719F554A768CA77A56F435FD902833B, D0EA60D40D8FE42CB747A853839B5281562F651EA2484FCCE5BDCBD327AF9BF4
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\RAZER\SYNAPSE3\UNINSTALL\RAZERSYNAPSECONFIGURATIONDATA\RAZERSYNAPSECONFIGURATIONDATAUNINSTALL.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 3E2865A70AAAD8A5D769E88017A34AD5, 0739A5B397E58E685A424BEE2C0B19579DA44C42E8CDD825B741D3D202F4622E
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\RAZER\SYNAPSE3\UNINSTALL\THXVAD\THXVADUNINSTALLER.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, E56260B83D84C446289A0A1CF14C750A, 24814BC85098D6B9984AB2D6E8CB7E70502260C8A2915ACBFB5B6D2FBD5CF6B7
Neshta.Virus.FileInfector.DDS, C:\PROGRAMDATA\RAZER\SYNAPSE3\UNINSTALL\RAZERSTRINGTRANSLATIONS\RAZERSTRINGTRANSLATIONSUNINSTALL.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 452D7B8AED515058B38E84A0FF13F4E4, 1303D70DEBB8D02A3D7403382697580297D33029F722F032B56DD3EF295A4314
Virus.Neshta, C:\USERS\ADMIN\APPDATA\ROAMING\SPOTIFY\SPOTIFYMIGRATOR.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 45E130C54F53B2DC6A2E562AF801E5BC, 431AF944545402982B74D9061D4F6A443F857249327E34679D83E5C9BA30384B
Virus.Neshta, C:\PROGRAM FILES (X86)\CLOWNFISHVOICECHANGER\APOCONFIG.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 69DB8603BF68D1A85C794B236C130099, A3693435F5B7A54B9FC7B1B30B344BC1AEE590EA21E89E4A342D5D77FFAD5B83
Virus.Neshta, C:\USERS\ADMIN\APPDATA\ROAMING\TELEGRAM DESKTOP\UPDATER.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , C4D0DF25739AE7BEDAE8F0224F503697, DBC850D391335927FA4E01CA925C21D2E08A3F20E4DC8A0C68E09FC9E4E024A8
Neshta.Virus.FileInfector.DDS, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RPQYIKG.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, DA5A2585B67B21DFA14934DB2F981D4A, 1920EDDBD9A9FC92E021905901CF091DB90D0BA8ACF13ACF8E6923DE17494889
Neshta.Virus.FileInfector.DDS, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RRT9Q4P.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 6A1B872396740C187E7F8B7575F4D448, 1D721FFFADECB5DF9C2563ADE4092A33455E12F9D7A981102D76AC63A3443331
Virus.Neshta, C:\PROGRAM FILES (X86)\STEAM\GAMEOVERLAYUI.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , E60E8C50032D85AFF98C2F53C1AD017C, AA2A23DE86538ED6918CE4DADBB076A67EEF18C1F31F092261A3C9770939957C
Virus.Neshta, C:\USERS\ADMIN\APPDATA\ROAMING\SPOTIFY\SPOTIFYSTARTUPTASK.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 337059ABB7DC765D5A7E6904518B55A3, 46F72D42606B0EA6061DD550A1B4D8D26B375D396CD34A4F88F1E05C4A558354
Virus.Neshta, C:\PROGRAM FILES (X86)\SURFSHARK\SURFSHARKDIAGNOSTICS.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 793BAB6D6A989468962FFC677306AA54, 47A8C523480CA84431DAE47C1B4F5031FA34CAF7FB7663D6A11A1544DA2C4C87
PUP.Optional.GameHack, C:\PROGRAM FILES\CHEAT ENGINE 7.2\STANDALONEPHASE1.DAT, No Action By User, 8166, 393793, 1.0.40842, , ame, , EB339EECEC8AA8C0FD3B08D39799D4D8, 88BB94C3CE727DB13B77ABDBDB75A4C878E91D651692F3618178DEC5BBB7080C
Virus.Neshta, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RGPNQK6\CRACKME.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 889E864A35EBEF4E77301FA08D551FD3, A826830FBC4CB1CE34B30F3AAD40263DA3071AE455B44E2CFEAA8D5812F0E158
Neshta.Virus.FileInfector.DDS, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RC3B80M.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 605B579F2FF4FA28D6760A36DE3251AA, 43BF7268482A32B8AFDBC7EC2B695ACADF103ED2FAD0471D86DFA75E7BE2175F
Neshta.Virus.FileInfector.DDS, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$REA5109.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 9E64734CEADBE8C637E15B5F83076FB2, 75AD46B3D2AC670A5DE4B73B09585FC13DC0DC1666E5589445B1804D9E911C6C
Virus.Neshta, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\2RBN45DD.T3G\VSWHERE.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 2868278BF33B8FE4A25C23014B3576C3, 08EE7079348E95B2A5157275CF5215136753B1C09DD9E660F4828F2035C5D55A
Virus.Neshta, C:\PROGRAM FILES (X86)\GLASSWIRE\GWUNLOCK.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 327F29B0EC59ECDD5AF7DAAD810295DA, 7D075D74D737933708FBC34987368B4E7D5CF5E9D5A64D80E07C59D543FE821B
Virus.Neshta, C:\PROGRAM FILES (X86)\STEAM\STEAMERRORREPORTER.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 8CDE56E96E7502CCD5B2929179FEFC63, 985A72606C1B852492A543C209E5582553B924301464DA04A57CC6479517D602
Virus.Neshta, C:\PROGRAM FILES (X86)\STEAM\STEAMERRORREPORTER64.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 335E2FF72C7159EB65F56E39D821E302, 7049D528337B318AC3A859665E39D8B25730C802DBE65B4446D93B3F1F6C1D30
Neshta.Virus.FileInfector.DDS, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$R5H8CGI.289X64\SET-UP.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 8061C9578F6518ED01753482B09C7227, 25ED81643803A8088CD8D3603DCF22527961C8F83ACA93B6D960F5377997BEA9
Virus.Neshta, C:\PROGRAM FILES (X86)\STEAM\WRITEMINIDUMP.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 61A7BCC0A8F299DB748DAEF516C297F2, B254E743C22C7DA3EC21475314FF017C5058E60A72F328B71C388B449CD94BB4
Neshta.Virus.FileInfector.DDS, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RRX2LIB.lnk, No Action By User, 1000002, 0, , , , , 029A44FD96D906A23E1CAD5454CEDDB2, B389580AF4A49652650C3CF6757CC072062EFCA923C5FC3D884039EC1D2B2205
Neshta.Virus.FileInfector.DDS, C:\PROGRAM FILES (X86)\BATTLE.NET\BATTLE.NET LAUNCHER.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 7A57889225B268F4C3AB263AD9BEACA3, 85242071A7CD52442E2BF1AF45461726A9DA9DC1CA8EDF402310B725A59D9A06
Neshta.Virus.FileInfector.DDS, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RWYVKFY\ZOONY.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 5E2C1F817D2FD69BF649078D5192659C, 004354479155E71FE1EFF1472AE61FA04B11898B5B5EDCAAA8E2369DFBCFDF1B
Virus.Neshta, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$R08ICJ5.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , BB0AD0692F4B4A1DF75705AF9506E8B0, 762F6CE73DC6AF2B20EC7E2C3D430A217774B715F01279746A48C15F5D898E25
Virus.Neshta, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RAAUW0V.EXE, No Action By User, 7558, 645219, 1.0.40842, FF46FB586B7D854EFD005754, dds, 01258521, 7981AA76EB437F5D766478EECABB1174, B7E832E33C448A381926D9A3BDC8DDBC399A3BCA18A0F199ABD509E54BE8AE26
Virus.Neshta, C:\PROGRAM FILES (X86)\STEAM\STREAMING_CLIENT.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 03C81738186FE6D45F64DA0E5D173E01, C499C9E8306D26ECDA5E647BEDDB4FE52DABC88BCC31E611C9FE0DFDCA3C68DA
Neshta.Virus.FileInfector.DDS, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RCTHJHN.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 137FB10EE6E175123DCBDAC373412899, F3FCB9710A2682C60428351802650AFE000402441C4916C706A8D767B888FEF3
Virus.Neshta, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RWFHZSZ.EXE, No Action By User, 7558, 645219, 1.0.40842, FF46FB586B7D854EFD005754, dds, 01258521, D0A40373824B66B516C3A18A8B27C7B9, E90B49CC6358E9B514F3A62808860897E64C8759C336F18E14FAD7FB981C9665
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\2RBN45DD.T3G\VS_INSTALLERSHELL.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 6520C994B596357C99CB8F27F0C69D98, D53BBDAEB2F369D30B84D37AEBDA2DF8487820695BACB7C25C549E5A09DF6F7F
RiskWare.BitCoinMiner, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RMDNU8G.ZIP, No Action By User, 911, 400355, 1.0.40842, 288DA29FB843CB15EEB62F80, dds, 01258521, 269050A69E19AF0A129DF5221B113C51, A1F0EB22C3EA0EBF04733B56A1A7874DB1E9E57FAC3D63F9302F9F6342E061E5
RiskWare.BitCoinMiner, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RY07M2Y.ZIP, No Action By User, 911, 400355, 1.0.40842, 288DA29FB843CB15EEB62F80, dds, 01258521, EE1B7657F679CA2B06161117644733D4, 90DF3C74243A149158A17C4696E03195863AD6F057EF0161E1097FD0A0F9EF34
Virus.Neshta, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RPQ505N.EXE, No Action By User, 7558, 645219, 1.0.40842, FF46FB586B7D854EFD005754, dds, 01258521, 932DEA38BD24A027B961325302909286, DCFE3B9C50B3646462FE78212684CA916A9071C15B816091D166F5D25A59FB0B
Neshta.Virus.FileInfector.DDS, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RSS11MH.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, BB43714ACC5A22D0B82458361752D9D4, C8231C0B8736D64504C2CD5707620BB403923A2FFEC0069CC03A9D5E59D56B49
Neshta.Virus.FileInfector.DDS, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RFJTBNR.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 95CB12F2F1E02AB2C8913DCBBE70E348, 26AA7EF739B750B0E435DAE528EC72CF1DB755A363ECF545F16B6F8C7D73F80C
Virus.Neshta, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RU26Z2D.EXE, No Action By User, 7558, 645219, 1.0.40842, 288DA29FB843CB15EEB62F80, dds, 01258521, B2C71D321A4AC4C0B08B1BF92E99F88C, 89F82849D28293076005143E1444E76031110780CE468A1DE1396BEE0E1E00C7
Neshta.Virus.FileInfector.DDS, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RWNR8GJ.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 137FB10EE6E175123DCBDAC373412899, F3FCB9710A2682C60428351802650AFE000402441C4916C706A8D767B888FEF3
Virus.Neshta, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$ROQPV0K.EXE, No Action By User, 7558, 645219, 1.0.40842, FF46FB586B7D854EFD005754, dds, 01258521, 341AC0495FD6A237F8ABCD90149BD553, B056B43F21F0B8F7B555995E146D40127F30EA01C2062973B6F3530B1564F030
Neshta.Virus.FileInfector.DDS, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RSGOYJ5.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 6D5215E8C1DBF2A6C60320383C67F3DC, 67BF9C89CAEFCF4C194AA72BAB130C127BEF982506EA9C13D77AD40F680B35F1
Virus.Neshta, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RWF0OZ7.EXE, No Action By User, 7558, 645219, 1.0.40842, FF46FB586B7D854EFD005754, dds, 01258521, D64E651B2CF4B25719FD6B3262656B2E, 72BC828C81597D932F3814C4362F3169DE3AD40A204DFD57EFFCE53266C1FAF1
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\2RBN45DD.T3G\FEEDBACK.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 0F2D132C0C3F90B7741DC33D0D9FAF2D, 2261253818C8C6EFC6B5ADC87B6C7FF4382426BE0EBB720D7527EA1E8290117F
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\2RBN45DD.T3G\SETUP.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, E9146F754B0D4AB596A8E39F4BDF0417, 3EAC79DE8C5061D8F3221F1B8166450C6F424A64324C5DFAB7135B8FF4CA878F
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\342LZUZC.VGQ\FEEDBACK.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 0F2D132C0C3F90B7741DC33D0D9FAF2D, 2261253818C8C6EFC6B5ADC87B6C7FF4382426BE0EBB720D7527EA1E8290117F
Virus.Neshta, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\3FBNI1KT.KX3\VSWHERE.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 2868278BF33B8FE4A25C23014B3576C3, 08EE7079348E95B2A5157275CF5215136753B1C09DD9E660F4828F2035C5D55A
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\342LZUZC.VGQ\VS_INSTALLER.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 78DBCD3A52481C463694DBA63CD4B8A6, 2019F0CA094BC34CFE58E496CC198DF7AE36283F9BAA2109AA0F71CDE47000D5
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\342LZUZC.VGQ\VS_INSTALLERSHELL.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 6520C994B596357C99CB8F27F0C69D98, D53BBDAEB2F369D30B84D37AEBDA2DF8487820695BACB7C25C549E5A09DF6F7F
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\342LZUZC.VGQ\SETUP.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, E9146F754B0D4AB596A8E39F4BDF0417, 3EAC79DE8C5061D8F3221F1B8166450C6F424A64324C5DFAB7135B8FF4CA878F
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\3FBNI1KT.KX3\SETUP.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, E9146F754B0D4AB596A8E39F4BDF0417, 3EAC79DE8C5061D8F3221F1B8166450C6F424A64324C5DFAB7135B8FF4CA878F
Virus.Neshta, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\342LZUZC.VGQ\VSWHERE.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 2868278BF33B8FE4A25C23014B3576C3, 08EE7079348E95B2A5157275CF5215136753B1C09DD9E660F4828F2035C5D55A
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\3FBNI1KT.KX3\FEEDBACK.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 0F2D132C0C3F90B7741DC33D0D9FAF2D, 2261253818C8C6EFC6B5ADC87B6C7FF4382426BE0EBB720D7527EA1E8290117F
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\3FBNI1KT.KX3\VS_INSTALLER.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 78DBCD3A52481C463694DBA63CD4B8A6, 2019F0CA094BC34CFE58E496CC198DF7AE36283F9BAA2109AA0F71CDE47000D5
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\3FBNI1KT.KX3\VS_INSTALLERSHELL.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 6520C994B596357C99CB8F27F0C69D98, D53BBDAEB2F369D30B84D37AEBDA2DF8487820695BACB7C25C549E5A09DF6F7F
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\FJSC3PQW.3QV\SETUP.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, E9146F754B0D4AB596A8E39F4BDF0417, 3EAC79DE8C5061D8F3221F1B8166450C6F424A64324C5DFAB7135B8FF4CA878F
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\OWIPPJQH.HIW\SETUP.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, E9146F754B0D4AB596A8E39F4BDF0417, 3EAC79DE8C5061D8F3221F1B8166450C6F424A64324C5DFAB7135B8FF4CA878F
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\POJVLJWU.MSI\VS_INSTALLERSHELL.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 6520C994B596357C99CB8F27F0C69D98, D53BBDAEB2F369D30B84D37AEBDA2DF8487820695BACB7C25C549E5A09DF6F7F
Virus.Neshta, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\9BDAD914-BFD1-460A-9555-8D4F4B3DDDAE\DISMHOST.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 2A7B326AD4568A753969231949E9728F, 3E6504549007CDE143C65E141CABD4304D1DD02F1D011454E1CB88C1B84ACFA8
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\L3COYRY0.E4K\FEEDBACK.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 0F2D132C0C3F90B7741DC33D0D9FAF2D, 2261253818C8C6EFC6B5ADC87B6C7FF4382426BE0EBB720D7527EA1E8290117F
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\L3COYRY0.E4K\VS_INSTALLER.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 78DBCD3A52481C463694DBA63CD4B8A6, 2019F0CA094BC34CFE58E496CC198DF7AE36283F9BAA2109AA0F71CDE47000D5
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\L3COYRY0.E4K\VS_INSTALLERSHELL.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 6520C994B596357C99CB8F27F0C69D98, D53BBDAEB2F369D30B84D37AEBDA2DF8487820695BACB7C25C549E5A09DF6F7F
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\FJSC3PQW.3QV\FEEDBACK.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 0F2D132C0C3F90B7741DC33D0D9FAF2D, 2261253818C8C6EFC6B5ADC87B6C7FF4382426BE0EBB720D7527EA1E8290117F
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\FJSC3PQW.3QV\VS_INSTALLER.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 78DBCD3A52481C463694DBA63CD4B8A6, 2019F0CA094BC34CFE58E496CC198DF7AE36283F9BAA2109AA0F71CDE47000D5
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\FJSC3PQW.3QV\VS_INSTALLERSHELL.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 6520C994B596357C99CB8F27F0C69D98, D53BBDAEB2F369D30B84D37AEBDA2DF8487820695BACB7C25C549E5A09DF6F7F
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\POJVLJWU.MSI\FEEDBACK.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 0F2D132C0C3F90B7741DC33D0D9FAF2D, 2261253818C8C6EFC6B5ADC87B6C7FF4382426BE0EBB720D7527EA1E8290117F
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\OWIPPJQH.HIW\FEEDBACK.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 0F2D132C0C3F90B7741DC33D0D9FAF2D, 2261253818C8C6EFC6B5ADC87B6C7FF4382426BE0EBB720D7527EA1E8290117F
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\OWIPPJQH.HIW\VS_INSTALLER.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 78DBCD3A52481C463694DBA63CD4B8A6, 2019F0CA094BC34CFE58E496CC198DF7AE36283F9BAA2109AA0F71CDE47000D5
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\OWIPPJQH.HIW\VS_INSTALLERSHELL.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 6520C994B596357C99CB8F27F0C69D98, D53BBDAEB2F369D30B84D37AEBDA2DF8487820695BACB7C25C549E5A09DF6F7F
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\POJVLJWU.MSI\VS_INSTALLER.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 78DBCD3A52481C463694DBA63CD4B8A6, 2019F0CA094BC34CFE58E496CC198DF7AE36283F9BAA2109AA0F71CDE47000D5
Virus.Neshta, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\FJSC3PQW.3QV\VSWHERE.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 2868278BF33B8FE4A25C23014B3576C3, 08EE7079348E95B2A5157275CF5215136753B1C09DD9E660F4828F2035C5D55A
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\L3COYRY0.E4K\SETUP.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, E9146F754B0D4AB596A8E39F4BDF0417, 3EAC79DE8C5061D8F3221F1B8166450C6F424A64324C5DFAB7135B8FF4CA878F
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\POJVLJWU.MSI\SETUP.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, E9146F754B0D4AB596A8E39F4BDF0417, 3EAC79DE8C5061D8F3221F1B8166450C6F424A64324C5DFAB7135B8FF4CA878F
Virus.Neshta, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\OWIPPJQH.HIW\VSWHERE.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 2868278BF33B8FE4A25C23014B3576C3, 08EE7079348E95B2A5157275CF5215136753B1C09DD9E660F4828F2035C5D55A
Virus.Neshta, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\POJVLJWU.MSI\VSWHERE.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 2868278BF33B8FE4A25C23014B3576C3, 08EE7079348E95B2A5157275CF5215136753B1C09DD9E660F4828F2035C5D55A
Virus.Neshta, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RVOLU7X\CRACKME.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , F1A635A5C1C271E31F7997323FDED765, C7B8DEE93031394747653683747B1B71282F9E2DFC0D1DCD683ED8809CCAECF5
Neshta.Virus.FileInfector.DDS, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$R0CUD3W.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, F5CB4BA4F26B069CE278DB2080413578, 19D101376B85B8FB925A2CDF6E623EAF42FB6FA2BA27178393A8FCE579DEB9FB
Virus.Neshta, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$R5UKAIB.EXE, No Action By User, 7558, 645219, 1.0.40842, FF46FB586B7D854EFD005754, dds, 01258521, 8D5AD7E23DFB4A575167B644E2FD51B9, 544CB146C94148A081AB37811B6A692DD8987E329C02940F71EAA452FA6D82BC
Neshta.Virus.FileInfector.DDS, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RD36L9N.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 3718CB6D474A54B983CC849FDF49B1A0, 40B18F39C8DE38C03D2C8F391C06F8BC83046174F7D3C730029EE8E1967EC334
Virus.Neshta, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RF01RU5.EXE, No Action By User, 7558, 645219, 1.0.40842, FF46FB586B7D854EFD005754, dds, 01258521, C73DE21780B78FF32BDC908BDA7FB9B1, 5CBFAAC7A4620BE90151A7958683C93175934183ABD3A07893FF09219D6876F6
Neshta.Virus.FileInfector.DDS, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RQ4N8YS.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 517BC9A4C2226B816A45EA26EF4B77F7, 87EB8260A38CEB6E99120A0D04B55E77B3C172774D86EA29E8BB66F25AB8C2F0
Neshta.Virus.FileInfector.DDS, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RZ5NGM4.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 733C7612A2AB05A3D5D0802F4FDCB799, 636FFEF5025B788AE507025BE252FAC15404C188CABFF2F668B2F9655A541671
Virus.Neshta, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\XMLY5MS1.SRH\VSWHERE.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 2868278BF33B8FE4A25C23014B3576C3, 08EE7079348E95B2A5157275CF5215136753B1C09DD9E660F4828F2035C5D55A
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\2RBN45DD.T3G\VS_INSTALLER.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 78DBCD3A52481C463694DBA63CD4B8A6, 2019F0CA094BC34CFE58E496CC198DF7AE36283F9BAA2109AA0F71CDE47000D5
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\VS\SETUP\3B65BE0A-98E9-4C4D-82B0-4D609C7EC059\VS_SETUP_BOOTSTRAPPER.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 0AAB132899520B0CA94C87CF162B27DF, 571BF1835F009D7EF838A7503C47EE0A280E5419BC77C47D8C13E1530E134D7A
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\XMLY5MS1.SRH\SETUP.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, E9146F754B0D4AB596A8E39F4BDF0417, 3EAC79DE8C5061D8F3221F1B8166450C6F424A64324C5DFAB7135B8FF4CA878F
Virus.Neshta, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\L3COYRY0.E4K\VSWHERE.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 2868278BF33B8FE4A25C23014B3576C3, 08EE7079348E95B2A5157275CF5215136753B1C09DD9E660F4828F2035C5D55A
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\~NSU.TMP\UN_A.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, FB6ACDC35EC47695EB157F9C628B8D75, 0461CE12F4B8C47D1E58B0A9B5A2131BEC685941B74670309369838C08AC7FB7
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\FIVEM\FIVEM.APP\FIVEM_DIAG.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 2DFD4F0C13DF0B491E1A13E3E8270B42, 054C27399A8350DCA94000CB996AD5A9F2CFAEA03DD052AA27A3C5B1B15AF29B
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\LUNARCLIENT-UPDATER\PENDING\LUNAR CLIENT V2.7.1.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 6A1B872396740C187E7F8B7575F4D448, 1D721FFFADECB5DF9C2563ADE4092A33455E12F9D7A981102D76AC63A3443331
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\XMLY5MS1.SRH\FEEDBACK.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 0F2D132C0C3F90B7741DC33D0D9FAF2D, 2261253818C8C6EFC6B5ADC87B6C7FF4382426BE0EBB720D7527EA1E8290117F
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\XMLY5MS1.SRH\VS_INSTALLER.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 78DBCD3A52481C463694DBA63CD4B8A6, 2019F0CA094BC34CFE58E496CC198DF7AE36283F9BAA2109AA0F71CDE47000D5
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\XMLY5MS1.SRH\VS_INSTALLERSHELL.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 6520C994B596357C99CB8F27F0C69D98, D53BBDAEB2F369D30B84D37AEBDA2DF8487820695BACB7C25C549E5A09DF6F7F
Virus.Neshta, C:\PROGRAMDATA\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk, No Action By User, 7558, 645219, , , , , D27E68CB985F5912A13380D2E60505BE, 79BD563F558214505C308FAF5F485E7DB337C39F7BAD3AC8AE6DB034602C0B8D
Virus.Neshta, C:\USERS\ADMIN\APPDATA\ROAMING\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk, No Action By User, 7558, 645219, , , , , 130AEE597A093D56C42BFB4574ECD023, 710CB36A6C45BCAE34F7EAC4714932F194A8449EB849F866332B40147A98E7FC
Virus.Neshta, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk, No Action By User, 7558, 645219, , , , , DB2C25C9B03AF48F589CD32FD780162D, 32ABA334B1EECF5EBCB45EDCAB6DB75D78C8A0CE966A40809CDA90321887A6ED
Virus.Neshta, C:\PROGRAM FILES (X86)\MICROSOFT\EDGE\APPLICATION\MSEDGE.EXE, No Action By User, 7558, 645219, 1.0.40842, , ame, , 88BEC53E56A6B3121E0574D1C663D067, C6FBFEEEE15A2FE7302A80FD5E679CEC3212F4EB1A92EF14DD7F19A19A107299
Neshta.Virus.FileInfector.DDS, C:\$RECYCLE.BIN\S-1-5-21-2482991623-1771563531-3408294001-1001\$RHVX3MU.lnk, No Action By User, 1000002, 0, , , , , D116177357355D64F617738B294902CB, BDA4D912277FAFB8213D7444751AB4FA4B92B48B8097DE7CAAAB29BFD6328F73
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\ROBLOX\VERSIONS\VERSION-932729819B6548C6\ROBLOXSTUDIOLAUNCHERBETA.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, C156EF020F2E7BC71A6DD3DDC700F6C5, 756893474C539BDDA60A45482CAACB8A74AAFB65678ABA086EC6A043CA9A0F5A
Neshta.Virus.FileInfector.DDS, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\CITIZENFX_UNINSTALL_1620601178.EXE, No Action By User, 1000002, 0, 1.0.40842, CA2A8B373817FCFDAE6E0F68, dds, 01258521, 137FB10EE6E175123DCBDAC373412899, F3FCB9710A2682C60428351802650AFE000402441C4916C706A8D767B888FEF3

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Step 2 results:

Spoiler

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-05-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    05-23-2021
# Duration: 00:00:25
# OS:       Windows 10 Pro
# Scanned:  31977
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

 

 

screenshots:

 

 

Capture2.PNG

Capture3.PNG

Link to post
Share on other sites

  • Root Admin

This is an actual file infector virus. We can stop and remove it but the damage done is extensive.

It would really be best for you to backup your personal documents. Then format the drive and reinstall Windows from scratch

Please download and run the following AVG Neshta Fix tool and run it

https://download.avg.com/filedir/util/avgrem/avg_remover_neshta.exe

 

(info from Emsisoft)

Virus.Win32.Neshta.a is a Windows platform virus. Once inside a system, Virus.Win32.Neshta.a will infect targeted executable files with its own body and cause the system to deteriorate in performance. Virus.Win32.Neshta.a is able to give remote attackers access to a system and the private information stored on it. Virus.Win32.Neshta.a may also modify the security settings and Windows registry when inside a computer.

If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected, clean computer/device you should immediately change all account password information (including those used for banking, email, eBay, PayPal, online forums, etc). Consider these accounts already compromised. Make sure that you never share the same password on more than one site. Use a password manager.

Password Managers Compared: LastPass vs KeePass vs Dashlane vs 1Password

 

 

Greg Carmack - MVP 2010-2020 -Clean Install Windows 10
https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/clean-install-windows-10/1c426bdf-79b1-4d42-be93-17378d93e587

Great article on installing Windows 10 cleanly. I don't agree with him about using an online Microsoft account but that's my personal preference. You can see below on how to create a local account if wanted.

 

How to Create a Local Account While Setting Up Windows 10
https://www.howtogeek.com/442792/how-to-create-a-local-account-while-setting-up-windows-10/

 

 

 

How to set up Windows 10 with a local account
https://www.windowscentral.com/how-set-windows-10-local-account

How to Clean Install Windows 10
https://www.tenforums.com/tutorials/1950-clean-install-windows-10-a.html

How to do a Clean Install of Windows 10 the Easy Way
https://www.howtogeek.com/224342/how-to-clean-install-windows-10/

How to do a clean installation of Windows 10
https://www.windowscentral.com/how-do-clean-installation-windows-10

How to install Windows 10 from DVD, USB, or ISO file
https://www.digitalcitizen.life/how-install-windows-10/

How to Custom Install Windows 10
https://www.tenforums.com/tutorials/120352-custom-install-windows-10-a.html

Edited by AdvancedSetup
updated information
  • Like 1
Link to post
Share on other sites

thanks for helping me out but I have a feeling the virus will come back in a few months as it usually does.

 

I have re installed a copy of windows 10 and im downloading malwarebytes, I have been using a password manager so I think my logins should be safe, I think I should also run the avg neshta remover incase?

Link to post
Share on other sites

  • Root Admin

If you followed the advice to do a CLEAN fresh install as posted by Greg Carmack then there is no reason to believe it will return.

Have you done a clean fresh install of Windows 10?

No, if this is a fresh install of Windows 10 then there is zero chance of Neshta being on the system unless you used an infected USB thumb disk. But even that should have been formatted to remove any infection if it were there.

 

Let me get some logs to see where you're at

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

  • Like 1
Link to post
Share on other sites

  • Root Admin

And there is why you keep getting infected.

It really isn't all that difficult. See if you have a friend that can help you do this or see if you can take the computer to a local repair shop and ask them to do a CLEAN install of Windows 10 by  removing ALL partitions.

 

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.