Jump to content

Free scan detected Neshta File Infector in OP.GG

beanbunny

By beanbunny
in File Detections

 Share

Recommended Posts

beanbunny

beanbunny

Posted
Posted

Just ran a free malwarebytes scan on my PC for the first time in a few months and it detected 'Neshta.Virus.FileInfector.DDS' in my downloads folder, in OP.GG+Setup+1.0.33.exe

I downloaded and installed OP.GG over a year ago and have not ran it in about a year.

I immediately quarantined the file after it was detected by malwarebytes.

I haven't downloaded any sketchy software so I don't know where this has come from and I haven't even used OP.GG in a long time. My PC runs fine, no signs of any malware and not slow at all.

Additionally, here is the hash provided in the scan report:

07FCFB98343F311E0944B59E8BBEF20E56BF00A3FA28368317B5580D8B79932D

Here is the virustotal entry for this hash: https://www.virustotal.com/gui/file/07fcfb98343f311e0944b59e8bbef20e56bf00a3fa28368317b5580d8b79932d

I have done some of my own research and looking at the 'symptoms' of Neshta (provided on the nordvpn and malwarebytes website), my PC does not have any of those.

- svchost.com is not present in Task Manager or C:\Windows\

- could not locate any files named directx.sys or tmp503.tmp on my system

- my PC seems to run fine, can access everything

- perhaps most importantly, I have checked the value of the registry key on my system for HKEY_CLASSES_ROOT exefile shell open command, and it has not been altered (malwarebytes says that Neshta will alter it to “%SystemRoot%svchost.com “%1″ %*”)

Malwarebytes now scans with 0 detections.

Am I safe? Or could this even be a false positive? If anyone needs more details in order to make a more accurate diagnostic, please let me know. Thanks for any replies!

Link to post
Share on other sites
beanbunny

beanbunny

Posted
  • Author
Posted

I am not sure if it is a false positive or not - it was flagged as malware and that is what I am assuming it to be (jumping to conclusions would be to say it is a false positive).

One thing I am confused about is: If it is in fact malware, then it must have been infected by Neshta somehow - and if the OP.GG file itself is safe, then where did Neshta come from and how did it end up on my PC?

I posted here so that users with expert knowledge could help me determine whether it really is malware and what I can do about it, potentially identifying the root cause.

Thanks :)

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
1 minute ago, beanbunny said:

How can you confirm and how did you conclude that it is a false positive?

The staff member confirmed it. The new scan can now scan larger files but that is leading to some FP's just like the one you had with the same scary name.

 

 

  • Thanks 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.