Aliases: Win32.Neshta.a, W32.Neshuta
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Dormant
Spreading: Slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 27 Dec 2005
Damage: Low

Characteristics: W32.Neshuta is a virus known to infect “.exe” and “.com” files. Once executed, it will create files named as “svchost.com” on windows directory folders. It also creates a mutex so that it maintains that only one copy of the virus runs on the compromised computer. The worm then spreads by copying itself with the hidden and system attributes. This fills up your computer with garbage, which are malicious, damaging and are not important to your computer. As it reproduces, it takes up space. The space becomes unusable while the memory space is lessened.

More details about W32.Neshuta

This worm changes the boot sector and this could result in the inability of the computer to run. All platforms of windows are vulnerable to this worm, may it be Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows XP. There are several ways to remove the file from the computer. One is to kill the system processes. The other is to delete registry values and or .exe files. To kill the processes, you may need to go to Windows Task Manager and click “Processes”. This process will open the Windows Task Manager. Check all the list of files actively running and find all the .exe files. Right click on the file and choose “end process.” A box will appear and you need to choose yes.

The W32.Neshuta program can change a computer’s settings, resulting to slow connection speeds, different default pages, and loss of various Internet and other programs. Such programs collect multiple types of personal information, like Internet surfing habits, array of sites that have been visited, and can also obstruct with the user manipulation of computer in previous ways, for instance installing additional software, forwarding net browser activities, accessing websites blindly causing more harmful viruses, and diverting advertising revenue to a several third party servers.